Legal
Effective date: March 1, 2026 · Last reviewed: March 1, 2026
This Privacy Policy ("Policy") constitutes a legally binding agreement between you ("Data Subject," "User," or "you") and Acme, Inc. ("Acme," "we," "us," or "our"), a Delaware corporation with its principal place of business in San Francisco, California. This Policy governs the collection, processing, storage, transfer, and disclosure of Personal Data and Non-Personal Data in connection with your access to and use of the Acme platform, including all associated web applications, mobile applications, APIs, and ancillary services (collectively, the "Platform"). By accessing or using the Platform, you acknowledge that you have read, understood, and irrevocably consent to the terms of this Policy in their entirety.
Acme collects information across two primary taxonomic categories: (a) Personal Data, defined as any information that, alone or in combination with other information, identifies or could reasonably be used to identify a natural person; and (b) Non-Personal Data, defined as aggregated, anonymized, or de-identified information that does not identify a natural person. Personal Data collected by Acme may include, without limitation: identification data (name, email address, professional title, organizational affiliation); authentication credentials (encrypted passwords, cryptographic tokens); usage telemetry (session duration, feature utilization patterns, interaction logs); device and network identifiers (IP addresses, browser fingerprints, operating system metadata); payment and billing data (processed exclusively through PCI-DSS Level 1 compliant third-party payment processors); and communications data (support correspondence, feedback submissions). Non-Personal Data may include aggregate analytics, performance benchmarks, and platform utilization statistics.
Acme processes Personal Data on the basis of one or more of the following legal grounds, as applicable under relevant data protection legislation including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), and equivalent applicable statutes: (a) Contractual Necessity — processing required to fulfil our contractual obligations to you pursuant to the Terms of Service; (b) Legitimate Interests — processing undertaken in furtherance of legitimate business interests, including platform security, fraud prevention, and service improvement, where such interests are not overridden by your fundamental rights and freedoms; (c) Legal Compliance — processing mandated by applicable law, regulation, or judicial order; and (d) Consent — processing based on your explicit, freely given, specific, informed, and unambiguous consent, withdrawable at any time without detriment.
Acme utilizes collected information exclusively for the following specified, explicit, and legitimate purposes: provisioning and maintaining Platform functionality; authenticating user identity and enforcing access controls; personalizing the user experience in accordance with demonstrated preferences; processing commercial transactions and managing billing relationships; communicating material platform updates, security advisories, and promotional communications (with opt-out mechanisms provided); conducting aggregate statistical analysis to inform product development prioritization; detecting, investigating, and remediating security incidents, fraudulent activity, and policy violations; satisfying legal, regulatory, and compliance obligations; and pursuing any other purpose disclosed at the point of collection with explicit consent. Acme does not sell Personal Data to third parties for commercial gain.
Acme retains Personal Data for the duration necessary to fulfil the purposes for which it was collected, as described in this Policy, or as required by applicable legal, regulatory, contractual, or legitimate business retention obligations. Account data is retained for the duration of the active customer relationship and for a period of thirty-six (36) months following account termination, after which it is subject to secure deletion or anonymization protocols. Backup data may persist for up to ninety (90) days following the application of deletion requests. Usage logs and telemetry data are retained in aggregated, anonymized form indefinitely for the purpose of platform analytics and product development.
Subject to applicable law and certain limited exceptions, you may exercise the following rights with respect to your Personal Data: the right of access (to obtain a structured, machine-readable copy of your data); the right to rectification (to correct inaccurate or incomplete data); the right to erasure (to request deletion of your data, subject to legal retention obligations); the right to restriction of processing; the right to data portability; the right to object to processing based on legitimate interests; and the right to lodge a complaint with a supervisory authority. To exercise any of the foregoing rights, please submit a verifiable request to our designated Data Protection Officer at privacy@acme.io. We will endeavour to respond within the statutory timeframes prescribed by applicable law.
Acme reserves the right to amend this Policy at any time to reflect changes in legal requirements, platform functionality, or our data processing practices. Material amendments will be communicated to registered users via email and/or prominent in-platform notification no fewer than thirty (30) days prior to the effective date of such amendments. Your continued use of the Platform following the effective date of any amendment constitutes your acceptance of the revised Policy. If you do not agree to any amendment, you may terminate your use of the Platform in accordance with the Terms of Service. This Policy was last updated on March 1, 2026.