Application Launcher

Acquia ID

Last revision of this Product Notice: October 5 2025

Prior version(s) of this Product Notice: No previous version

This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.

About the Product/Services

Acquia ID

For details about these Products, please refer to the Product Description available online at https://docs.acquia.com/guide.

Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☐ no
  - The optional features are deactivated by default: ☒ yes ☐ no ☐ n/a*
- Processing of sensitive Personal Data: ☐ yes ** ☐ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ** ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a*
- Processing via an AI tool available with the Product ☐ yes ☐ no ☒ n/a*
  - The AI feature is deactivated by default: ☐ yes ☐ no ☒ n/a*
  - The AI feature processes Personal Data: ☐ yes ☐ no ☒ n/a*
  - The AI feature processes sensitive Personal Data: ☐ yes ☐ no ☒ n/a*
  - The Customer can control what data the AI tool processes: ☐ yes ☐ no ☒ n/a*
  * (n/a = not applicable)
  ** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)

Details of Personal Data being processed

Categories of Personal Data	Categories of Data Subjects	Purpose of Processing	Categories of Data Recipients	Needed for Core Features	Processing Location	Acquia Inc. acts as Processor
Individual identifiers (e.g. name, email), contact details, account credentials, organization affiliation, usage and login data, online identifiers, and other information as configured by Customer.	End users holding Acquia ID accounts, such as site administrators, account owners, and users authenticated via the Acquia platform.	To enable secure authentication, account management, access control, audit trails, and support core platform services.	Designated Customer administrators; Acquia service providers and approved subprocessors.	Yes	United States (US-East, unless otherwise agreed)

Privacy Enhancements

Objective	Technology / Measure	Data at Rest	Data in Transit
Anonymization and Pseudonymization	Optional anonymization at customer level; pseudonymization in logs	Partial (individual account info excluded)	Partial (individual account info excluded)
Data confidentiality	Strict access controls; encryption at customer and Acquia levels	Yes	Yes
Encryption at Acquia Level	AES-256 (or equivalent) encryption of data and backups	Yes	Yes
Data integrity	Ant-tampering technology (see Security Annex)	Yes	Yes
Data Availability, Business Continuity, and Disaster Recovery

Certifications
- FedRAMP, PCI, ISO-SOC2
Data Subject Rights
Through the Product’s administration console and through the Customer’s own user profile, the Customer may manage, update, retrieve, and erase individual Personal Data.
(Personal) Data Retention Cycles
Acquia ID retains your personal data only for as long as necessary to support secure access, account management, and critical platform functions, or as required by law. When data is no longer needed, it is securely deleted or anonymized according to our retention policies. Audit logs and anonymized records may be kept longer to maintain platform integrity and compliance, but these cannot be used to identify you personally. For details or specific requests regarding your data retention, please contact Acquia Support.
Sub-Processing
The specific list of Acquia’s sub-processors is available from: http://www.acquia.com/about-us/legal/subprocessors.
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or changed sub-processors through the above website.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection ofthe security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.

Acquia ID

Last revision of this Product Notice: October 5 2025

Prior version(s) of this Product Notice: No previous version

This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.

About the Product/Services

Acquia ID

For details about these Products, please refer to the Product Description available online at https://docs.acquia.com/guide.

Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☐ no
  - The optional features are deactivated by default: ☒ yes ☐ no ☐ n/a*
- Processing of sensitive Personal Data: ☐ yes ** ☐ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ** ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a*
- Processing via an AI tool available with the Product ☐ yes ☐ no ☒ n/a*

Acquia ID

Last revision of this Product Notice: October 5 2025

Prior version(s) of this Product Notice: No previous version

This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.

About the Product/Services

Acquia ID

For details about these Products, please refer to the Product Description available online at https://docs.acquia.com/guide.

Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☐ no
  - The optional features are deactivated by default: ☒ yes ☐ no ☐ n/a*
- Processing of sensitive Personal Data: ☐ yes ** ☐ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ** ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a*
- Processing via an AI tool available with the Product ☐ yes ☐ no ☒ n/a*
  - The AI feature is deactivated by default: ☐ yes ☐ no ☒ n/a*
  - The AI feature processes Personal Data: ☐ yes ☐ no ☒ n/a*
  - The AI feature processes sensitive Personal Data: ☐ yes ☐ no ☒ n/a*
  - The Customer can control what data the AI tool processes: ☐ yes ☐ no ☒ n/a*
  * (n/a = not applicable)
  ** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)

Details of Personal Data being processed

Categories of Personal Data	Categories of Data Subjects	Purpose of Processing	Categories of Data Recipients	Needed for Core Features	Processing Location	Acquia Inc. acts as Processor
Individual identifiers (e.g. name, email), contact details, account credentials, organization affiliation, usage and login data, online identifiers, and other information as configured by Customer.	End users holding Acquia ID accounts, such as site administrators, account owners, and users authenticated via the Acquia platform.	To enable secure authentication, account management, access control, audit trails, and support core platform services.	Designated Customer administrators; Acquia service providers and approved subprocessors.	Yes	United States (US-East, unless otherwise agreed)

Privacy Enhancements

Objective	Technology / Measure	Data at Rest	Data in Transit
Anonymization and Pseudonymization	Optional anonymization at customer level; pseudonymization in logs	Partial (individual account info excluded)	Partial (individual account info excluded)
Data confidentiality	Strict access controls; encryption at customer and Acquia levels	Yes	Yes
Encryption at Acquia Level	AES-256 (or equivalent) encryption of data and backups	Yes	Yes
Data integrity	Ant-tampering technology (see Security Annex)	Yes	Yes
Data Availability, Business Continuity, and Disaster Recovery

Certifications
- FedRAMP, PCI, ISO-SOC2
Data Subject Rights
Through the Product’s administration console and through the Customer’s own user profile, the Customer may manage, update, retrieve, and erase individual Personal Data.
(Personal) Data Retention Cycles
Acquia ID retains your personal data only for as long as necessary to support secure access, account management, and critical platform functions, or as required by law. When data is no longer needed, it is securely deleted or anonymized according to our retention policies. Audit logs and anonymized records may be kept longer to maintain platform integrity and compliance, but these cannot be used to identify you personally. For details or specific requests regarding your data retention, please contact Acquia Support.
Sub-Processing
The specific list of Acquia’s sub-processors is available from: http://www.acquia.com/about-us/legal/subprocessors.
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or changed sub-processors through the above website.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection ofthe security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.

Details of Personal Data being processed

Categories of Personal Data	Categories of Data Subjects	Purpose of Processing	Categories of Data Recipients	Needed for Core Features	Processing Location	Acquia Inc. acts as Processor
Individual identifiers (e.g. name, email), contact details, account credentials, organization affiliation, usage and login data, online identifiers, and other information as configured by Customer.	End users holding Acquia ID accounts, such as site administrators, account owners, and users authenticated via the Acquia platform.	To enable secure authentication, account management, access control, audit trails, and support core platform services.	Designated Customer administrators; Acquia service providers and approved subprocessors.	Yes	United States (US-East, unless otherwise agreed)	Yes

Privacy Enhancements

Objective	Technology / Measure	Data at Rest	Data in Transit
Anonymization and Pseudonymization	Optional anonymization at customer level; pseudonymization in logs	Partial (individual account info excluded)	Partial (individual account info excluded)
Data confidentiality	Strict access controls; encryption at customer and Acquia levels	Yes	Yes
Encryption at Acquia Level	AES-256 (or equivalent) encryption of data and backups	Yes	Yes
Data integrity	Ant-tampering technology (see Security Annex)	Yes	Yes
Data Availability, Business Continuity, and Disaster Recovery	Proven business continuity and disaster recovery plans	Yes	n/a
Regular Testing & Evaluation of TOMs (Technical & Organizational Measures)	Ongoing security reviews, penetration testing, and process evaluations	Yes	n/a

(Personal) Data Retention Cycles

Acquia ID retains your personal data only for as long as necessary to support secure access, account management, and critical platform functions, or as required by law. When data is no longer needed, it is securely deleted or anonymized according to our retention policies. Audit logs and anonymized records may be kept longer to maintain platform integrity and compliance, but these cannot be used to identify you personally. For details or specific requests regarding your data retention, please contact Acquia Support.

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection ofthe security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.

Acquia ID

About the Product/Services

Processing Operation(s)

Details of Personal Data being processed

Privacy Enhancements

Certifications

Data Subject Rights

(Personal) Data Retention Cycles

Sub-Processing

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Acquia ID

About the Product/Services

Processing Operation(s)

Acquia ID

About the Product/Services

Processing Operation(s)

Details of Personal Data being processed

Privacy Enhancements

Certifications

Data Subject Rights

(Personal) Data Retention Cycles

Sub-Processing

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Details of Personal Data being processed

Privacy Enhancements

Certifications

Data Subject Rights

(Personal) Data Retention Cycles

Sub-Processing

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Did not find what you were looking for?

Did not find what you were looking for?

Acquia ID Product Privacy Notice

Acquia ID

About the Product/Services

Processing Operation(s)

Details of Personal Data being processed

Privacy Enhancements

Certifications

Data Subject Rights

(Personal) Data Retention Cycles

Sub-Processing

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Acquia ID Product Privacy Notice

Acquia ID

About the Product/Services

Processing Operation(s)

Acquia ID Product Privacy Notice

Acquia ID

About the Product/Services

Processing Operation(s)

Details of Personal Data being processed

Privacy Enhancements

Certifications

Data Subject Rights

(Personal) Data Retention Cycles

Sub-Processing

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Details of Personal Data being processed

Privacy Enhancements

Certifications

Data Subject Rights

(Personal) Data Retention Cycles

Sub-Processing

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Did not find what you were looking for?

Did not find what you were looking for?