a. Acuri acts as a controller (or "business" under U.S. state laws) for personal data we collect on our public website and for account, billing, security, and support operations.

b. Acuri acts as a processor/Business Associate for data our customers submit to the app ("Customer Data"), processing it only under our contract, Data Processing Addendum (DPA), and Business Associate Agreement (BAA), and solely on our customers' instructions. We do not use Customer Data for advertising or unrelated profiling.

a. Account and Billing (controller): name, work email, company, role, authentication identifiers (including SSO identifiers), subscription plan, invoices, and payment tokens handled by our PCI-compliant payments provider.

b. Service Operations (controller): app telemetry and audit logs, IP address, device/browser metadata, timestamps, feature usage, crash/diagnostic data, security events, and support communications (tickets, chat transcripts).

c. Customer Data (processor/BA): any data uploaded or transmitted by customers to the app (which may include PHI), processed strictly under our MSA/DPA/BAA.

Children: our Services are for business users and are not directed to children; we do not knowingly collect information from children.

a. Provide, operate, and secure the Services; prevent fraud and abuse; troubleshoot; and improve reliability and performance.

b. Manage accounts, subscriptions, billing, tax, and compliance.

c. Send operational notices (e.g., service changes, security alerts) and, where applicable, product updates to administrative users (you may opt out of non‑essential emails).

a. When we process protected health information (PHI), we do so only under an executed BAA and applicable HIPAA rules. PHI processed under a BAA is not used for advertising and is handled per the security, privacy, and breach‑notification requirements of HIPAA, our BAA, and applicable law.

a. App (e.g., app.acuri.ai): we use essential cookies only (authentication, security, session).

b. Public site (acuri.ai): we may use analytics to understand traffic and improve the site. We do not use cross‑site targeted advertising. You can control cookies through your browser settings. If we introduce non‑essential cookies that require consent, we will provide a consent banner and recognize Global Privacy Control (GPC) where required.

a. We do not sell or share personal information for cross‑context behavioral advertising. We disclose information only to:

a. We maintain safeguards appropriate to risk, including encryption in transit, SSO and least‑privilege access controls, audit logging, vulnerability management, and business continuity/disaster recovery. We maintain SOC 2 Type II controls and execute BAAs as required.

a. We retain personal data only as long as necessary for the purposes described or as required by our MSA/DPA/BAA, HIPAA, and other legal obligations. Upon contract termination or customer instruction, we delete or return Customer Data per the contract, subject to lawful holds and backup cycles.

a. We will update this Policy as needed and revise the Effective Date above. For material changes, we will provide a prominent notice (e.g., on the site or in‑product).

a. Acuri, Inc. Email: support@acuri.ai (privacy questions and rights requests)