Privacy. Plain English.

1. What we collect

When you submit the contact form or request an estimate, we receive: name, company, email, optional phone, optional city, optional website URL, and the scope/notes you write. Nothing else.

If you visit the site, our hosting provider (Vercel) logs the standard request metadata: IP, user-agent, path, timestamp, status code. Logs are retained 30 days for operational purposes.

2. Why we collect it

To reply to your message, send your estimate, scope your engagement, and operate the site (uptime, security, abuse prevention). That's the entire list.

3. Who we share it with

Nobody, unless one of these applies: (a) you're an active engagement and a sub-processor needs scoped access (e.g., transactional email provider, payment processor, hosting), (b) we're legally compelled by a valid subpoena or court order, (c) you ask us to.

We never sell, rent, or trade contact data. We never put your email on a newsletter without an explicit opt-in.

4. How long we keep it

Contact + estimate-request data: up to 24 months from your last interaction. Active client data: for the lifetime of the engagement plus 7 years (US tax/audit retention). You can request deletion sooner — see §6.

5. Cookies and tracking

The marketing site uses one HttpOnly authentication cookie (only on /admin and /control-panel routes, only after you log in). The public pages set zero tracking cookies and do not run third-party analytics by default.

If we add Vercel Analytics or AdSense in the future, we will update this page and disclose the categories of cookies before they load.

6. Your rights

Email hello@acumenpowered-ai.com with the subject "Privacy request" to:

• See exactly what we have on file for you (data access)
• Correct anything that's wrong (data rectification)
• Have it deleted (right to erasure, where not legally required to retain)
• Receive a portable export (data portability)

We respond within 14 days. If you're an EU/UK resident, GDPR applies. If you're in California, CCPA/CPRA applies. We honor both.

7. Security

Data in transit: TLS 1.2+. Data at rest: encrypted by our hosting providers (Vercel, Resend, Stripe — only those three at present). Authentication cookies: HttpOnly, Secure (in production), SameSite=Lax, JWT-signed, 8-hour TTL. We follow our internal Backup & Recovery Standard (RPO ≤ 24h, off-site, encrypted, monthly drill).

8. Children

This site is not directed at children under 16. We do not knowingly collect data from minors.

9. Changes

If we update this policy materially, we'll change the "Last updated" date above and, where you're an active customer, email you. Continued use after a change means you accept the updated terms.

10. Contact

hello@acumenpowered-ai.com — privacy questions go to the same inbox as everything else. Mr. K answers it personally.