Terms of Service & Security Policy

Last Updated: February 28, 2026

Security and Data Protection (SOC 2)

Acenda maintains a comprehensive information security program designed to protect the Confidentiality, Integrity, and Availability of Customer Data. Our controls are audited annually against the AICPA SOC 2 Type 2 standards.

1.1 Security Incident Reporting

If you discover a security vulnerability or believe a security incident has occurred, please notify our Security Team immediately at security [at] acenda.com. We commit to acknowledging receipt of your report within 24 hours.

1.2 Breach Notification

In the event of a confirmed unauthorized access to or disclosure of Customer Data (a "Security Breach"), Acenda will notify affected Customers without undue delay, and in no event later than 72 hours after becoming aware of the breach, pursuant to our internal Incident Response Plan.

1.3 Data Encryption

Acenda employs industry-standard encryption for data at rest (AES-256) and data in transit (TLS 1.2 or higher). It is the Customer's responsibility to ensure that their local systems and browser configurations support these protocols.

Abuse, Trademark, Copyright

Whether you are the holder of a trademark, service mark, or copyright, We are committed to helping you protect your legal rights...

System Availability & Continuity

Service Level Commitments

Acenda targets a system availability of 99.9%, excluding scheduled maintenance. Scheduled maintenance windows are typically performed during off-peak hours, and notice is provided via the Customer Dashboard at least 48 hours in advance.

Disaster Recovery

We maintain a formal Disaster Recovery (DR) and Business Continuity Plan (BCP) that is tested at least annually. Our infrastructure is geographically redundant to ensure minimal disruption in the event of a regional outage.

Acceptable Use Policy (AUP)

This AUP is critical for SOC 2 Common Criteria regarding "Logical and Physical Access."

  • ...
  • Security Circumvention: Any attempt to bypass, deactivate, or render ineffective any security controls or monitoring systems implemented by Acenda is strictly prohibited.
  • Vulnerability Scanning: (Already covered in your text, but essential for SOC 2) You may not perform penetration tests without express written consent.

Privacy Policy and Data Processing

Sub-processors

Acenda utilizes third-party sub-processors to provide infrastructure and specialized services (e.g., AWS for hosting). We maintain a written agreement with each sub-processor that requires them to adhere to data protection standards no less stringent than those set forth in this Agreement.

Data Retention & Disposal

Upon termination of Services, Acenda will retain Customer Data for a period of 30 days to allow for retrieval. Following this period, data will be logically deleted from our active systems and eventually overwritten in our backup archives in accordance with our Data Disposal Policy.