Security overview.
This overview describes the administrative, technical, and physical safeguards Aculeus uses to protect customer content and to keep the workbench available, auditable, and trustworthy. For specific contractual commitments, refer to your order form and data processing addendum.
Four commitments this page is built to back, each pullable: , , , and .
Jump to section
- 01Security principles
- 02Encryption
- 03Authentication and access control
- 04Compliance and frameworks
- 05Infrastructure security
- 06Application security
- 07Data isolation and tenancy
- 08Backups and disaster recovery
- 09Logging and monitoring
- 10Incident response
- 11Sub-processors
- 12Personnel and access governance
- 13Vulnerability reporting and responsible disclosure
Security principles¶
Aculeus operates against four standing principles. Each is a property the workbench is built to hold, not a posture it claims after the fact.
PostureOperatingTenant isolation by design.
Customer content lives in logically isolated tenants; isolation is enforced on every read and write, so no cross-tenant access is possible through the application.
Least privilege everywhere.
Production access is restricted to a small group of named engineers, gated behind hardware-key multi-factor authentication, and granted just-in-time through audited tooling.
Auditable by default.
Configuration changes, access-control decisions, and administrative actions are recorded to an append-only audit log. Tenant administrators can export their organization’s audit log on demand.
Reproducibility as a security property.
Every reading produced by the workbench can be re-derived from the source set it was built on. Tampering or undetected drift is observable.
Encryption¶
Data in transit between users, the Service, and sub-processors is encrypted using TLS 1.2 or higher with modern cipher suites. We enforce HSTS on aculeus.ai and the workbench and reject insecure connections.
Data at rest in our primary data stores and object storage is encrypted using AES-256 with keys managed in a hardened key-management service. Backups inherit the same encryption and are rotated on a fixed schedule.
Customer-managed encryption keys (CMEK) are on the roadmap and available on request for enterprise tenants under early access.
Authentication and access control¶
Aculeus supports SAML 2.0 and OpenID Connect for organizational sign-in. SCIM-based user provisioning and de-provisioning is on the roadmap for enterprise plans.
MFA is required for Aculeus administrators and strongly recommended for all workbench users. Tenant-wide MFA enforcement is on the roadmap and available on request for enterprise tenants.
Workbench permissions are governed by roles (viewer, operator, administrator). Workspace-scoped access controls restrict every record to its tenant. Roles and assignments are auditable.
Sessions are bound to TLS contexts and revoked on logout and password change; access is re-evaluated on every request, so a change to a member's role or access takes effect immediately. Idle and maximum session lifetimes are configurable per tenant.
Compliance and frameworks¶
- SOC 2 Type II
- Aculeus is pursuing SOC 2 Type II, covering the Security, Availability, and Confidentiality Trust Service Criteria. A bridge letter and full report will be made available to customers and prospects under NDA when the report is issued.
- GDPR · UK GDPR
- Aculeus offers a standard Data Processing Addendum incorporating the EU Standard Contractual Clauses and the UK International Data Transfer Addendum. Regional data-residency arrangements are available on request under that DPA.
- CCPA · CPRA
- Aculeus acts as a service provider under California law for customer-controlled workbench content and supports verifiable consumer requests routed through tenant administrators.
- ISO 27001, HIPAA, FedRAMP. Evaluated based on customer demand and not currently in scope. Contact us before relying on Aculeus for use cases that require frameworks not listed above.
Infrastructure security¶
Aculeus runs on hardened public-cloud infrastructure across multiple availability zones.
Production environments are logically segregated from non-production environments and from corporate systems. Network access between services is restricted by service-account identity and least-privilege IAM policy.
Operating-system images are hardened, patched on a regular cadence, and rebuilt from base images rather than mutated in place. Production hosts run only the services they are designated for; administrative shell access is rare and audited.
Configuration drift is detected by continuous control monitoring. Infrastructure changes go through code review and CI pipelines and are recorded in an immutable change log.
Application security¶
Every change moves through a secure-software-development lifecycle before it ships.
- 01Threat modeling
- 02Static analysis
- 03Dependency scanning
- 04Security code review
- 05Security-path tests
Threat modeling at design time, static analysis on every commit, dependency vulnerability scanning, security-focused code review, and automated tests over security-relevant paths. Secrets are managed exclusively through a dedicated secret store; secrets are never committed to source control.
Independent penetration testing of the workbench and supporting infrastructure is part of our security program. As assessments are completed, reports are made available to customers under NDA and findings are tracked to remediation on a severity basis.
We run a coordinated disclosure program for external researchers (see “Vulnerability reporting” below).
Data isolation and tenancy¶
Each Aculeus customer is provisioned into a logical tenant, and every workbench request is checked against it at three layers before it can touch data.
- 01Application layer
- 02Data layer
- 03Storage layer
A tenant identifier is verified at each of these layers; cross-tenant queries are not constructible through the public API. For customers requiring stronger isolation (regulated industries, sovereign-data requirements), Aculeus offers single-tenant deployments under negotiated terms.
Backups and disaster recovery¶
Production data stores are backed up continuously to encrypted, geographically separated storage. Backups are tested for restorability periodically. Our standard recovery objectives are a recovery point objective (RPO) of one (1) hour and a recovery time objective (RTO) of four (4) hours for the workbench application; specific commitments to your tenant may be set out in your order form.
Logging and monitoring¶
Application, infrastructure, and access logs are centralized in an immutable, write-only store and retained for at least thirteen (13) months. Logs are monitored continuously and tied into our incident-response pipeline.
- Failed authentication patterns
- Privilege escalation
- Unusual data access
- Infrastructure drift
Tenant administrators can export the audit log for their organization on demand. Programmatic delivery into a customer SIEM (streaming webhook or scheduled export) is on the roadmap for enterprise plans.
Incident response¶
Aculeus maintains a written incident-response plan with named roles, escalation paths, communication templates, and post-incident review requirements. The plan is reviewed and exercised periodically.
We notify affected customers of a confirmed security incident affecting their data without undue delay — and in any event within seventy-two hours of confirmation, in line with our standard DPA.
Post-incident, we publish a written review to affected customers describing root cause, scope, and remediation.
Sub-processors¶
Aculeus uses third-party sub-processors for cloud infrastructure, email delivery, monitoring, and customer support tooling, and the AI and research providers that process content to produce readings. Each sub-processor is engaged under a written contract that imposes confidentiality, security, and processing restrictions consistent with applicable data-protection law and the Aculeus DPA.
| # | Category | Function |
|---|---|---|
| 01 | Cloud infrastructure | Hosting infrastructure |
| 02 | Email delivery | Email delivery |
| 03 | Monitoring | Performance monitoring |
| 04 | Customer support | Support tooling |
| 05 | AI & research providers | Process content to produce readings |
The current named sub-processor list, the function each performs, and the regions in which each operates are published and kept current. Customers on enterprise plans are notified at least thirty (30) days before a new sub-processor is added and may object as set out in the DPA.
Personnel and access governance¶
Aculeus personnel are subject to background checks where permitted by law, complete privacy and security training, and sign confidentiality obligations as a condition of employment.
Production access is the most tightly held privilege at Aculeus.
- Granted
- Just-in-time
- Authenticated
- Hardware-key MFA
- Recorded
- Fully audited
- Revoked
- On role change
Access to production systems and customer content is restricted to a small group of named engineers with documented business need: granted just-in-time, requiring hardware-key MFA, fully audited, and revoked promptly on role change or departure.
Vulnerability reporting and responsible disclosure¶
We welcome reports of suspected vulnerabilities. Where possible, encrypt sensitive details using our PGP key (published on request).
Or copysecurity@aculeus.ai— the link above opens your mail app.
Send a clear description, reproduction steps, and any supporting material.
To encrypt, request our PGP key at security@aculeus.ai.
We commit to acknowledging good-faith reports within one (1) business day and triaging within five (5) business days. We do not pursue legal action against researchers who follow coordinated disclosure, avoid privacy violations and service disruption, and refrain from publishing details until we have had a reasonable opportunity to remediate.
This overview describes Aculeus's current security posture. It is informational and does not modify any contractual commitment in an order form or data processing addendum, which take precedence in the event of conflict.