asksuls

Security Overview

Last updated: May 12, 2026

AskSuls is operated by ACD Management Consulting DMCC.

AskSuls supports research workflows where questions, sources, generated analysis, and review history may contain commercially sensitive context. Security is therefore part of how the product is designed, operated, and reviewed.

This page summarizes our current public security posture. It is not a certification report, audit report, SOC 2 report, ISO report, or data-processing agreement. For vendor review, data-processing terms, or a deeper controls discussion, contact contact@asksuls.com.

Security approach

Our security approach focuses on four practical controls:

  • Limit access to customer and production data to authorized personnel with a legitimate operational need.
  • Use managed platforms for identity, hosting, storage, payments, email, product operations, and AI processing so core controls are built on established infrastructure rather than improvised systems.
  • Verify sensitive service events before they change account, billing, or workflow state.
  • Preserve enough operational and research history to support debugging, recovery, security review, and defensible output review.

Access and application controls

AskSuls uses managed authentication and session handling for user access. Product and API routes that operate on user workspaces or research workflows are designed to require authenticated users and appropriate authorization.

Authentication is handled through a managed identity provider that supports multi-factor authentication for individual accounts. Enterprise single sign-on may be reviewed for eligible customers under a written agreement.

Public and product routes include a browser-hardening baseline, including security headers for content loading, referrer handling, permissions, framing, content types, and transport security.

External account, identity, and billing events that affect user access or service state are expected to be verified before they are applied.

Data protection

Customer content, generated work product, and operational metadata are stored and processed using managed infrastructure. Temporary operational state may be processed so users can follow long-running research work and recover from refreshes or navigation.

Connections between user browsers and AskSuls are protected with HTTPS using modern TLS. Connections between AskSuls and service providers use encrypted transport where supported by the provider. Data at rest is protected through the encryption controls of the managed infrastructure used to operate the service.

Access to production data is limited to support, security, debugging, legal, service-integrity, and operational needs. Users should not submit information they are not authorized to process through AskSuls.

Payment-card processing is handled by a dedicated payment processor. AskSuls does not store full payment card numbers.

AI processing

AskSuls relies on AI model providers to help generate research plans, evidence summaries, and decision narratives.

Model inference necessarily means relevant prompts, references, files, user instructions, source context, and generated intermediate work may be processed by third-party AI providers. We aim to share only what is needed for the task being performed.

Where available, we use provider API or business-product paths with no-training or opt-in training controls. Customers that need provider restrictions, zero-retention settings, regional requirements, or specific data-processing commitments should request a written review before production use.

Incident response

If we become aware of a security incident that materially affects customer content or account security, we will investigate, take reasonable containment steps, and notify affected users or customers when required by law, contract, or the circumstances of the incident.

Incident handling may involve internal review, provider review, credential rotation, access review, log review, temporary feature limits, or user/customer instructions.

Security reviews

Some enterprise controls, retention terms, deployment requirements, or compliance reporting may require a written agreement or a dedicated review before production use.

For security questions, vendor review, or responsible disclosure, email contact@asksuls.com. Include the review scope, required documents, target launch date, and any mandatory controls or questionnaires.

We can provide public posture information from these pages first. Deeper reviews, provider restrictions, custom retention terms, data-processing terms, security questionnaires, or enterprise commitments should be handled through a written agreement.

Responsible disclosure

If you believe you have found a security issue, email contact@asksuls.com.

Please include:

  • A clear description of the issue.
  • Steps to reproduce.
  • Affected URLs, accounts, or request examples.
  • Any relevant logs, screenshots, or proof of concept.

We aim to acknowledge security reports within 5 business days and to keep you informed as we investigate.

Provided that you make a good-faith effort to follow this policy, avoid privacy violations, destruction of data, service disruption, social engineering, phishing, spam, extortion, physical attacks, and access to data that does not belong to you, and give us a reasonable opportunity to investigate and respond before any public disclosure, AskSuls will not pursue legal action against your security research activity.

Please do not publicly disclose security issues until we have had a reasonable chance to investigate and respond.

Want to see how AskSuls handles your benchmarking workflow?

Request early access