Security

Built for firms that handle
sensitive financial data.

AES-256 encryption, PKI document signatures, 100+ RBAC nodes, immutable audit trails, and optional on-premise deployment.

Request Access
AES-256
Encryption standard
100+
RBAC permission nodes
TLS 1.3
Transport security
100%
Actions audit-logged
AES-256 Encryption

Data encrypted at rest with AES-256-GCM. TLS 1.3 in transit. Envelope encryption with a two-layer KEK/DEK hierarchy. Keys managed in Azure Key Vault with HSM-backed protection. No key is ever stored alongside the data it protects.

AES-256-GCM at rest
TLS 1.3 in transit
KEK/DEK envelope encryption
HSM-backed Azure Key Vault
Zero-knowledge key storage
PKI Document Signatures

Every document processed through Accute receives an RSA-SHA256 cryptographic signature. Tamper detection is real-time. Signed documents are legally binding under eIDAS (EU), eSign Act (US), and IT Act 2000 (India).

RSA-SHA256 per-document signatures
Real-time tamper detection
eIDAS, eSign Act, IT Act 2000 compliance
Signature audit chain exportable
Certificate pinning for API clients
Multi-Tenant RBAC

Over 100 granular permission nodes covering every workflow action, document operation, client record, and administrative function. Role hierarchy with platform-level and tenant-level separation. Teams and scope modifiers for cross-entity access.

100+ permission nodes
Custom roles with inheritance
Platform vs tenant role separation
Teams with shared scope
Scope modifiers for cross-entity access
Full Audit Trail

Every action — user login, document upload, workflow step, approval decision, permission change — is logged with user identity, IP address, device fingerprint, and millisecond timestamp. HMAC-sealed, hash-chained. Immutable.

Every action logged with user + IP + timestamp
HMAC-sealed log entries
Hash-chained audit chain
Immutable — no admin can delete
Exportable CSV and JSON for compliance
Identity and Authentication

JWT-based session tokens with short expiry and refresh rotation. bcrypt password hashing with configurable cost. MFA via TOTP (AI Standard and above). SAML 2.0 and OIDC SSO on AI Standard and above. CAC-level admin is completely isolated from the customer-facing identity plane.

JWT + refresh token rotation
bcrypt password hashing
TOTP-based MFA (AI Standard+)
SAML 2.0 + OIDC SSO (AI Standard+)
Control-plane isolation
Data Isolation

Strict multi-tenant isolation at the database row level. Every query is scoped to the authenticated firm. No shared connection pools between tenants. Schema-level separation where applicable. AI agents operate in isolated execution contexts.

Row-level tenant isolation
Firm-scoped query enforcement
No cross-tenant connection pooling
Agent execution in isolated contexts
Separate credential vaults per firm
On-Premise Deployment

AI Enterprise customers can run Accute entirely on their own infrastructure. Bring your own Kubernetes cluster, database, and object storage. All AI agents run as local Docker containers with no external egress required. Air-gap compatible.

Kubernetes-native deployment manifests
Bring-your-own database (PostgreSQL)
Local Docker containers for all AI agents
No mandatory external egress
Air-gap mode for regulated industries
Compliance Readiness

Accute is being built toward SOC 2 Type II certification. GDPR and CCPA controls are built into the platform layer — data subject access requests, consent logging, retention policies, and right-to-erasure workflows. Regional data residency on AI Enterprise.

SOC 2 Type II roadmap
GDPR + CCPA controls built-in
Data subject access request workflows
Consent logging and audit
Regional data residency on AI Enterprise
AI Agent
Sentinel

Sentinel monitors all platform activity in real time. It flags anomalous login patterns, unusual data export volumes, and privilege escalation attempts before they become incidents.

Available on AI Standard and above
AI Agent
Guardian

Guardian runs inside on-premise deployments. It enforces data perimeter policies, detects exfiltration attempts, and maintains an air-gap-compliant log that never leaves the customer network.

Available on AI Enterprise (on-premise)

Security review available

Need a detailed security architecture review before onboarding? Request access and ask for our security pack.

Request Access