Visit EthicPagesTerms of Service
Last updated: January 15, 2026
Terms of Service
Document owner: General Counsel Version: 3.0 Effective date: January 1, 2026 Last updated: January 15, 2026 Classification: Public — Trust Center Review cadence: Annual, and upon material changes to services, pricing, or applicable law Company: Acme Cloud, Inc. Address: 1200 Market Street, Suite 400, San Francisco, CA 94103, USA Primary contacts: trust@acmecloud.com | security@acmecloud.com | privacy@acmecloud.com
Definitions
| Term | Definition |
|---|---|
| Affiliate | Any entity that directly or indirectly controls, is controlled by, or is under common control with a party |
| Authorized User | Individual authorized by Customer to access and use the Services under Customer's account |
| Confidential Information | Non-public information disclosed by either party, marked confidential or reasonably understood to be confidential |
| Customer | The entity agreeing to these Terms by executing an Order Form or registering for Services |
| Customer Data | Data, content, and information submitted to the Services by Customer or Authorized Users |
| Documentation | User guides, API documentation, and other technical materials provided by Acme Cloud |
| DPA | Data Processing Agreement governing Personal Data processing |
| Effective Date | The date Customer accepts these Terms or the Order Form effective date |
| Fees | Amounts payable for Services as specified in the Order Form |
| Force Majeure | Events beyond reasonable control including natural disasters, war, terrorism, pandemics, government actions |
| Intellectual Property Rights | Patents, copyrights, trademarks, trade secrets, and other proprietary rights |
| Order Form | Ordering document specifying Services, Fees, and subscription terms |
| Personal Data | Information relating to an identified or identifiable natural person |
| Platform | The Acme Cloud software-as-a-service application |
| Professional Services | Implementation, training, or consulting services provided by Acme Cloud |
| Services | The Platform and related services provided under these Terms |
| SLA | Service Level Agreement specifying availability commitments |
| Subscription Term | The period during which Customer has access to Services |
| Third-Party Services | Non-Acme Cloud applications, integrations, or services |
| Usage Limits | Quantitative restrictions on Service use (users, storage, API calls) |
Scope and Applicability
1.1 Agreement Structure
These Terms of Service ("Terms") constitute a binding agreement between Acme Cloud, Inc. ("Acme Cloud," "we," "us," or "our") and the entity identified in the applicable Order Form or registration ("Customer," "you," or "your"). The complete agreement ("Agreement") consists of:
| Component | Purpose | Precedence |
|---|---|---|
| Order Form | Specific services, pricing, terms | Highest (for conflicts) |
| Data Processing Agreement | Personal Data processing obligations | Equal to Terms |
| Service Level Agreement | Availability commitments | Equal to Terms |
| These Terms of Service | General contract terms | Base terms |
| Acceptable Use Policy | Prohibited conduct | Incorporated by reference |
| Documentation | Technical specifications | Incorporated by reference |
1.2 Acceptance
Customer accepts these Terms by: (a) executing an Order Form referencing these Terms, (b) clicking "I Accept" or similar acceptance mechanism, or (c) accessing or using the Services. If accepting on behalf of an organization, the individual represents authority to bind that organization.
1.3 Eligibility
Services are available only to entities and individuals who can form legally binding contracts. Customer represents that: (a) it is a validly existing business entity, (b) the individual accepting has authority to bind Customer, (c) Customer is not located in a jurisdiction subject to comprehensive US sanctions, and (d) Customer is not on any US government prohibited party list.
1.4 Changes to Terms
Acme Cloud may modify these Terms by providing thirty (30) days' notice via email or in-app notification. Changes become effective at the start of Customer's next Subscription Term unless Customer objects in writing within the notice period. Material changes during a Subscription Term require mutual agreement unless required by law.
Services and License Grant
2.1 Service Description
Acme Cloud provides a cloud-based compliance management platform enabling customers to manage privacy compliance programs, conduct assessments, maintain documentation, and demonstrate compliance to stakeholders.
| Service Component | Description | Availability |
|---|---|---|
| Core Platform | Web application for compliance management | All plans |
| Assessment Engine | Automated compliance assessments and questionnaires | All plans |
| Document Management | Policy and evidence repository | All plans |
| Reporting | Compliance dashboards and reports | All plans |
| API Access | Programmatic integration capabilities | Professional+ |
| SSO Integration | SAML/OIDC identity federation | Professional+ |
| Advanced Analytics | Custom reporting and benchmarking | Enterprise |
| Dedicated Support | Named support representative | Enterprise |
| Professional Services | Implementation and training | Separately purchased |
2.2 License Grant to Customer
Subject to these Terms and payment of Fees, Acme Cloud grants Customer a non-exclusive, non-transferable, worldwide license during the Subscription Term to:
2.2.1. Access and use the Services for Customer's internal business purposes 2.2.2. Permit Authorized Users to access and use the Services 2.2.3. Use Documentation in connection with permitted Service use 2.2.4. Copy and use sample policies and templates for Customer's internal use
2.3 License Restrictions
Customer shall not, and shall ensure Authorized Users do not:
| Restriction | Description | Exception |
|---|---|---|
| Sublicense | Transfer or sublicense rights to third parties | Affiliates with notice |
| Reverse engineer | Decompile, disassemble, or reverse engineer Services | Permitted by law |
| Copy | Copy or create derivative works | Documentation excerpts |
| Compete | Use to build competing product | None |
| Circumvent | Bypass security or usage controls | None |
| Resell | Resell or commercially distribute | MSP program |
| Misrepresent | Misrepresent identity or authorization | None |
| Harm | Use for illegal purposes or to harm others | None |
| Exceed limits | Exceed Usage Limits without payment | None |
2.4 Customer Responsibilities
Customer is responsible for:
3.1. Accuracy and legality of Customer Data 3.2. Authorized User compliance with these Terms 3.3. Account credentials security and MFA enforcement 3.4. Appropriate access controls and user provisioning 3.5. Integration configuration and third-party service usage 3.6. Compliance with laws applicable to Customer's use 3.7. Maintaining backup copies of Customer Data as desired
2.5 Acceptable Use
Customer agrees to the Acceptable Use Policy available at /acceptable-use. Prohibited uses include:
| Category | Examples | Enforcement |
|---|---|---|
| Illegal activity | Fraud, money laundering, violations of law | Immediate suspension |
| Harmful content | Malware distribution, phishing, harassment | Suspension with notice |
| Security violations | Unauthorized access attempts, vulnerability exploitation | Immediate suspension |
| Resource abuse | Cryptomining, denial of service, excessive API usage | Rate limiting, suspension |
| Rights violations | IP infringement, unauthorized data collection | Notice and takedown |
Customer Data
3.1 Ownership
Customer retains all right, title, and interest in Customer Data. Nothing in these Terms transfers Customer Data ownership to Acme Cloud.
3.2 License to Acme Cloud
Customer grants Acme Cloud a non-exclusive, worldwide license to use, copy, store, transmit, modify, and display Customer Data solely to:
| Purpose | Scope | Duration |
|---|---|---|
| Provide Services | Full processing rights | Subscription Term |
| Maintain and improve Services | Anonymized/aggregated analysis | Perpetual |
| Comply with legal obligations | As required by law | As required |
| Generate insights | Anonymized benchmarking | Perpetual |
3.3 Data Processing
Where Customer Data includes Personal Data, processing is governed by the DPA available at /dpa. The DPA is incorporated by reference and includes:
| DPA Component | Purpose |
|---|---|
| Processing instructions | Scope and purposes of processing |
| Security measures | Technical and organizational safeguards |
| Subprocessor provisions | Third-party processor engagement |
| Data subject rights | Assistance with requests |
| Breach notification | Incident communication |
| International transfers | Transfer mechanisms |
| Audit rights | Compliance verification |
| Return and deletion | Post-termination handling |
3.4 Data Security
Acme Cloud maintains administrative, technical, and physical safeguards to protect Customer Data as described in the Security Overview at /security-overview. Key commitments include:
| Security Measure | Implementation |
|---|---|
| Encryption at rest | AES-256 for all Customer Data |
| Encryption in transit | TLS 1.2+ for all connections |
| Access controls | Role-based access, MFA, audit logging |
| Network security | VPC isolation, WAF, DDoS protection |
| Monitoring | 24/7 security operations |
| Certifications | SOC 2 Type II, ISO 27001 (in progress) |
3.5 Data Residency
Enterprise customers may select data residency region upon account provisioning:
| Region Option | Primary Location | Backup Location | Additional Fees |
|---|---|---|---|
| United States | us-east-1 | us-west-2 | Included |
| European Union | eu-west-1 | eu-central-1 | Included |
| United Kingdom | eu-west-2 | eu-west-1 | Contact sales |
| Asia Pacific | ap-southeast-1 | ap-northeast-1 | Contact sales |
Data residency applies to Customer Data at rest. Service metadata may be processed globally.
Fees and Payment
4.1 Fee Structure
| Fee Type | Description | Billing |
|---|---|---|
| Subscription Fees | Recurring charges for Service access | Annual or monthly |
| Usage Fees | Charges for consumption exceeding included limits | Monthly in arrears |
| Professional Services | Implementation, training, consulting | Per SOW |
| Support Upgrades | Premium support options | With subscription |
4.2 Payment Terms
| Term | Requirement |
|---|---|
| Payment method | Credit card, ACH, or wire transfer |
| Invoice terms | Net 30 days from invoice date |
| Currency | USD unless otherwise specified |
| Taxes | Customer responsible for applicable taxes |
| Late payment | 1.5% monthly interest, collection costs |
4.3 Fee Calculation and Adjustments
4.3.1. Subscription Fees are specified in the Order Form 4.3.2. Usage is measured daily; overages billed monthly 4.3.3. Fees may increase upon renewal with sixty (60) days' notice 4.3.4. Mid-term upgrades are pro-rated; downgrades effective at renewal 4.3.5. No refunds for partial periods except as specified
4.4 Suspension for Non-Payment
Acme Cloud may suspend Services for undisputed amounts overdue more than thirty (30) days after providing ten (10) days' written notice. Suspension does not relieve payment obligations. Services will be restored within one (1) business day of payment receipt.
4.5 Disputes
Customer must notify Acme Cloud of any Fee dispute within thirty (30) days of invoice date. Parties will negotiate in good faith to resolve disputes. Undisputed amounts remain due regardless of dispute.
Service Levels and Support
5.1 Availability Commitment
Acme Cloud commits to Service availability as follows:
| Plan | Monthly Uptime Target | Measurement | Exclusions |
|---|---|---|---|
| Free | No SLA | N/A | N/A |
| Professional | 99.5% | Monthly | Scheduled maintenance, Force Majeure |
| Enterprise | 99.9% | Monthly | Scheduled maintenance, Force Majeure |
5.2 Service Credits
If Acme Cloud fails to meet the applicable uptime target, Customer may request service credits:
| Monthly Uptime | Credit (% of monthly Fee) |
|---|---|
| 99.0% - 99.5% | 10% |
| 95.0% - 99.0% | 25% |
| 90.0% - 95.0% | 50% |
| Below 90.0% | 100% |
5.2.1. Credits must be requested within thirty (30) days of the affected month 5.2.2. Maximum credit per month is 100% of that month's Subscription Fees 5.2.3. Credits apply to future invoices only; no cash refunds 5.2.4. Credits are Customer's exclusive remedy for availability failures
5.3 Scheduled Maintenance
| Maintenance Type | Notice | Window | Frequency |
|---|---|---|---|
| Standard | 5 business days | Sunday 2-6 AM ET | As needed |
| Emergency | Best effort | As needed | Rare |
| Major upgrade | 14 days | Sunday 2-6 AM ET | Quarterly maximum |
5.4 Support Services
| Support Level | Included Plans | Response Times | Channels |
|---|---|---|---|
| Standard | Free | 2 business days | Email, help center |
| Business | Professional | 8 business hours (P1), 1 business day (P2) | Email, chat |
| Enterprise | Enterprise | 4 hours (P1), 8 business hours (P2) | Email, chat, phone, Slack |
| Priority | Definition | Example |
|---|---|---|
| P1 - Critical | Service unavailable, no workaround | Platform inaccessible |
| P2 - High | Major feature impaired, workaround exists | Assessment engine errors |
| P3 - Medium | Minor feature issue, workaround available | Reporting formatting |
| P4 - Low | Question, enhancement request | Feature inquiry |
Intellectual Property
6.1 Acme Cloud IP
Acme Cloud retains all right, title, and interest in:
| IP Category | Examples | Rights Retained |
|---|---|---|
| Platform | Software, interfaces, algorithms | Full ownership |
| Documentation | User guides, API docs, training materials | Full ownership |
| Templates | Sample policies, questionnaires | Full ownership (license granted) |
| Feedback | Suggestions, improvements, ideas | Full ownership (license back) |
| Aggregated Data | Anonymous usage patterns, benchmarks | Full ownership |
| Trademarks | Acme Cloud name, logos, marks | Full ownership |
6.2 Customer IP
Customer retains all right, title, and interest in:
| IP Category | Examples |
|---|---|
| Customer Data | Uploaded documents, entered information |
| Customer Branding | Logos, names used in white-labeling |
| Customer Processes | Compliance workflows, custom configurations |
| Customer Integrations | Custom code connecting to APIs |
6.3 Feedback License
If Customer provides feedback, suggestions, or ideas regarding the Services, Customer grants Acme Cloud a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such feedback without obligation or compensation.
6.4 Third-Party Components
The Services may include third-party open source components. Applicable licenses are listed in the Documentation. Customer's use of such components is governed by the applicable open source licenses.
Confidentiality
7.1 Definition and Exclusions
"Confidential Information" means non-public information designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.
| Information Type | Classification |
|---|---|
| Customer Data | Customer's Confidential Information |
| Platform code, architecture | Acme Cloud's Confidential Information |
| Pricing, Order Forms | Mutual Confidential Information |
| Security reports, findings | Acme Cloud's Confidential Information |
| Business plans, strategies | Discloser's Confidential Information |
Exclusions (burden of proof on receiving party):
| Exclusion | Definition |
|---|---|
| Public information | Information publicly available without breach |
| Prior possession | Information already known without restriction |
| Independent development | Information developed independently |
| Authorized disclosure | Information received from authorized third party |
7.2 Obligations
| Obligation | Requirement |
|---|---|
| Protection | Protect using at least same care as own confidential information |
| Use limitation | Use only as necessary to perform obligations |
| Disclosure limitation | Disclose only to those with need to know |
| Personnel obligations | Ensure recipients bound by confidentiality |
| No reverse engineering | Not reverse engineer to derive information |
7.3 Permitted Disclosures
Receiving party may disclose Confidential Information:
7.3.1. With discloser's prior written consent 7.3.2. To professional advisors bound by confidentiality 7.3.3. As required by law, with advance notice where permitted 7.3.4. To enforce rights under this Agreement
7.4 Duration
Confidentiality obligations survive termination for five (5) years. Trade secrets remain protected indefinitely.
Warranties and Disclaimers
8.1 Mutual Warranties
Each party represents and warrants that:
8.1.1. It has authority to enter into and perform this Agreement 8.1.2. The Agreement constitutes a valid and binding obligation 8.1.3. Execution does not violate other agreements or laws 8.1.4. It will comply with applicable laws in performing obligations
8.2 Acme Cloud Service Warranties
Acme Cloud warrants that during the Subscription Term:
| Warranty | Scope | Remedy |
|---|---|---|
| Conformance | Services materially conform to Documentation | Correction or credit |
| Security | Maintain reasonable security measures | Per Security Overview |
| Non-infringement | Services do not infringe third-party IP | Indemnification |
| Professional Services | Performed in professional manner | Re-performance |
8.3 Customer Warranties
Customer represents and warrants that:
8.3.1. Customer Data does not infringe third-party rights 8.3.2. Customer has necessary rights to provide Customer Data 8.3.3. Customer's use will comply with applicable laws 8.3.4. Customer will maintain accurate account information
8.4 Disclaimer
EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, EACH PARTY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. ACME CLOUD DOES NOT WARRANT THAT SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE. NO ORAL OR WRITTEN INFORMATION PROVIDED BY ACME CLOUD CREATES A WARRANTY NOT EXPRESSLY STATED HEREIN.
Indemnification
9.1 Acme Cloud Indemnification
Acme Cloud will defend, indemnify, and hold harmless Customer from third-party claims alleging that Customer's use of the Services in accordance with this Agreement infringes a third party's intellectual property rights.
| Obligation | Scope |
|---|---|
| Defense | Assume defense of covered claims |
| Settlement | May settle with Customer consent (not unreasonably withheld) |
| Damages | Pay damages awarded or settlements agreed |
Exclusions from Acme Cloud indemnification:
9.1.1. Claims arising from Customer Data or Customer content 9.1.2. Claims arising from modifications not made by Acme Cloud 9.1.3. Claims arising from combination with non-Acme Cloud products 9.1.4. Claims arising from use after notice to discontinue 9.1.5. Claims arising from Customer's breach of this Agreement
Mitigation options:
| Option | Description |
|---|---|
| Procure rights | Obtain right for Customer to continue using |
| Modify | Modify Services to be non-infringing |
| Replace | Replace with functionally equivalent alternative |
| Terminate | Terminate and refund prepaid unused Fees |
9.2 Customer Indemnification
Customer will defend, indemnify, and hold harmless Acme Cloud from third-party claims arising from:
9.2.1. Customer Data or Customer's use of Services 9.2.2. Customer's violation of applicable law 9.2.3. Disputes between Customer and its end users 9.2.4. Customer's breach of this Agreement
9.3 Indemnification Procedures
| Procedure | Requirement |
|---|---|
| Notice | Prompt written notice of claim |
| Control | Indemnitor controls defense and settlement |
| Cooperation | Indemnitee provides reasonable assistance |
| Authority | No settlement without indemnitor consent |
| Information | Indemnitee provides claim information |
Limitation of Liability
10.1 Exclusion of Consequential Damages
EXCEPT FOR EXCLUDED CLAIMS, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST REVENUE, LOST DATA, LOSS OF GOODWILL, OR COSTS OF PROCUREMENT OF SUBSTITUTE SERVICES, REGARDLESS OF WHETHER ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10.2 Liability Cap
EXCEPT FOR EXCLUDED CLAIMS, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
10.3 Excluded Claims
The following are not subject to the liability limitations above:
| Excluded Claim Type | Applicable Limitation |
|---|---|
| Acme Cloud indemnification obligations | 2x annual Fees |
| Customer indemnification obligations | No limitation |
| Customer payment obligations | No limitation |
| Breach of confidentiality | 2x annual Fees |
| Gross negligence or willful misconduct | No limitation |
| Fraud | No limitation |
| Personal injury or property damage | No limitation |
10.4 Basis of Bargain
The limitations in this Section reflect the allocation of risk between parties and are an essential basis of the bargain. Neither party would enter this Agreement without these limitations.
Term and Termination
11.1 Agreement Term
This Agreement begins on the Effective Date and continues until all Subscription Terms expire or the Agreement is terminated as provided herein.
11.2 Subscription Term
| Term Type | Duration | Auto-Renewal |
|---|---|---|
| Annual | 12 months | Yes, for successive 12-month terms |
| Monthly | 1 month | Yes, for successive 1-month terms |
| Multi-year | Per Order Form | Per Order Form |
11.3 Termination Rights
| Terminating Party | Basis | Notice Required |
|---|---|---|
| Either party | Convenience | 30 days before renewal |
| Either party | Material breach (uncured after notice) | 30 days to cure |
| Either party | Other party insolvency | Immediate |
| Acme Cloud | Illegal or prohibited use | Immediate |
| Acme Cloud | Non-payment (after cure period) | Per Section 4.4 |
11.4 Effect of Termination
| Termination Effect | Timeline | Customer Action |
|---|---|---|
| Service access ends | End of Subscription Term | Export data before termination |
| Customer Data retained | 30 days post-termination | Request export or deletion |
| Customer Data deleted | 30 days after retention period | None required |
| Surviving obligations continue | Per Section 11.5 | Comply with surviving terms |
| Outstanding Fees due | Immediately | Pay all amounts owed |
11.5 Survival
The following sections survive termination: Definitions, Customer Data (ownership), Fees and Payment (for accrued amounts), Intellectual Property, Confidentiality, Warranties and Disclaimers, Indemnification, Limitation of Liability, and General Provisions.
Compliance and Export Control
12.1 Export Restrictions
Customer agrees to comply with all applicable export control laws, including US Export Administration Regulations (EAR) and OFAC sanctions. Customer represents that:
12.1.1. Customer is not located in an embargoed country 12.1.2. Customer is not on any prohibited party list 12.1.3. Customer will not export or re-export Services to prohibited destinations 12.1.4. Customer will notify Acme Cloud of any compliance concerns
12.2 Government Users
If Customer is a US government entity, additional terms may apply. Government End Users acquire only those rights set forth in this Agreement consistent with FAR 12.212 and DFARS 227.7202.
12.3 Anti-Corruption
Neither party will take any action that would cause the other to violate applicable anti-corruption laws, including the US Foreign Corrupt Practices Act and UK Bribery Act.
General Provisions
13.1 Governing Law and Venue
| Customer Location | Governing Law | Venue |
|---|---|---|
| United States | Delaware law | Delaware state/federal courts |
| European Union | Ireland law | Dublin courts |
| United Kingdom | England law | London courts |
| Other | Delaware law | Delaware state/federal courts |
13.2 Dispute Resolution
13.2.1. Informal Resolution: Parties will attempt to resolve disputes informally for thirty (30) days 13.2.2. Arbitration (Enterprise): Disputes will be resolved by binding arbitration under AAA Commercial Rules 13.2.3. Litigation (Standard): Courts of proper venue 13.2.4. Class Action Waiver: Disputes will be resolved individually, not as class actions
13.3 Notices
| Notice Type | Delivery Method | Effective When |
|---|---|---|
| Legal notices | Email to legal address + certified mail | Upon receipt |
| Operational notices | Email to account administrator | Upon sending |
| In-app notices | Banner or notification | Upon display |
Acme Cloud notices to: legal@acmecloud.com Customer notices to: Address in Order Form or account settings
13.4 Assignment
Neither party may assign this Agreement without prior written consent, except to an Affiliate or in connection with merger, acquisition, or sale of substantially all assets. Any prohibited assignment is void.
13.5 Waiver
No waiver of any breach is a waiver of any other breach. No waiver is effective unless in writing and signed by the waiving party.
13.6 Severability
If any provision is held unenforceable, it will be modified to the minimum extent necessary to make it enforceable, or severed if modification is not possible. Remaining provisions continue in full force.
13.7 Entire Agreement
This Agreement, including all Order Forms and referenced documents, constitutes the entire agreement between parties and supersedes all prior agreements, proposals, and communications regarding the subject matter.
13.8 Force Majeure
Neither party is liable for failure to perform due to Force Majeure events, provided the affected party: (a) gives prompt notice, (b) uses reasonable efforts to mitigate, and (c) resumes performance when able. If Force Majeure continues for ninety (90) days, either party may terminate affected Order Forms.
13.9 Relationship of Parties
The parties are independent contractors. Nothing creates a partnership, joint venture, agency, or employment relationship.
13.10 Third-Party Beneficiaries
There are no third-party beneficiaries to this Agreement, except for indemnified parties as specified.
Framework Mapping Appendix
Contract Compliance Mapping
| Requirement Source | Requirement | Terms Section | Implementation |
|---|---|---|---|
| GDPR Art. 28 | Processor obligations | Customer Data, DPA | Incorporated DPA |
| GDPR Art. 32 | Security measures | Customer Data | Security Overview reference |
| SOC 2 CC6.2 | Third-party agreements | Full Terms | Contractual commitments |
| ISO 27001 A.15.1 | Supplier agreements | Full Terms | Security requirements |
| HIPAA § 164.308 | BAA requirements | DPA | Available for BAA customers |
| PCI DSS 12.8 | Service provider contracts | DPA, Security | Compliance certifications |
Enterprise Contract Requirements Matrix
| Enterprise Requirement | Section | Acme Cloud Position |
|---|---|---|
| Data ownership | 3.1 | Customer retains ownership |
| Security standards | 3.4 | SOC 2 Type II certified |
| Audit rights | DPA | Annual audit or SOC 2 report |
| Breach notification | DPA | Per DPA terms (72 hours) |
| Subprocessor notice | DPA | 30 days advance notice |
| Data deletion | 11.4 | 30 days post-termination |
| Business continuity | SLA | Documented DR procedures |
| Insurance | Upon request | Cyber, E&O, General liability |
| SLA credits | 5.2 | Up to 100% monthly credit |
| Limitation of liability | 10.2 | 12 months Fees baseline |
| Indemnification | 9.1 | IP infringement coverage |
| Governing law | 13.1 | Jurisdiction-appropriate |
Related Trust Center documents
privacy policy, dpa, security overview, subprocessor list, cookie policy, acceptable use
Document revision history
| Version | Date | Author | Summary of changes |
|---|---|---|---|
| 1.0 | 2024-06-01 | Legal & Compliance | Initial Trust Center publication |
| 2.0 | 2025-03-15 | GRC Program | SOC 2 Type II alignment refresh; expanded subprocessors |
| 2.5 | 2025-09-01 | Security Engineering | Encryption standards update; ISO 27001 mapping |
| 3.0 | 2026-01-15 | Trust Center Program | Full procurement-grade expansion; 34-document set |
Contact
Acme Cloud, Inc. 1200 Market Street, Suite 400 San Francisco, CA 94103, USA
| Channel | Use case | |
|---|---|---|
| Trust & procurement | trust@acmecloud.com | Security questionnaires, trust reviews |
| Security | security@acmecloud.com | Incidents, vulnerabilities, control questions |
| Privacy | privacy@acmecloud.com | DSRs, privacy assessments |
| Legal | legal@acmecloud.com | Contractual, DPA, legal notices |