Aquasight Trust Center

Security and trust aren't afterthoughts — they're built into how we operate. Water and wastewater systems are critical infrastructure. We treat your data accordingly.

Security & Compliance

Security&Compliance-1
Aquasight is currently undergoing a SOC 2 Type II audit with Insight Assurance, with expected completion in Q2 2026. In the interim, we can provide the engagement letter or support a security questionnaire.
 

Data Handling & Residency

All customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Data is hosted on AWS within the United States. We do not transfer data outside the US unless explicitly agreed upon in writing.

Data Handling

AI & Model Training

AI&ModelTraining
Customer data is never used to train models serving other customers. All data and Machine Learning (not LLMs) training is performed exclusively on the respective customer’s own data, and only with an explicit contract.
We do not use customer data for benchmarking, aggregation, or any cross-customer purpose without prior written authorization. Aquasight's use of LLMs and its Interactions are not used for shared or public AI model training.

Access Control & Authentication

Aquasight enforces strong access control and authentication measures to protect customer data and systems. All administrative access to production environments requires multi-factor authentication (MFA), and we support Single Sign-On (SSO) integration with leading identity providers for secure and seamless user access. Role-based access control (RBAC) ensures that users are granted only the permissions necessary for their responsibilities, following the principle of least privilege.

Access rights are reviewed regularly to maintain alignment with current roles, and all credentials are managed securely with industry best practices for encryption, storage, and rotation. These controls are designed to safeguard critical infrastructure and uphold the trust our customers place in us.

Authentication

Incident Response & Business Continuity

Incident Response
Aquasight maintains a documented incident response plan with the following commitments:
  • Critical (L1 – system unavailable): Response within 1 hour; workaround within 4 hours.

  • High (L2 – major functionality impact): Response within 2 hours; resolution within 1 business day.

  • Medium (L3 – partial impact): Response within 4 hours; resolution within 3 business days.

  • Low (L4 – customer questions): Response within 1 business day; resolution within 5 to 10 business days, depending on the research needed.
Our platform is built for 99% uptime with automated failover and [daily/continuous] backups. Recovery point and recovery time objectives are defined in each customer agreement.

Need more details about how we protect your data? Talk to our expert