Abacus.AI Security Policy

We have implemented comprehensive information security controls across every aspect of our product life cycles. These security controls were developed and implemented with the singular goal of safeguarding our customers’ data using best-in-class industry frameworks and practices.

For a complete documentation on our Secure Deployment Options and Information Security And Compliance Paper, please refer to the links below:

Secure Deployment Options
Information Security And Compliance Paper

The highlights of our security program are given below:

Administrative & Organizational controls

Data Governance & Handling Policies

Comprehensive data classification, access policies are in place to ensure that customer data is only accessed on a need-to-know basis governed by a principle of least privileged access. Abacus.AI’s customers continue to own the data they use on the product to build models and only provide temporary read-only access to the data. Abacus.AI will only process the data to fulfill our contractual obligations and not for any other purpose such as scanning for advertisements or selling to third parties. we do not scan it for advertisements nor sell it to third parties.

Employee Training

All employees undergo comprehensive background screening and security training before working on our products. Additionally, there is annual re-certification of all security training.

Infrastructure & Operational controls

Access Control & Two-Factor Authentication

Comprehensive Role based access controls have been implemented across the entire network stack starting from internal IT systems to production infrastructure governed by the principle of least privilege. Two-Factor authentication has been deployed across all the infrastructure.


End-to-End encryption of data in transit and rest have been implemented. Strong encryption is used to isolate customers' data and compute environments.

Network Infrastructure

Multi-tiered network topology has been implemented to reduce surface area of exposure. Network Access Control Lists and firewalls limit network traffic between the network layers.

Operational Monitoring & Alerting

Comprehensive operational monitoring and alerting have been implemented for early detection of anomalies and remediation.

Standards & Regulatory Compliance

Regulatory Compliance

Our systems are fully compliant with all applicable local laws such as GDPR in the European Union and CCPA in California, USA.

Standards Compliance

Our systems are compliant with the highest standards per CSI and PCI DSS.


AICPA image

For further inquiries regarding our security policy, please contact us at or at our mail address:

1099 Folsom Street
San Francisco, CA 94103

Copyright © 2022 Abacus.AI. All Rights Reserved