Security by Design

ACQI was built for environments where security isn't optional. Our desktop-first architecture means your data never leaves your network.

Your Data Stays Yours

Unlike cloud-based alternatives, ACQI runs entirely on your infrastructure. We never see your Active Directory, Azure resources, or any other discovery data. This isn't just a feature - it's fundamental to our architecture.

Security Features

Desktop-First Architecture

ACQI runs entirely on your infrastructure. Discovery data never leaves your network or touches our servers.

No Cloud Dependencies

Core discovery functions work offline. No internet connection required for scanning your environment.

Encrypted Credentials

All stored credentials are encrypted using Windows DPAPI with machine-level protection.

Least Privilege

Discovery modules request only the permissions required. Read-only access for most operations.

Audit Logging

Complete audit trail of all discovery operations, credential usage, and user actions.

Signed Binaries

All executables and PowerShell modules are digitally signed for authenticity verification.

Compliance & Certifications

SOC 2 Type II

In Progress

ISO 27001

Planned 2025

GDPR Compliant

Compliant

HIPAA Ready

Architecture Ready

Security FAQ

Does ACQI send my discovery data to the cloud?

No. ACQI is a desktop application that runs entirely on your infrastructure. Discovery data is stored locally on your network. We never see, transmit, or store your organization's data.

What credentials does ACQI require?

ACQI uses your existing administrative credentials to connect to systems. Credentials are encrypted locally using Windows DPAPI and are never transmitted externally. You can use service accounts with read-only permissions for most discovery operations.

Can ACQI operate in air-gapped environments?

Yes. Core discovery functionality works completely offline. Only optional features like license validation require internet connectivity, and these can be configured for offline operation.

How do you handle vulnerability disclosure?

We maintain a responsible disclosure program. Security researchers can report vulnerabilities to security@acqi.ai. We aim to acknowledge reports within 24 hours and provide fixes for critical issues within 72 hours.

Is ACQI suitable for regulated industries?

Yes. ACQI's desktop-first architecture is designed for regulated environments. The software has been deployed in financial services, healthcare, and government organizations with strict data residency requirements.

Security Questions?

Our security team is available to answer questions, provide documentation, or discuss your specific compliance requirements.

Contact Security Team Request Security Assessment