Trust Center

Absolutely not. InnovAItion Partners ensures that your client data is never used for any purposes beyond your specific requests. We have signed Data Protection Agreements (DPAs) or equivalents with all major Large Language Model (LLM) providers, including OpenAI, Anthropic, and Gemini. These agreements, made directly or via Suits.ai, explicitly guarantee that “no data is used for model training,” ensuring your information is never shared with other entities or used to train external models.

All collected data is stored on the Google Cloud Platform (GCP), utilizing enterprise-grade protection and continuous monitoring. Data is encrypted end-to-end: in transit using TLS 1.2+ and at rest using AES-256 encryption. Furthermore, the Suits.ai platform and its core infrastructure components are SOC 2 Type 2 Certified. All data is currently stored in the United States.

Client data segmentation is a critical priority. All client data is stored in a fully isolated manner and scoped by unique IDs to ensure it cannot be mixed with other accounts. This strict data isolation is enforced at both the application and infrastructure levels, including our databases and vector stores. We also maintain complete separation between production and development environments.

The Suits.ai platform uses granular, person-by-person access controls managed securely via Clerk. The platform completely respects your existing data access hierarchies and enforces Role-Based Access Control (RBAC) with least-privilege principles. Consequently, AI results are based solely on the data a specific user has access to, ensuring that junior staff cannot access partner-level confidential data through the AI.

No. All OAuth and credential handling is SOC 2 Type II compliant, meaning no raw data or credentials are ever stored in our backend. Integrations are handled via Paragon iPaaS using secure, read-only, least-privilege API connections. Paragon is the leading integration infrastructure platform for AI.

No, integration of additional internal sources is optional. While our AI workflows tend to perform better when provided with additional background and reference information, that improvement is generally marginal for our most commonly used workflows. A relatively small percentage of our professional services clients in regulated industries integrate with a private data source.

Yes, you maintain full control over what data sources are integrated. We offer granular integration controls that enable folder- or directory-level imports when connecting to systems such as Google Drive or SharePoint. Because the platform uses read-only, least-privilege access, it will collect and use only the data repositories you explicitly authorize.

Yes. For standard SSO sign-ins (such as via Google or Microsoft), the platform natively follows the MFA security settings set by your provider. If your firm requires integration with a one-off enterprise identity provider via SAML (e.g., an internal ADFS server), this is fully supported as an additional feature.

InnovAItion Partners generally does not act in either a Data Controller or a Data Processor capacity, but it does maintain privacy policies. The Suits.ai offering complies with GDPR regulations and requirements, which are largely a subset of the SOC 2 certification requirements. All data is stored in the United States.

Suits connects to systems like HubSpot and Outlook through their official, standard integration points (OAuth-based APIs) — the same secure method used by any trusted business application.

• Read-only by default — Suits only reads what it needs to do its job. It doesn’t write, modify, or delete anything in your systems unless you explicitly set it up to.
• Targeted access only — Suits pulls the specific data relevant to your configured workflows, not a blanket sweep of everything.
• No custom backdoors — everything runs through the standard, approved provider connection points (e.g., HubSpot and Microsoft).

This is the big one — and the answer is straightforward:

• Minimal storage — Suits only retains what’s necessary to run your workflows and deliver outputs. It is not building a database of your client information.
• Your data is never used to train AI models — We have signed Data Processing Agreements (DPAs) with both OpenAI and Anthropic that legally prohibit this. What goes in stays confidential.
• AI providers don’t retain your data — When a query is processed, the AI handles it in the moment and moves on. There is no persistent storage of your data on OpenAI’s or Anthropic’s side beyond the immediate request.
• Infrastructure — All data is stored on Google Cloud Platform (GCP), one of the most secure and compliant cloud environments in the world.

Think of it like a bank vault with individual safety deposit boxes:

• At the corporate level — Each customer environment is logically isolated using unique identifiers. Your data never mingles with another firm’s data. This is enforced both at the Suits platform level and at the AI provider level (OpenAI and Anthropic both use logical data segregation as a core control).
• At the individual level — Within your organization, access is governed by user-level permissions. Only the people you designate can see what they’re supposed to see.
• Certified and audited — Suits is SOC 2 Type 2 and Google CASA Tier 2 certified — meaning independent auditors have verified that these controls actually work, not just that they exist on paper.

• Instant revocation — You can disconnect Suits from the integrated systems (e.g., HubSpot, Outlook) at any time, immediately, from within the platform. Access is cut off the moment you do.
• Full data deletion on request — Per our agreements (and our DPAs with AI providers), all your data can be deleted upon request. Anthropic’s DPA, for example, commits to deletion within 30 days of termination.
• Nothing lingers — Once disconnected and deletion is requested, there are no residual copies sitting in our systems or our AI partners’ systems.