Privacy Policy

Effective Date: February 28, 2026

Last Reviewed: February 28, 2026

At Acenda.com ("we," "us," or "our"), we maintain a comprehensive information security and privacy program. This policy is designed to meet the Trust Services Criteria for SOC 2 Type 2 compliance, ensuring the confidentiality, integrity, and availability of the data you entrust to us.

1. Scope and Accountability

This policy applies to all personal data processed by Acenda.com. We have appointed a Data Privacy Officer (DPO) to oversee our compliance with SOC 2 standards and applicable global regulations (CCPA/CPRA/GDPR).

2. Information We Collect and Purpose Specification

We collect data only for specified, explicit, and legitimate business purposes:

  • Identifiers: Name and Email Address for service delivery and communication.
  • Technical Data: IP Address, browser type, and usage patterns to ensure system Availability and Security.
  • Feedback: Voluntary survey data to improve Processing Integrity.

3. Data Retention and Disposal

In accordance with SOC 2 principles, we do not retain data longer than is necessary for the purposes for which it was collected:

  • Active Data: Retained as long as your account is active or as needed to provide services.
  • Archived Data: Retained for 7 years to comply with legal, tax, or regulatory requirements.
  • Secure Disposal: Data is programmatically deleted or "shredded" from our production databases upon a verified deletion request or expiration of the retention period.

4. Security and Confidentiality Controls

To protect the Confidentiality of your data, we maintain the following SOC 2 aligned controls:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • System Monitoring: 24/7 monitoring for unauthorized access or anomalous behavior.
  • Incident Response: In the event of a confirmed data breach, Acenda.com will notify affected users and relevant regulators within 72 hours of discovery.

5. Your Rights & Data Deletion Requests

You have the right to access, correct, or delete your personal information. We provide a formal mechanism to handle these requests:

  • Submit a Request: Please use our Data Request & Deletion Form.
  • Response Timeline: We will acknowledge receipt of your request within 10 business days and aim to fulfill it within 30-45 days.

6. Tracking, Logging, and Auditability

As part of our SOC 2 Type 2 commitment to Processing Integrity, we maintain an immutable audit log of all data privacy requests. This includes:

  • Request timestamp and type (Access/Deletion/Correction).
  • Verification method used.
  • Workflow history showing the date the data was purged from our primary systems and backups.

7. Third-Party Sub-Processors

We conduct rigorous vendor risk assessments on all third-party service providers. We ensure all sub-processors maintain security standards equivalent to our own (SOC 2, ISO 27001, or similar) through signed Data Processing Agreements (DPAs).

8. Contact & Dispute Resolution

If you have questions regarding our SOC 2 compliance or privacy practices, please contact our Privacy Team:

  • Online: Contact Form
  • Mail: Acenda.com, Attn: Compliance Office, 8400 Miramar Road, San Diego, CA 92126

This policy is reviewed at least annually and updated as necessary to reflect changes in our technical environment or regulatory requirements.