Privacy Policy

Last updated: February 5, 2026

AcquityAI, Inc. (“AcquityAI,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the “Service”).

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service. We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, company name, billing address, and payment information.
  • Agency & Client Data: Information you provide about your agency, clients, brand kits, and campaigns, including brand guidelines, tone of voice preferences, target audiences, and competitive context.
  • Content: AI-generated content, uploaded assets, project notes, comments, approval records, and other materials you create or upload through the Service.
  • Communications: When you contact us for support or provide feedback, we collect the content of those communications.
  • Team Member Information: Names and email addresses of team members you invite to your agency workspace.

1.2 Information from Third-Party Integrations

When you connect third-party platforms (e.g., Google Ads, Meta Ads, Google Analytics, Shopify), we collect data from those platforms on your behalf, including:

  • Ad performance metrics (impressions, clicks, conversions, spend, ROAS)
  • Campaign and ad group configurations
  • Audience and demographic data
  • Revenue and transaction data from e-commerce platforms
  • Website analytics and traffic data

We access this data using OAuth tokens you authorize. We do not store your third-party passwords. OAuth credentials are encrypted at rest using AES-256-GCM encryption.

1.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, session duration, and interaction patterns.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies & Tracking: We use cookies, pixels, and similar technologies as described in Section 7.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including generating AI-powered content, analytics, and insights
  • Process transactions and send related billing information
  • Send service-related notifications, including alerts, insights, and approval requests
  • Respond to your requests, comments, and support inquiries
  • Analyze usage patterns to improve user experience and develop new features
  • Detect, prevent, and address security issues, fraud, and technical problems
  • Comply with legal obligations and enforce our Terms of Service

3. AI and Machine Learning

AcquityAI uses artificial intelligence to generate content, surface insights, detect anomalies, and provide recommendations. Important details about our AI practices:

  • Your data is not used to train foundation models. We do not use your agency data, client data, or generated content to train the underlying large language models we use (e.g., Claude, GPT-4).
  • Brand Kits are used only for your generations. The brand guidelines, tone of voice, and audience context you provide are used solely to improve content generation for your specific clients. They are not shared across accounts.
  • AI-generated content is your property. You retain full ownership of all content generated through the Service.
  • Aggregated, anonymized data may be used for improvements. We may use aggregated, de-identified usage patterns (e.g., which content formats are most popular) to improve the Service. This data cannot be linked back to you or your clients.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

  • Service Providers: We share information with third-party vendors who help us operate the Service, including cloud hosting (Vercel, Neon), payment processing (Stripe), authentication (Clerk), email delivery, and analytics providers. These providers are contractually bound to use your data only as necessary to provide their services to us.
  • AI Model Providers: When you generate content, prompts and brand context are sent to AI model providers (Anthropic, OpenAI) to generate outputs. These providers process data according to their API terms and do not use API inputs to train their models.
  • Client Portal Users: If you use the Client Portal feature, designated client contacts will see only the information you choose to share (e.g., performance dashboards, content for approval, project progress). Internal notes, time entries, and margin data are never exposed.
  • With Your Consent: We may share information when you direct us to, such as connecting a new integration or inviting a team member.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of AcquityAI, our users, or the public.
  • Business Transfers: If AcquityAI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

  • Active accounts: We retain your data for as long as your account is active or as needed to provide the Service.
  • After cancellation: When you cancel your subscription, we retain your data for 30 days to allow for reactivation. After 30 days, your data is queued for deletion and permanently removed within 90 days.
  • Third-party integration data: Metrics and performance data synced from connected platforms are retained for the duration of your subscription. You can disconnect an integration at any time, which stops future syncing but does not delete historical data unless you explicitly request it.
  • Backups: Deleted data may persist in encrypted backups for up to 30 additional days before being permanently purged.
  • Legal obligations: We may retain certain information longer if required by law (e.g., billing records, tax documentation).

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
  • Encryption at rest: Sensitive data, including OAuth credentials and API keys, is encrypted using AES-256-GCM at rest.
  • Infrastructure: Our infrastructure is hosted on SOC 2-compliant platforms with automatic failover, redundancy, and continuous monitoring.
  • Access controls: We enforce role-based access controls internally. Employee access to customer data is limited to what is necessary for support and operations.
  • Multi-tenancy isolation: All database queries are scoped by agency ID, ensuring strict data isolation between accounts.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a security breach, we will notify affected users within 72 hours as required by applicable law.

7. Cookies and Tracking Technologies

We use the following types of cookies:

TypePurposeDuration
EssentialAuthentication, security, core functionalitySession / 1 year
FunctionalPreferences, language settings, UI state1 year
AnalyticsUsage patterns, feature adoption, error tracking1 year
MarketingConversion tracking, ad attribution (marketing site only)90 days

You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of the Service.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@acquity.ai. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information
  • The right to non-discrimination for exercising your privacy rights

We do not sell personal information. To submit a CCPA request, email privacy@acquity.ai with the subject line “CCPA Request.”

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:

  • Legal basis: We process your data based on contract performance (to provide the Service), legitimate interests (to improve our products and prevent fraud), consent (for marketing communications), and legal obligations.
  • International transfers: Your data may be transferred to and processed in the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard such transfers.
  • Data Protection Officer: You may contact our DPO at dpo@acquity.ai.
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@acquity.ai and we will take steps to delete such information.

12. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you connect to or visit through the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address associated with your account) or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Terms of Service →Back to home