Skip to main content

Enterprise-Grade Security & Data Privacy

Actyze is designed for enterprises with strict security and compliance requirements. Your data never leaves your network.

Critical: Metadata-Only Access

Actyze only reads metadata (table names, column names, data types) to generate queries. Your actual data rows are NEVER accessed or transmitted.

How Actyze Protects Your Data

Metadata-Only Access

  • Actyze reads only schema information (table names, column names, data types)
  • Zero access to actual data rows
  • SQL queries execute directly in your database
  • Results flow directly to users, never to Actyze systems

Self-Hosted Architecture

  • Deploy within your VPC/private cloud/on-premise
  • Data never leaves your network perimeter
  • Full control over access policies and encryption
  • No external API calls with sensitive data

Compliance-Ready Architecture

  • Supports HIPAA requirements (healthcare)
  • Supports PCI-DSS requirements (financial services)
  • Supports GDPR requirements (EU data protection)
  • SOC 2 principles built-in
  • FedRAMP-aligned architecture

Zero Data Exfiltration

  • No data transmission to external systems
  • No cloud storage of customer data
  • Query results stay in your environment
  • Perfect for highly regulated industries

Architecture: How It Works

┌─────────────────────────────────────────────────────────────┐
│                    Your Infrastructure                      │
│                                                             │
│  1. User Question                                           │
│          ↓                                                  │
│  2. Actyze reads metadata (schemas only) from Database      │
│          ↓                                                  │
│  3. LLM generates SQL (receives metadata only)              │
│          ↓                                                  │
│  4. Database executes query                                 │
│          ↓                                                  │
│  5. Results flow directly to User                           │
│                                                             │
└─────────────────────────────────────────────────────────────┘
           ✗ No external data transmission

Step-by-Step: What Happens When You Query

1. User asks: "Show me sales from Q4 2025"
Natural language input from your team member

2. Actyze reads metadata:
Accesses: tables.sales(id INT, amount DECIMAL, date DATE, region VARCHAR)
Does NOT access: Actual sales records or amounts

3. Generates SQL query:
Uses your configured LLM (self-hosted or cloud API like OpenAI/Claude)
LLM receives: Natural language question + metadata only (never actual data)
Result: SELECT * FROM sales WHERE date BETWEEN '2025-10-01' AND '2025-12-31'

4. Query executes in YOUR database:
No data sent to Actyze servers - runs locally in your infrastructure

5. Results flow directly to user:
Sales data displayed in user's browser - never touches Actyze systems

Frequently Asked Questions

Does Actyze see my actual data?

No. Actyze only reads metadata (table schemas, column names, data types). Your actual data rows are never accessed by Actyze. SQL queries execute directly in your database, and results go directly to your users—not through Actyze servers.

Where is my data stored?

Your data never leaves your infrastructure. Actyze is self-hosted within your network (VPC, private cloud, or on-premise). Query results go directly to your users within your network, not through external Actyze servers.

Does Actyze support HIPAA/PCI-DSS/GDPR compliance requirements?

Yes. Because data never leaves your network and Actyze only accesses metadata, achieving compliance is greatly simplified. The self-hosted architecture is designed to support compliance requirements for healthcare (HIPAA), financial services (PCI-DSS), EU data protection (GDPR), and other regulatory frameworks. Customers are responsible for their own compliance certification, but our architecture provides the technical foundation needed.

How does NL-to-SQL work without sending data externally?

When you ask "Show me sales from Q4", Actyze:

  1. Reads table schemas (metadata only - column names and types)
  2. Generates SQL query using your configured LLM (self-hosted like Llama, or cloud API like OpenAI/Claude)
  3. Important: LLM receives only the question + metadata (schema info), never actual data
  4. Executes query in YOUR database within your network
  5. Returns results directly to the user in your environment
  6. Your actual data never transmitted to external systems

What about AI/LLM processing?

Actyze supports both cloud LLM APIs (OpenAI, Claude, etc.) and self-hosted LLMs (Llama, Mistral, etc.):

  • Cloud LLM APIs (OpenAI, Claude): Only the natural language question and metadata (table/column names, data types) are sent—never your actual data rows. This is suitable for most security requirements.

  • Self-Hosted LLMs (Llama, Mistral): For maximum security, the entire NL-to-SQL processing happens within your infrastructure with zero external API calls. Perfect for air-gapped or highly regulated environments.

Bottom line: Regardless of which LLM option you choose, your actual data never leaves your network.

Can Actyze be deployed in air-gapped environments?

Yes. Actyze can be deployed in fully air-gapped environments with no internet connectivity. Using self-hosted LLMs, the entire system operates offline within your secure network.

What data does Actyze collect about my organization?

For cloud-hosted plans, we collect only:

  • Account information (name, email, company)
  • Usage analytics (number of queries, active users)
  • System performance metrics

We do NOT collect:

  • Your database credentials (stored only in your environment)
  • Query results or actual data
  • Business intelligence or insights from your data

How is Actyze different from cloud BI tools?

AspectCloud BI ToolsActyze
Data AccessFull data uploaded/queriedMetadata only
Data LocationCloud provider's serversYour infrastructure
ComplianceRequires data sharing agreementsArchitecture supports compliance requirements
DeploymentVendor-hostedSelf-hosted

Ready to Deploy Secure Analytics?

Talk to our team about deploying Actyze in your environment with your security requirements.

Email Security TeamTry Live Demo

Or use the chat widget (bottom right) to talk to us instantly

Regulatory Compliance Support

Actyze does not hold independent compliance certifications. However, our architecture is designed to help customers meet their compliance requirements:

  • HIPAA (Healthcare): No PHI data accessed; self-hosted deployment within your secure environment; metadata-only access eliminates data exfiltration risk
  • PCI-DSS (Financial): Payment data never accessed; complete data isolation; no cardholder data transmission
  • GDPR (EU Data Protection): Data remains in your region; no data transfer to third parties; self-hosted processing
  • SOC 2 Principles: Architecture designed with confidentiality, integrity, and availability controls
  • FedRAMP Considerations: Self-hosted deployment model; zero external data transmission; suitable for government requirements

Important: Customers are responsible for their own compliance certification. We provide the technical architecture to support compliance, but organizations must validate against their specific regulatory requirements.

For compliance documentation, security questionnaires, or architecture reviews, email us at info@actyze.com or use the chat widget.