ACAI enforces GDPR principles at the API layer. Personal data is detected and redacted by default, processing activities are logged immutably, and you get evidence mapping to Articles 5, 25, 30, 32, and 35.
Built for companies processing EU personal data through AI models.
Every API request generates evidence mapped to these controls automatically.
PII detection enabled by default. TLS 1.2+ on all endpoints. Audit log redaction available.
PII redaction applied by default. Content safety active. Prompt injection detection on every request.
Complete processing log: user ID, model, timestamp, token counts, classification level. Dual PG+Blob sinks.
Bearer token auth. Content safety blocks. Encryption at rest and in transit. Managed identities (no shared keys).
Compliance scoring, data classification enforcement, and audit data exports provide DPIA supporting evidence.
PII detection and redaction run on every request. Personal data never reaches the model unless you explicitly allow it.
Every API call logged with purpose, data subject category (via classification), and processing basis evidence.
One-click GDPR evidence report mapping your API usage to Articles 5–35. Supporting material for DPIAs and audits.
One API key. One BAA. GDPR evidence your auditor will accept.