Our Responsible AI Principles

At Squid AI, we believe responsible AI starts with responsible business practices. As a SOC 2 Type II and ISO 27001 certified organization, we apply the same rigorous standards of security, privacy, and risk management to our AI systems that we do to all aspects of our business.

We build security into our products and infrastructure from the ground up

Security starts at design in everything we build. As a SOC 2 Type II and ISO 27001 certified organization, we embrace zero trust and defense in-depth approaches to guide our overall security program. Our AI agents operate within our certified information security management system and undergo the same strict controls as all our systems.

Security features

  • Enterprise-grade security controls, encryption, and access management
  • Layered security controls across endpoints, infrastructure, networks, and applications
  • Zero trust architecture with defense in-depth security design
  • Integration with existing data governance and privacy controls
  • Compliance with regional data protection regulations

Quality assurance processes

  • Automated validation of AI agent responses, SQL queries, and data extractions
  • Regular accuracy assessments for data processing workflows
  • Multi-layered error detection and correction mechanisms
  • Continuous benchmarking against established accuracy metrics

Risk management capabilities

  • Continuous risk assessment as part of our ISO 27001 ISMS
  • Regular security reviews of AI system components and dependencies
  • Comprehensive third-party risk management for AI service providers
  • Proactive threat monitoring and incident prevention protocols

We protect your data with thorough testing and continuous monitoring

Our security team maintains continuous oversight of all AI agent activities through centralized logging and monitoring as part of our SOC 2 compliance. We actively monitor agent performance and accuracy with dedicated procedures for identifying and addressing potential AI-related issues.

Monitoring and oversight

  • Central audit trail with all AI agent activities logged and monitored
  • Version control for all changes to agent configurations
  • Comprehensive documentation of agent operations and capabilities
  • Advanced guardrails including custom policy support
  • Automated alerting

We adhere to industry standards and regulatory compliance requirements

Squid AI's responsible AI practices support your compliance with major regulatory frameworks and align with established industry standards. Our comprehensive approach ensures you can meet your compliance obligations while leveraging the power of AI agents.

Compliance frameworks

  • NIST AI Risk Management Framework (AI RMF): Applied throughout our AI system lifecycle
  • EU Artificial Intelligence Act: Our use cases qualify us as a “deployer” rather than a “provider” which falls into the “limited risk” category. We continuously assess compliance requirements for our use cases.
  • ISO 27001: Information security management covering all AI systems and processes
  • Data Protection, Industry Standards, and Sovereignty Laws: Full compliance with regional privacy regulations and sector-specific requirements

Your data is your data and never used to train models

By default, we do not use business data from our AI agents whether they’re inputs or outputs for training or improving models. Our agents utilize publicly available foundation models that are trained on publicly available knowledge, and we use enterprise and API versions that contractually cannot use your proprietary business information for model training.

Key commitments

  • You retain complete ownership and control over all data processed through Squid AI
  • We never use your data to improve underlying AI models without explicit opt-in consent
  • Configurable data retention periods to meet your compliance requirements
  • Complete data deletion available upon request with 30-day processing timelines
  • Zero data retention policies available for qualifying organizations

Your data is encrypted at rest and in transit

Whether you're sending inputs or receiving outputs from our AI agents, your business data remains protected from unauthorized access through enterprise-grade security controls. We use strong, industry-standard cryptography to protect your data.

Security features

  • AES-256 encryption at rest and TLS 1.2+ in transit
  • Zero knowledge architecture with data remaining in your designated boundaries
  • Complete isolation between customer environments
  • No cross-contamination between datasets
  • Optional on-premises deployment for maximum data sovereignty

We provide comprehensive explainability and traceability for every AI interaction

Every AI agent interaction provides complete transparency into how decisions are made and what data sources are used. Our agents deliver clear source attribution and step-by-step reasoning chains that break down how conclusions were reached.

Transparency capabilities

  • Source Attribution: Clear identification of data sources used in analysis
  • Reasoning Chains: Step-by-step breakdown of how conclusions were reached
  • Confidence Indicators: Quality scores for outputs and recommendations
  • Alternative Perspectives: Multiple viewpoints or solutions when applicable
  • Configurable Detail Levels: From summary mode to full audit trails
  • Custom Explanations: Tailored based on user expertise and requirements

We offer flexible integration options for your workflows

Our AI agents can be configured to match your preferred operational approach, whether you need collaborative workflows with human oversight or fully autonomous operation with intelligent safeguards

Human-in-the-Loop (HITL) Options

  • Collaborative Mode: AI recommendations with human approval gates
  • Review Workflows: Automated flagging of outputs requiring validation
  • Expert Integration: Subject matter expert review processes
  • Iterative Refinement: Human feedback loops for continuous improvement

Autonomous Operation Safeguards

  • Confidence Thresholds: Automatic iteration review with escalation when certainty is low
  • Boundary Monitoring: Real-time detection of operations outside parameters
  • Audit Alerts: Proactive notifications for unusual patterns
  • Rollback Capabilities: Quick reversal of automated actions when needed

Our commitment to continuous improvement

Our responsible AI practices evolve through ongoing assessment and improvement processes. We maintain active engagement with the broader AI community and regularly update our practices based on emerging best practices and regulatory requirements.

Improvement processes

  • Regular internal audits and third-party assessments of our AI governance framework
  • Customer feedback integration and incident analysis for continuous learning
  • Active monitoring of industry best practices and emerging regulatory requirements
  • Ongoing training and awareness programs for all staff working with AI systems
  • Participation in responsible AI research and open-source safety tool development

For specific questions about our AI governance practices, compliance documentation, or to report concerns about our AI systems, please contact our security team at support@getsquid.ai.