---
title: "Content Optimization Product Privacy Notice"
date: "2026-05-07T20:17:32+00:00"
summary: "Understand how Acquia Content Optimization handles your data—privacy measures, retention, and compliance explained clearly."
image:
type: "page"
url: "/content-optimization/content-optimization-product-privacy-notice"
id: "5a8e1f96-b115-4fa2-9f5a-81969583aa63"
---

Acquia Content Optimization (powered by Conductor)
--------------------------------------------------

Last revision of this Product Notice: July 2, 2025  
Prior version(s) of this Product Notice: No prior version

This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.

### About the Product/Services

Acquia SEO, powered by Conductor, is a SaaS platform and a comprehensive SEO solution that offers a suite of features designed to enhance organic search visibility, improve content effectiveness, and drive conversions. Such features may include keyword research, content optimization, competitive intelligence, and rank tracking, thereby empowering businesses to make data-driven decisions and optimize their digital presence.

For details about these Products, please refer to the Product Description available online at  
https://docs.acquia.com/service-offerings/acquia-seo-powered-conductor-product-guide .

### 1\. Processing Operation(s)

The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.

*   Processing of Personal Data to deliver its core functionalities required: ☐ yes ☒ no
*   Optional features processing Personal Data: ☐ yes ☒ no
    *   The optional features are deactivated by default: ☐ yes ☐ no ☒ n/a\*
*   Processing of sensitive Personal Data: ☐ yes\*\* ☐no ☐ n/a\*
*   Profiling of individuals based on personal characteristics: ☐ yes \*\* ☒ no ☐ n/a\*
*   Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a\*
*   Processing via an AI tool available with the Product ☒ yes ☐ no
    *   The AI feature is deactivated by default: ☐ yes ☒ no
    *   The AI feature processes Personal Data: ☐ yes ☒ no
    *   The AI feature processes sensitive Personal Data ☐ yes ☒ no
    *   The Customer can control what data the AI tool processes: ☒ yes ☐ no

\* (n/a = not applicable)  
\*\* (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)

### 2\. Details of Personal Data being processed

Categories of Personal Data 

Categories of  
Data Subjects

Purpose of  
Processing

Categories  
of Data Recipients

Needed  
for Core  
Feature  
s

Proce  
ssing  
Locati  
on

Acquia  
Inc. acts  
as  
Processor

Website usage data (e.g., URLs  
visited, actions taken within the  
platform)

Users of the  
Acquia SEO  
platform

To enable the R&D team to improve the platform

Acquia Inc.  
and its  
sub-process  
ors

Yes

US

Yes

Search query data entered by users

Users of the  
Acquia SEO  
platform

To facilitate  
keyword  
research and  
competitive  
analysis

Acquia Inc.  
and its  
sub-process  
ors

Yes

US

Yes

Competitive intelligence data (data  
about competitor websites and  
performance)

Users of the  
Acquia SEO  
platform

To enable  
competitive  
research  
features in the  
platform

Acquia Inc.  
and its  
sub-process  
ors

Yes

US

Yes

User-specified keywords

Users of the  
Acquia SEO  
platform

To monitor and  
report on  
search engine  
rankings

Acquia Inc.  
and its  
sub-process  
ors

Yes

US

Yes

### 3\. Privacy Measures

Objective

Technology / Measure

Anonymization and Pseudonymization

Customers can limit collection of personal data (e.g., by anonymizing user IPs or avoiding entry of PII). Minimal personal data (e.g., names, emails) is collected for user access control only.

Data confidentiality

TLS encryption for data in transit, AES-256 encryption at rest, role-based access control (RBAC), strict access controls, and VPN/firewall policies

Data integrity

Checksums, audit logging, version control, secure deployment pipelines (CI/CD), automated test coverage, and secure software development lifecycle (SDLC).

Data availability including restoring availability, restoring  
access to personal data, and data resilience

Redundant storage, automated backups, disaster recovery plans (DRP), high availability (HA) architecture, and RPO/RTO testing

Regular testing, assessing and evaluating of TOMs

Annual ISO 27001 audits, SOC 2 Type II assessments, internal ISMS reviews, vulnerability scanning, red team exercises, and penetration testing

### 4\. Certifications

Conductor maintains ISO 27001:2022 and SOC 2 Type II

### 5\. Data Subject Rights

Customers may manage, update, retrieve, or request the erasure of individual Personal Data with the support of Acquia and Conductor, as applicable.

### 6\. Data Retention Cycles

Conductor retains Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected, including to provide the services, comply with legal obligations, resolve disputes, and enforce agreements. Data retention periods are defined in accordance with Conductor’s internal Data Retention Policy, and Customer data may be deleted or anonymized upon request or at the end of the contractual relationship, subject to applicable legal and regulatory requirements.

### 7\. Sub-Processing

The specific list of Acquia’s sub-processors is available from: www.acquia.com/about-us/legal/subprocessors. Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or changed sub-processors through the above website.

### 8\. Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached) 

Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.