Visit EthicPagesSecurity & compliance at Acme Cloud
Everything customers, partners, and auditors need to evaluate how we handle data, secure our infrastructure, and meet regulatory frameworks.
Last updated: January 15, 2026
Documentation
Select a document to review our policies, controls, and compliance posture.
Security Overview
Infrastructure, encryption, and security program summary.
Privacy Policy
How you collect, use, store, and share personal data.
Terms of Service
Contractual terms governing use of your product or service.
Cookie Policy
Cookie categories, purposes, and consent mechanisms.
Data Processing Agreement
Article 28 GDPR processor obligations for B2B customers.
Subprocessor List
Third parties that process data on your behalf.
Access Control Policy
Authentication, authorization, and least-privilege practices.
Encryption Standards
Cryptographic algorithms, key management, and data classification requirements.
Incident Response Plan
Detection, containment, notification, and recovery procedures.
Backup & Recovery Policy
Backup frequency, encryption, restore testing, and recovery objectives.
Business Continuity Plan
Continuity objectives, recovery priorities, and crisis management procedures.
Data Retention Policy
Retention schedules, legal holds, and secure disposal requirements.
HIPAA Statement
PHI safeguards for healthcare-adjacent products.
Penetration Testing Program
Testing scope, frequency, remediation SLAs, and evidence availability.
Third-Party Risk Management
Vendor assessment, monitoring, and offboarding procedures.
Vendor Code of Conduct
Expectations for suppliers regarding ethics, security, and labor standards.
Vulnerability Disclosure
Responsible disclosure and security contact information.
AI Usage Policy
How AI features use data, models, and subprocessors.
Compliance Frameworks
Certification status, audit scope, and evidence availability.
Code of Conduct
Ethical standards for employees and contractors.
Whistleblower Policy
Anonymous reporting channels, anti-retaliation protections, and investigation procedures.
Corporate Governance
Board structure, oversight responsibilities, and executive accountability.
Work Culture
DEI commitments, sustainability practices, and workplace values.
DEI Report
Diversity, equity, and inclusion metrics, programs, and commitments.
ESG Report
Environmental, social, and governance metrics and initiatives.
Modern Slavery Statement
Supply chain due diligence and human rights commitments.
Change Management Policy
CAB process, emergency changes, rollback, and change documentation.
Risk Management Framework
Risk register, treatment plans, appetite, and executive reporting.
Secure Development Lifecycle
Secure development lifecycle, code review, and release gates.
Physical Security Policy
Office and data center physical access controls and monitoring.
Employee Security Training
Onboarding, annual, and role-based security awareness programs.
Audit Logging Policy
Log sources, retention, integrity, and privileged access monitoring.
Information Classification Policy
Data tiers, handling rules, labeling, and protection requirements.
Customer Data Isolation Policy
Multi-tenant isolation, encryption boundaries, and logical separation.
Trust Center home: /trust-center