Huie AI is built for sensitive business analysis, so the security posture is stated plainly, not reduced to a badge. This page covers what's implemented today, what's planned, how your data flows through the system, and what early users should know before uploading anything.
Huie AI separates analytical guidance from computation. An AI analyst can choose the approach, but every metric, model, chart, and export is produced by controlled, tested code. Not generated by the model, so results are reproducible and dependable rather than a one-off guess.
Customer files, datasets, and generated deliverables are stored in private object storage (S3) with public access blocked at the bucket level, objects encrypted at rest, and per-user object paths so one customer's data is never reachable from another's. Production credentials are held server-side and never exposed to the browser or to any client-side code.
Every project, dataset, deliverable, support ticket, and piece of feedback is tied to an authenticated account and checked against that account before it can be read or modified. Authorization is verified on each request, not assumed from a prior step, so users can only reach their own data.
Automated checks both AI-assisted and deterministic rule-based watch system activity for anomalous access patterns and suspicious behavior. Backed by scheduled health checks across storage, authentication, and compute. The goal is to catch and flag irregular activity early rather than discover it after the fact.
The AI analyst is constrained to analytical work. It's instructed to refuse requests for hidden system or configuration details, to avoid generating harmful or malicious code, and to resist attempts to manipulate it through injected instructions in uploaded data or prompts. Any user that attempts to gain access to the codebase, use malicious prompt injections, or do anything that the AI analyst is not intended for is automatically flagged for further investigation. Users who attempt such actions may be permanently blocked from using this service.
At this stage, all production work is founder reviewed. A custom security system monitors security status, system/engine health, storage health, support signals/tickets, and any downtime. This system is tailored for human-in-the-loop interaction and review so detection is not just autonomous.
Where your data goes. When you upload data or submit a project, Huie AI processes that data to produce the requested analysis, reports, tables, and supporting deliverables.
Uploaded files and generated outputs are stored in private AWS infrastructure under your account. Application records are stored in PostgreSQL, files are stored in private encrypted object storage, job state and rate limiting use managed cache/queue infrastructure, and production logs are used for security and reliability monitoring.
The engine uses controlled application code for parsing files, cleaning data, calculating metrics, running statistical methods, building models, generating tables, and producing exports. A third-party AI model provider (Currently ChatGPT) is used for reasoning, routing, planning, explanation, and narrative drafting. The AI model does not directly calculate final numerical results; those calculations are performed by controlled code.
Depending on the project, the engine may send the AI provider project instructions, dataset schemas, column names, summary statistics, selected samples, aggregate results, and generated intermediate findings needed to produce the requested analysis. Huie AI does not sell customer data or share customer data for advertising. Customer data is used to provide the service, secure the platform, generate requested deliverables, and comply with legal or security obligations.
If you connect an external MCP server or third-party data source, the engine sends requests only to the endpoint or source you configure. Data exchanged with that system is governed by that provider and your agreement with them.
| Provider | Purpose | Data Processed |
|---|---|---|
| Amazon Web Services | Hosting, compute, database, object storage, encryption, secrets, logs, queue/cache infrastructure | Account records, project metadata, uploaded files, generated reports, logs, job state |
| OpenAI API | AI reasoning, routing, planning, explanation, and report drafting | Prompts, project instructions, schemas, summaries, selected samples, aggregate findings, generated text |
| Cloudflare | DNS and traffic routing/security for public domains, if proxying is enabled | Request metadata and routed web traffic |
| GitHub | Source code repository and deployment trigger |
OpenAI states that API business data is not used to train models by default, and API inputs/outputs may be retained for up to 30 days for service delivery and abuse monitoring unless a zero-data-retention arrangement applies. Source: OpenAI Enterprise Privacy and OpenAI API data controls.
Security here is earned through clear controls, narrow access, founder review, and a practical roadmap. Here's exactly where things stand today, so you can make an informed decision.
Huie AI is not SOC 2 certified yet.
Huie AI is not ISO 27001 certified yet.
Enterprise security reviews, formal penetration tests, and signed compliance packages are still future work.
Highly regulated data should not be uploaded without a written agreement and a dedicated deployment plan.
The product is not built around letting a model freely invent calculations. The AI analyst acts as an analytical project manager. It interprets the goal, chooses the approach, asks for clarification, and explains the results in plain language.
The actual computation is done by deterministic, tested code, so the numbers you rely on come from controlled tools rather than a model's probability.