Privacy Policy

1. Who We Are

AcquireOS is an AI-powered operating system for agency operators. For the purposes of this policy, "we", "us", and "AcquireOS" refer to AcquireOS, Inc. You can reach us at privacy@getacquireos.com.

2. What We Collect

Account & Billing

• Name, work email, agency name, timezone
• Stripe customer & subscription identifiers (we never store your full card number)
• Authentication metadata (Firebase Auth UID, session timestamps, IP at login)

Operational Data

• Campaigns, leads, conversations, clients, call logs, agent configurations
• Attribution events from the AcquireOS tracking pixel (email addresses are hashed with SHA-256 before storage)
• Usage metrics (AI tokens, voice minutes, workflow runs) for billing & product analytics

Support & Communication

• Support requests, Telegram Copilot chat history, survey responses

3. How We Use It

• To provide, operate, and improve the platform
• To authenticate you and secure your workspace
• To bill your subscription and meter overage
• To train our prompts and evaluations on aggregate, de-identified usage — never on identifiable end-client data
• To send transactional email (welcome, receipts, dunning, cancellation confirmation) — always essential, never marketing
• To comply with our legal obligations

4. Data Processing Role

When you upload data about your end clients and prospects, you are the data controller and AcquireOS is your data processor. Our Data Processing Addendum sets the terms of that relationship, including standard contractual clauses where applicable.

5. Who We Share With

We share data with sub-processors strictly as needed to run the service. Current key sub-processors include:

• Google Cloud / Firebase — primary database, auth, file storage, BigQuery analytics
• Cloudflare — edge workers & attribution pixel
• Stripe — payment processing & Stripe Connect
• OpenRouter / Anthropic / OpenAI — AI model inference (with zero-retention mode enabled where supported)
• Sendgrid — transactional email delivery
• Vapi, ElevenLabs — voice AI infrastructure
• GoHighLevel, Clay, Instantly, HeyReach — integrations you choose to connect

A complete, current list is available on request at privacy@getacquireos.com.

6. Security

• Data in transit is encrypted with TLS 1.2+.
• Data at rest is encrypted via the underlying cloud infrastructure (Google Cloud, Firebase).
• All secrets live in GCP Secret Manager; no secrets in code.
• Access to production is restricted via role-based access control and audit-logged.
• We run automated privacy checks (PII in logs, cross-tenant query leaks, missing workspace scoping) on every deploy.

7. Retention

We keep your workspace data for the life of your subscription. After cancellation, there is a 30-day read-only export window; after that, workspace data is permanently deleted within 60 days. Audit logs are retained for 13 months for security and compliance forensics.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Delete your data (GDPR Art. 17)
• Port your data to another service (GDPR Art. 20)
• Object to or restrict processing
• Lodge a complaint with your data protection authority

Exercise any of these via Settings → Export Data (for portability) or Settings → Danger Zone → Delete Workspace (for erasure). You can also email privacy@getacquireos.com and we will respond within 30 days.

9. International Transfers

AcquireOS is operated from the United States. If you access the service from outside the U.S., your data will be transferred to and processed in the U.S. under the Standard Contractual Clauses or equivalent transfer mechanism.

10. Children

AcquireOS is not directed at individuals under 18 and we do not knowingly collect data from minors.

11. Changes

We will notify you by email or in-app banner at least 14 days before any material change to this policy takes effect.

12. Contact

Privacy questions or rights requests: privacy@getacquireos.com.