Privacy Policy

Last updated on 06 Aug 2025

AceGuard (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information.

1. Information We Collect

  • Account & Profile Data: Name, email, company, role.

  • Usage Data: Logs of portal access, feature use, audit exports.

  • SMS Data: Mobile number when you opt in.

2. How We Use Your Information

  • To provide and improve our compliance automation service.

  • To send you operational and transactional messages (incidents, alerts, 2FA).

  • To send you promotional or notification marketing messages only if you’ve opted in.

3. SMS Messaging & Opt-Out

  • We will never share your mobile opt-in information with third parties for marketing.

  • To Opt-Out: Text STOP to cease all SMS communications.

  • For Help: Text HELP to receive assistance or support instructions.

4. Data Sharing & Disclosure

  • We do not sell or rent your personal information.

  • We may share data with service providers under strict confidentiality.

  • We may disclose information when required by law.

5. Your Choices

  • Access & Correction: Email us at support@aceguard.com to update or delete your data.

  • Communications: Manage your email preferences in your account settings or text STOP to opt out of SMS.

6. Data Security

We employ administrative, technical, and physical safeguards to protect your data.

7. International Transfers

If we transfer data outside your region, we use appropriate safeguards.

8. Changes to This Policy

We’ll notify you by email or via a notice on our site before changes take effect.

Privacy Policy Link: http://privacy.policy.link

Terms & Conditions Last updated on 06 Aug 2025

By using AceGuard’s services, you agree to these Terms & Conditions.

1. Services

AceGuard provides compliance automation for EU digital regulations (AI Act, DORA, NIS2).

2. User Obligations

  • Provide accurate account and system information.

  • Comply with applicable laws when using our service.

3. SMS Disclosure

  • Message Types: Notification marketing, system alerts, two-factor authentication.

  • Frequency: Message frequency may vary.

  • Rates: Message & data rates apply.

  • Opt-Out: Text STOP to opt out.

  • Help: Text HELP for support.

  • Privacy: See our Privacy Policy at http://privacy.policy.link.

4. Payment & Fees

Subscription and pilot fees are set forth in your Order Form or SOW. Payments are non-refundable except as expressly provided.

5. Intellectual Property

All platform IP and content not expressly granted to you remains our exclusive property.

6. Confidentiality

Each party will keep confidential the other’s proprietary information.

7. Warranties & Disclaimers

We warrant we will perform services in a professional manner. Except as stated, services are provided “as is” without further warranty.

8. Limitation of Liability

Our liability is limited to fees paid in the prior 12 months. We are not liable for indirect or consequential damages.

9. Term & Termination

  • Pilot: 8-week term.

  • Subscription: Month-to-month or annual, as elected.

  • Termination upon 30 days’ notice or for material breach.

10. Governing Law

These Terms are governed by the laws of [Jurisdiction].

Terms & Conditions Link: http://terms.conditions.link

Trust

What we do
AceGuard generates regulator-aligned evidence (EU AI Act, DORA, NIS2) from your code and configs. We are not a law firm; we provide the documentation your counsel and auditors request.

Data access

  • GitHub OAuth (read-only) to repos you select.

  • Optional no-OAuth path (upload manifests/lockfiles).

  • We never write to your repos.

Processing & storage

  • Analysis runs in ephemeral containers; workspaces auto-deleted ≤ 7 days.

  • We store artifacts only (RoI CSV, model cards, SBOM) in a private Evidence Vault repo.

  • Default artifact retention: 30 days after project (longer if on subscription).

  • Early deletion on request within 5 business days.

Security controls

  • MFA & least-privilege; quarterly access reviews.

  • Encryption in transit (TLS 1.2+) and at rest.

  • Secrets in a managed vault; key rotation at least annually.

  • Logging & alerting on access anomalies.

Incident response

  • We notify you without undue delay upon a confirmed incident, sharing scope, timeline, and mitigations.

Sub-processors

  • Cloud hosting: Frankfurt

  • GitHub (OAuth)

  • (List any others here, with purpose and region)

Compliance mapping

  • DORA: Register of Information, incident taxonomy, testing calendar.

  • NIS2: incident templates (24h/72h/≤1 month), SBOM & supplier register.

  • EU AI Act: Annex IV tech docs (model cards, dataset sheets, oversight, PMM), transparency notices.

  • GDPR: DPA on request; SCCs for any extra-EEA transfers.

Contact & disclosure

  • Security: founder@aceguard.ai (ack within 2 business days)

  • Responsible disclosure: email us; we’ll coordinate a fix and credit if desired.

(This page is informational and not legal advice.)