ACAI
ProductEvidenceDocsPricing
ACAI

Continuous compliance for AI. Every call scanned, classified, audit-logged, and evidence-ready.

Product

  • AI Layer
  • Sample Reports
  • Pricing
  • Documentation
  • Quickstart
  • Start Free

Company

  • About
  • Talk to an Engineer
  • Security
  • Support

Legal

  • Privacy Policy
  • Terms of Service
Service-Disabled Veteran-Owned Small Business
© 2026 Agile Cloud & AI LLC. All rights reserved.
Security Practices

How We Protect Your Data

ACAI runs on Azure with defense-in-depth security. Every layer — from network to application — is built for regulated workloads in healthcare and fintech.

Encryption Everywhere

  • TLS 1.2+ on all API endpoints and internal services
  • AES-256-GCM encryption for stored API keys and secrets
  • Azure Key Vault with RBAC, soft delete, and purge protection
  • No shared keys — all storage access via managed identities

Infrastructure Isolation

  • Azure Kubernetes Service (AKS) with Azure CNI and network policies
  • Entra ID authentication only — local AKS accounts disabled
  • Automatic security patching on stable upgrade channel
  • Separate subscriptions for operations and production workloads

PII Detection & Redaction

  • 14+ regex patterns for SSN, credit cards, MRN, DOB, and more
  • Optional Azure AI Language NER for 20 entity categories
  • Three modes: detect-only, redact-from-logs, or redact-all
  • PII scanning runs before data reaches the inference model

Tamper-Proof Audit Trail

  • Every API request logged with classification, PII findings, and correlation ID
  • Immutable audit records in PostgreSQL with blob storage backup
  • Configurable retention: 7 days (Free) to unlimited (Enterprise)
  • Legal hold support for regulatory investigations

Access Control

  • Bearer token authentication on all API endpoints
  • Per-key data classification floors prevent accidental downgrading
  • Per-key rate limits and cost guardrails
  • Role-based access in the dashboard via Entra External ID

Content Safety & Prompt Injection

  • 4-layer prompt injection detection pipeline
  • Content safety scoring for hate, violence, self-harm, and sexual content
  • Configurable block/warn thresholds per compliance policy
  • All safety decisions logged to the audit trail

Compliance Evidence Generation

ACAI generates compliance evidence — it does not certify compliance. You use our reports as artifacts in your own audit process.

Download Sample HIPAA Evidence Pack
HIPAA →

Evidence export

SOC 2 →

Evidence export

PCI DSS →

Evidence export

GDPR →

Evidence export

CCPA

Evidence export

NIST 800-53

Evidence export

FERPA

Evidence export

Questions About Security?

We're happy to walk through our architecture. Reach out directly or request our security questionnaire responses.

Sign Up FreeTalk to an Engineersecurity@agilecloud.ai