Privacy Policy

How we collect, use, and protect your personal data

Last updated: October 2025

Effective date: October 2025

1. Introduction

AcmeGuard BV ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website acmeguard.io and use our certificate management services.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you consent to the data practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is:

AcmeGuard BV
Email: privacy@acmeguard.io
Netherlands

3. Information We Collect

3.1 Personal Data You Provide

  • Contact Information: Name, email address, company name, phone number when you contact us or book a demo
  • Account Information: Username, email, company details when you create an account
  • Communication Data: Messages, feedback, and support requests you send to us
  • Marketing Preferences: Your consent to receive marketing communications

3.2 Technical Data We Collect Automatically

  • Usage Data: How you interact with our website and services
  • Device Information: IP address, browser type, operating system, device identifiers
  • Analytics Data: Website traffic, page views, session duration (via Google Analytics)
  • Cookies: See our Cookie Policy section below

3.3 Certificate Management Data

  • Domain Information: Domain names and subdomains you manage
  • Certificate Data: SSL/TLS certificate information, expiration dates, CA details
  • Configuration Data: ACME client configurations, approval workflows
  • Audit Logs: Certificate requests, approvals, and management activities

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our certificate management services
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Data

  • Service Delivery: Provide, maintain, and improve our certificate management platform
  • Customer Support: Respond to inquiries, provide technical support, and resolve issues
  • Communication: Send service updates, security alerts, and administrative messages
  • Marketing: Send promotional materials (with your consent)
  • Analytics: Understand usage patterns and improve our website and services
  • Security: Detect, prevent, and address fraud, security issues, and technical problems
  • Compliance: Meet legal and regulatory requirements

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data in the following circumstances:

6.1 Service Providers

  • Cloud Hosting: AWS, Google Cloud, or similar providers for infrastructure
  • Analytics: Google Analytics for website usage analysis
  • Communication: Email service providers for transactional and marketing emails
  • Payment Processing: Stripe or similar for subscription billing

6.2 Legal Requirements

We may disclose your data if required by law, court order, or government request.

6.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

8. Data Retention

  • Account Data: Retained while your account is active and for 3 years after deletion
  • Certificate Data: Retained for audit purposes for 7 years after certificate expiration
  • Analytics Data: Retained for 26 months (Google Analytics default)
  • Marketing Data: Until you unsubscribe or withdraw consent
  • Legal Compliance: As required by applicable laws

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data we hold
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (right to be forgotten)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, contact us at privacy@acmeguard.io. We will respond within 30 days.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

10.1 Essential Cookies

  • Session management and authentication
  • Security and fraud prevention
  • Load balancing and performance

10.2 Analytics Cookies

  • Google Analytics for website usage statistics
  • Performance monitoring and optimization

10.3 Marketing Cookies

  • Calendly for demo booking functionality
  • Marketing campaign tracking (with consent)

You can control cookies through your browser settings or opt-out of Google Analytics using their opt-out browser add-on.

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based access and multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Staff Training: Regular privacy and security training for employees
  • Incident Response: Procedures for data breach notification and response

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a prominent notice on our platform

The updated policy will be effective immediately upon posting.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@acmeguard.io
Data Protection Officer: dpo@acmeguard.io
General Inquiries: hello@acmeguard.io

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection laws. In the Netherlands, you can contact:

Autoriteit Persoonsgegevens (Dutch DPA)
Website: autoriteitpersoonsgegevens.nl
Phone: +31 70 888 8500