Acquia Source powered by Drupal CMS ("Acquia Source") is an enterprise-grade SaaS platform that empowers site builders to build, launch, and manage modern digital experiences faster. Combining the flexibility of Drupal, Acquia’s security, and AI-powered content creation, it streamlines project delivery and reduces technical overhead. With a shared responsibility, partially managed platform, integrated optimization tools, and reusable site components, users can accelerate site launches, operate efficiently, and offer clients secure, scalable solutions—without the complexity of traditional CMS management.
1. Product and Subscription Tiers
Acquia Source Standard Entitlements
Sites
Up to 3
Views
250,000 per month
Automated backup retention
90 days
Revision history extension
90 days
DB and file system storage
25GB DB and 25GB of FS storage
AI tokens
18M tokens* per site per year
Uptime
99.95%
Search
85k searches per month and 85k records
AI tokens are an estimate representative of an allowed annual spend limit. This estimate assumes the use of 1 input token for every 2 output tokens consumed.
Optional Add-Ons
Additional Views per month
Additional AI tokens
Additional storage (database or filesystem)
2. Features and Functionality
Acquia Source integrates seamlessly with Acquia's Digital Experience Platform and supports various third-party integrations to extend its capabilities.
AI-powered Content Generation: Create content using AI to speed up content creation processes.
Visual Page Builder: Design and customize pages without code using Drupal Canvas's drag-and-drop interface.
Team Management: Central user management across multiple sites with role-based permissions.
Content Types and Fields: Flexible content modeling capabilities for structured content.
Media Management: Centralized management of images, videos, and documents.
Responsive Design: Ensure content displays properly across all devices.
Accessibility Scans: Identify and resolve accessibility compliance issues.
Site Management
Sites Dashboard: Central interface for managing all sites and controlling access.
Domain Management: Configure custom domains and SSL for sites.
Backup and Restore: Automated daily backups and restore functionality.
Team Assignment: Assign teams to sites for efficient access management.
Site Template: Create new sites quickly using a pre-configured template.
Enterprise Capabilities
Global CDN: Fast content delivery worldwide.
Security: Enterprise-grade security without maintenance burden.
APIs: Headless content delivery for cross-channel experiences.
High Availability: 99.95% uptime guarantee.
Scalability: Handle traffic spikes automatically.
Headless CMS capabilities
Acquia Source can be used as a headless CMS to deliver content to:
Custom Frontend Applications: JavaScript frameworks like React, Angular, or Vue
Mobile Applications: Native mobile apps for iOS or Android
IoT Devices: Content delivery to Internet of Things devices
Digital Signage: Display content on digital signs
2.1 Modules and Integrations
Acquia Source includes native integrations with the following Acquia products and services:
Acquia Optimize: Tools for content optimization and accessibility compliance.
AI content creation: AI tools that allow users to accelerate content creation.
AI Copilot: AI-powered helper that allows users to get answers to their questions in the user interface.
Acquia Search powered by SearchStax: Incorporates advanced search functions into Acquia Source sites.
2.1.1 Extendable functionality
Acquia Source provides several mechanisms for extending its functionality:
Custom Components: Create custom components for display in Drupal Canvas.
APIs: Read and write content using API for headless delivery.
Webhooks: Trigger events and reactions using webhooks.
2.1.2 Key AI-Powered Capabilities and Access
Acquia Source customers can utilize AI-powered content and component generation as a core feature to accelerate their build processes.
Acquia reserves the right to update or change the LLM being used at any point providing there is continuity of service.
2.1.3 Secure Login with Acquia ID
Acquia Source supports phishing-resistant multi-factor authentication (MFA) for Acquia ID logins. This feature supports FIDO2 (WebAuthn) authenticators, such as security keys (like YubiKey) and biometric methods (like fingerprint or facial recognition).
AI entitlements are made up of both input and output tokens. Acquia reserves the right to increase or decrease the tokens available. Any changes will be communicated before being made. AI tokens are shared across all Sites within a subscription. You can purchase an entitlement for additional tokens through your Account Manager.
4. Protection Against Abuse
Acquia takes measures to protect against abuse including but not limited to limiting usage based on AI tokens and other real time failure tracking. Acquia reserves the right to add additional protections against abuse.
The Customer represents that it will not place excessive burdens on the Acquia Source platform’s CPUs, servers, or other resources, including customer support services. Acquia reserves the right to enforce (i) per-View resource limits on Customer sites, which may include maximum memory (including any configurable memory allocations), CPU, data transfer/bandwidth, and/or IOPS and (ii) maximum use limits on Customer application background processes, which may include frequency of scheduled processes and resources per scheduled process.
5. User Liability for AI-Created Content
Acquia Source provides AI-powered content generation as a tool to assist in speeding up build processes. While Acquia will make every effort to ensure that the output from the AI tools is accurate, it is the sole responsibility of the contracted party to check for legal compliance and suitability of the content before it is published on the platform.
6. Limitations and Implications
As a Software-as-a-Service (SaaS) offering, Acquia Source has certain limitations and usage implications of which customers should be aware.
Customers cannot access or modify the underlying Drupal code.
No direct server access is provided.
Customers cannot install contributed modules from Drupal.org.
Customization is limited to what can be done through the web interface, provided CLI tools, and APIs.
Regional Availability
Acquia Source sites are hosted in the US East and EU Central regions.
Acquia Source’s AI backend (the "Acquia Source AI Functionality") is hosted only in the US East region and as a result any Customer election regarding hosting and data center location for Acquia Source, other than in US East, shall not apply to Acquia Source AI Functionality.
Multi-region failover is not available for Acquia Source.
Site Export
Customers have the option to export their Acquia Source site as a custom Drupal application. When exporting:
The Customer takes responsibility for maintaining the exported code, database, and file assets.
Exported code is subject to licensing (e.g., GPLv2).
Acquia withholds the right to make changes to the exported site to protect intellectual property.
Acquia will support the exported site as custom code under the standard support policy.
Integrations with DXP products require separate licensing (such as a purchased subscription).
7. Service Level Agreement (SLA).
7.1 Service Commitment
Acquia will use commercially reasonable efforts to make Acquia Source available for 99.95% during any calendar month during the applicable Subscription Term (the “Service Level Commitment”, as applicable).
7.2 Definitions
Availability will be calculated per calendar month, as follows*:
where:
total means the total number of minutes for the calendar month.
non-excluded means the downtime/unavailability that is not excluded.
excluded means the Service Commitment exclusions defined below.
* The formula changes as applicable to the uptime SLA purchased by the customer.
Unavailability means that Acquia Source is unresponsive or responds with an error.
7.3 Service extension
If and to the extent Acquia fails to meet the applicable Service Level Commitment or a calendar month, for each one-half hour of unavailability Customer will receive a one-day extension of their Subscription (each a “Service Extension”); provided (i) Customer informs Acquia within fifteen days of the purported outage providing a full description of the service interruption, including logs if applicable, and (ii) requests a Service Extension in writing (email acceptable). When Customer entitlement to a Service Extension is confirmed by Acquia in writing (through email or support ticket), Acquia will apply such Service Extension to the end of the then-current applicable Subscription Term. If Customer has accumulated Service Extensions during two consecutive months or three months in any six-month period, Customer may terminate the applicable Order upon seven days advance written notice to Acquia. In the event of an unavailability of Acquia Source that is directly attributable to flaws in Customer’s environment (including customer's code) where, despite reasonable notification from Acquia that such flaws are adversely impacting availability and Customer fails to correct such flaws, then Acquia may terminate the applicable Order upon 30-days written notice to Customer. The Service Extension and termination rights constitute Customer’s exclusive remedy and Acquia’s sole liability and obligation for any failure to maintain the Service Level Commitment.
7.4 Service commitment exclusions
The Service Commitment does not apply to any unavailability, outage, suspension, or termination of:
any performance issues that are caused by factors outside of Acquia’s reasonable control, including any force majeure event, network intrusions, or denial of service attacks;
any outages that result from any actions or inactions of Customer or any third parties engaged by Customer, missing Customer Data, errors caused by Customer code or custom configuration errors, or usage capacity in excess of the Customer purchased amount;
any outages caused by programming errors in Customer’s code
any outages lasting less than one minute but no more than three such outages in a 24 hour period;
any outages related to emergency maintenance to Customer’s website(s) (for example, to install security fixes);
any outages related to the dev or staging environment;
any outages resulting from scheduled maintenance (typically 11 PM to 7 AM at the data center location identified on Customer’s Order), if Acquia notified Customer 48 hours prior to the commencement of the maintenance work (there will be no more than two hours of scheduled maintenance downtime per calendar year);
unavailability that relates to any malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code in the website that (1) was not introduced by Acquia or (2) was not introduced as a result of Acquia’s failure to perform the Services in compliance with the standard included herein or in the Subscription and Services Agreement;
acts or omissions caused by Customer’s CDN.
In addition, unavailability of some specific features or functions within the website while other features remain available will not constitute Unavailability of the website, so long as the unavailable features or functions are not, in the aggregate, material to the website.
In the event of any outages described above, Acquia will use commercially reasonable efforts to minimize any disruption, inaccessibility and/or inoperability of the website in connection with outages, whether scheduled or not. Such efforts will include instances in another Availability Zone if available.
7.5 Maintenance windows
System maintenance and downtime
Acquia is committed to delivering industry-leading, reliable hosting services. Acquia’s policy regarding changes and updates to infrastructure in use by subscribers is to make the changes with as little subscriber impact as possible. Delivering these services requires, on occasion, system maintenance.
Acquia Source is built on Acquia Cloud Platform. The Cloud Platform Enterprise 99.95% SLA applies to unscheduled downtime and does not include scheduled maintenance downtime.
Scheduled maintenance
Acquia Cloud Platform Enterprise high availability cloud architecture ensures the vast majority of system maintenance takes place without impact to services.
Acquia notifies subscribers at least 48 hours in advance of a scheduled system maintenance that carries a risk of website downtime. This maintenance is scheduled from 11:00 PM (23:00) to 7:00 AM (07:00) local time for the application’s service region.
Emergency maintenance
From time to time, a website or infrastructure emergency may require immediate maintenance. Acquia reserves the right to perform emergency maintenance to correct website problems, address critical security issues, and respond to critical alerts. Reasonable efforts will be made to avoid website downtime.
Customer requested maintenance
Acquia Support will implement customer-requested changes that carry a risk of outage at a time mutually agreeable to the customer and Acquia.
8. Support Scope
Acquia ensures application availability and provides unlimited support for infrastructure issues that impact application availability or functionality as outlined in the documentation. Acquia will also address how-to and best-practice questions to assist customers in obtaining the most value from the product.
Acquia offers guidance for custom code in the user documentation. Acquia will not troubleshoot custom code unless the customer is seeing unexpected behavior. When customers are seeing unexpected behavior, Acquia will make reasonable efforts to troubleshoot in collaboration with the customer. Additionally, Acquia provides guidance for creating and publishing content in the user documentation. Acquia will not troubleshoot creating and publishing content, unless the customer is seeing unexpected behavior. When customers are seeing unexpected behavior related to creating and publishing content, Acquia will make reasonable efforts to troubleshoot in collaboration with the customer.
9. Data Security
9.1 Data Retention Policy
Acquia Source leverages Acquia Cloud. The Cloud Platform will make hourly internal disaster recovery snapshots of Customer Data. Acquia will retain these snapshots on a diminishing schedule for three months. These backups will be used to restore Customer website(s) at another location within the same Region in the event of a total data center loss or a loss of multiple disk systems. Acquia will not provide Customer access to these snapshots.
9.2 Data Portability
Upon request made by Customer within 7 days of termination or expiration of the Subscription Services, Acquia will make Customer Data and Customer Sites available to Customer for export or download. At the end of such a 7-day period, Acquia will delete or otherwise render inaccessible any Customer Data and Customer Sites, unless legally prohibited. Acquia has no obligation to retain the Customer Data for Customer purposes after this 7-day post termination period. Acquia withholds the right to modify the exported site to protect intellectual property.
10. Acquia Labs
Acquia Source may include experimental features and capabilities that are made available to you for the purposes of evaluation and feedback. These are clearly labelled as “beta”, “Acquia Labs”, “non-GA”, “pilot”, or “developer preview " in the interface. THESE SERVICES ARE NOT CONSIDERED "SERVICES" HEREUNDER AND ARE PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTY AND ACQUIA SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE TRIAL SERVICES.
11. Source Shared Responsibility Model
Security and compliance for Acquia Source is a shared responsibility between Acquia, our infrastructure providers (such as AWS), and our customers. Acquia Source provides a secure, scalable platform where customers can operate their unique sites through data model architectural patterns. Additional information regarding the Shared Responsibility Model may be found in Acquia’s Security Annex. To the extent of a discrepancy between this Product and Services Guide and the Security Annex as to the Shared Responsibility Model, this Product and Services Guide shall control.
11.1 Responsibilities of Acquia
Acquia is responsible for:
Design, security, and maintenance of the platform codebase, including the foundational data model and core application logic.
Maintaining security controls over the platform infrastructure, application environment, and underlying services (including operating system, application servers, and core services).
Continuous monitoring and patching of platform components, addressing vulnerabilities, and responding to emerging threats.
Developing and enforcing secure coding practices, ensuring the integrity of the codebase and data models.
Providing documentation, tools, and support to enable customers to secure the data and sites they create and manage within the platform.
11.2 Responsibilities of Customers
Customers are responsible for:
Managing the data for each site they create and operate, including data collection, storage, and compliance with legal/regulatory obligations specific to their sites.
Ensuring data security and privacy at the site level, including setting site-specific access controls and user permissions.
Adhering to secure data management and content practices within each site.
Conducting periodic reviews of site content, user roles, and data handling processes to ensure ongoing compliance and security.
Reporting issues or vulnerabilities related to their sites promptly to Acquia, and participating in incident response activities as required.
11.3 Responsibilities of Infrastructure Providers (such as AWS)
Infrastructure providers supply the physical hardware, network, and foundational cloud services. They are responsible for:
Physical security of data centers.
Availability and resilience of the core infrastructure.
Ensuring no access to the application’s codebase or customer/site-specific data. Personnel from infrastructure providers cannot access Acquia's codebase or the data managed by customers within their sites.
Document ChangeLog
Date
Update
December 2, 2025
Updated section 2.1 to include integration with Acquia Search powered by SearchStax.
November 6, 2025
Added section on secure login with AcquiaID. Improved numbering for clarity.
October 30, 2025
Updated details about automatic backups and restore functionality in section 2.
September 11, 2025
Adjusted details related to views, automated backups and retention, storage capacity, removed bandwidth constraint, search, and AI tokens. Clarified optional add-ons, protections against abuse, and regional availability. Changed the name of the "Experience Builder" feature to "Drupal Canvas".
Acquia Source powered by Drupal CMS ("Acquia Source") is an enterprise-grade SaaS platform that empowers site builders to build, launch, and manage modern digital experiences faster. Combining the flexibility of Drupal, Acquia’s security, and AI-powered content creation, it streamlines project delivery and reduces technical overhead. With a shared responsibility, partially managed platform, integrated optimization tools, and reusable site components, users can accelerate site launches, operate efficiently, and offer clients secure, scalable solutions—without the complexity of traditional CMS management.
1. Product and Subscription Tiers
Acquia Source Standard Entitlements
Sites
Up to 3
Views
250,000 per month
Automated backup retention
90 days
Revision history extension
90 days
DB and file system storage
25GB DB and 25GB of FS storage
AI tokens
18M tokens* per site per year
Uptime
99.95%
Search
85k searches per month and 85k records
AI tokens are an estimate representative of an allowed annual spend limit. This estimate assumes the use of 1 input token for every 2 output tokens consumed.
Optional Add-Ons
Additional Views per month
Additional AI tokens
Additional storage (database or filesystem)
2. Features and Functionality
Acquia Source integrates seamlessly with Acquia's Digital Experience Platform and supports various third-party integrations to extend its capabilities.
AI-powered Content Generation: Create content using AI to speed up content creation processes.
Visual Page Builder: Design and customize pages without code using Drupal Canvas's drag-and-drop interface.
Team Management: Central user management across multiple sites with role-based permissions.
Content Types and Fields: Flexible content modeling capabilities for structured content.
Media Management: Centralized management of images, videos, and documents.
Responsive Design: Ensure content displays properly across all devices.
Accessibility Scans: Identify and resolve accessibility compliance issues.
Site Management
Sites Dashboard: Central interface for managing all sites and controlling access.
Domain Management: Configure custom domains and SSL for sites.
Backup and Restore: Automated daily backups and restore functionality.
Team Assignment: Assign teams to sites for efficient access management.
Site Template: Create new sites quickly using a pre-configured template.
Enterprise Capabilities
Global CDN: Fast content delivery worldwide.
Security: Enterprise-grade security without maintenance burden.
APIs: Headless content delivery for cross-channel experiences.
High Availability: 99.95% uptime guarantee.
Scalability: Handle traffic spikes automatically.
Headless CMS capabilities
Acquia Source can be used as a headless CMS to deliver content to:
Custom Frontend Applications: JavaScript frameworks like React, Angular, or Vue
Mobile Applications: Native mobile apps for iOS or Android
IoT Devices: Content delivery to Internet of Things devices
Digital Signage: Display content on digital signs
2.1 Modules and Integrations
Acquia Source includes native integrations with the following Acquia products and services:
Acquia Optimize: Tools for content optimization and accessibility compliance.
AI content creation: AI tools that allow users to accelerate content creation.
AI Copilot: AI-powered helper that allows users to get answers to their questions in the user interface.
Acquia Search powered by SearchStax: Incorporates advanced search functions into Acquia Source sites.
2.1.1 Extendable functionality
Acquia Source provides several mechanisms for extending its functionality:
Custom Components: Create custom components for display in Drupal Canvas.
APIs: Read and write content using API for headless delivery.
Webhooks: Trigger events and reactions using webhooks.
2.1.2 Key AI-Powered Capabilities and Access
Acquia Source customers can utilize AI-powered content and component generation as a core feature to accelerate their build processes.
Acquia reserves the right to update or change the LLM being used at any point providing there is continuity of service.
2.1.3 Secure Login with Acquia ID
Acquia Source supports phishing-resistant multi-factor authentication (MFA) for Acquia ID logins. This feature supports FIDO2 (WebAuthn) authenticators, such as security keys (like YubiKey) and biometric methods (like fingerprint or facial recognition).
AI entitlements are made up of both input and output tokens. Acquia reserves the right to increase or decrease the tokens available. Any changes will be communicated before being made. AI tokens are shared across all Sites within a subscription. You can purchase an entitlement for additional tokens through your Account Manager.
4. Protection Against Abuse
Acquia takes measures to protect against abuse including but not limited to limiting usage based on AI tokens and other real time failure tracking. Acquia reserves the right to add additional protections against abuse.
The Customer represents that it will not place excessive burdens on the Acquia Source platform’s CPUs, servers, or other resources, including customer support services. Acquia reserves the right to enforce (i) per-View resource limits on Customer sites, which may include maximum memory (including any configurable memory allocations), CPU, data transfer/bandwidth, and/or IOPS and (ii) maximum use limits on Customer application background processes, which may include frequency of scheduled processes and resources per scheduled process.
5. User Liability for AI-Created Content
Acquia Source provides AI-powered content generation as a tool to assist in speeding up build processes. While Acquia will make every effort to ensure that the output from the AI tools is accurate, it is the sole responsibility of the contracted party to check for legal compliance and suitability of the content before it is published on the platform.
6. Limitations and Implications
As a Software-as-a-Service (SaaS) offering, Acquia Source has certain limitations and usage implications of which customers should be aware.
Customers cannot access or modify the underlying Drupal code.
No direct server access is provided.
Customers cannot install contributed modules from Drupal.org.
Customization is limited to what can be done through the web interface, provided CLI tools, and APIs.
Regional Availability
Acquia Source sites are hosted in the US East and EU Central regions.
Acquia Source’s AI backend (the "Acquia Source AI Functionality") is hosted only in the US East region and as a result any Customer election regarding hosting and data center location for Acquia Source, other than in US East, shall not apply to Acquia Source AI Functionality.
Multi-region failover is not available for Acquia Source.
Site Export
Customers have the option to export their Acquia Source site as a custom Drupal application. When exporting:
The Customer takes responsibility for maintaining the exported code, database, and file assets.
Exported code is subject to licensing (e.g., GPLv2).
Acquia withholds the right to make changes to the exported site to protect intellectual property.
Acquia will support the exported site as custom code under the standard support policy.
Integrations with DXP products require separate licensing (such as a purchased subscription).
7. Service Level Agreement (SLA).
7.1 Service Commitment
Acquia will use commercially reasonable efforts to make Acquia Source available for 99.95% during any calendar month during the applicable Subscription Term (the “Service Level Commitment”, as applicable).
7.2 Definitions
Availability will be calculated per calendar month, as follows*:
where:
total means the total number of minutes for the calendar month.
non-excluded means the downtime/unavailability that is not excluded.
excluded means the Service Commitment exclusions defined below.
* The formula changes as applicable to the uptime SLA purchased by the customer.
Unavailability means that Acquia Source is unresponsive or responds with an error.
7.3 Service extension
If and to the extent Acquia fails to meet the applicable Service Level Commitment or a calendar month, for each one-half hour of unavailability Customer will receive a one-day extension of their Subscription (each a “Service Extension”); provided (i) Customer informs Acquia within fifteen days of the purported outage providing a full description of the service interruption, including logs if applicable, and (ii) requests a Service Extension in writing (email acceptable). When Customer entitlement to a Service Extension is confirmed by Acquia in writing (through email or support ticket), Acquia will apply such Service Extension to the end of the then-current applicable Subscription Term. If Customer has accumulated Service Extensions during two consecutive months or three months in any six-month period, Customer may terminate the applicable Order upon seven days advance written notice to Acquia. In the event of an unavailability of Acquia Source that is directly attributable to flaws in Customer’s environment (including customer's code) where, despite reasonable notification from Acquia that such flaws are adversely impacting availability and Customer fails to correct such flaws, then Acquia may terminate the applicable Order upon 30-days written notice to Customer. The Service Extension and termination rights constitute Customer’s exclusive remedy and Acquia’s sole liability and obligation for any failure to maintain the Service Level Commitment.
7.4 Service commitment exclusions
The Service Commitment does not apply to any unavailability, outage, suspension, or termination of:
any performance issues that are caused by factors outside of Acquia’s reasonable control, including any force majeure event, network intrusions, or denial of service attacks;
any outages that result from any actions or inactions of Customer or any third parties engaged by Customer, missing Customer Data, errors caused by Customer code or custom configuration errors, or usage capacity in excess of the Customer purchased amount;
any outages caused by programming errors in Customer’s code
any outages lasting less than one minute but no more than three such outages in a 24 hour period;
any outages related to emergency maintenance to Customer’s website(s) (for example, to install security fixes);
any outages related to the dev or staging environment;
any outages resulting from scheduled maintenance (typically 11 PM to 7 AM at the data center location identified on Customer’s Order), if Acquia notified Customer 48 hours prior to the commencement of the maintenance work (there will be no more than two hours of scheduled maintenance downtime per calendar year);
unavailability that relates to any malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code in the website that (1) was not introduced by Acquia or (2) was not introduced as a result of Acquia’s failure to perform the Services in compliance with the standard included herein or in the Subscription and Services Agreement;
acts or omissions caused by Customer’s CDN.
In addition, unavailability of some specific features or functions within the website while other features remain available will not constitute Unavailability of the website, so long as the unavailable features or functions are not, in the aggregate, material to the website.
In the event of any outages described above, Acquia will use commercially reasonable efforts to minimize any disruption, inaccessibility and/or inoperability of the website in connection with outages, whether scheduled or not. Such efforts will include instances in another Availability Zone if available.
7.5 Maintenance windows
System maintenance and downtime
Acquia is committed to delivering industry-leading, reliable hosting services. Acquia’s policy regarding changes and updates to infrastructure in use by subscribers is to make the changes with as little subscriber impact as possible. Delivering these services requires, on occasion, system maintenance.
Acquia Source is built on Acquia Cloud Platform. The Cloud Platform Enterprise 99.95% SLA applies to unscheduled downtime and does not include scheduled maintenance downtime.
Scheduled maintenance
Acquia Cloud Platform Enterprise high availability cloud architecture ensures the vast majority of system maintenance takes place without impact to services.
Acquia notifies subscribers at least 48 hours in advance of a scheduled system maintenance that carries a risk of website downtime. This maintenance is scheduled from 11:00 PM (23:00) to 7:00 AM (07:00) local time for the application’s service region.
Emergency maintenance
From time to time, a website or infrastructure emergency may require immediate maintenance. Acquia reserves the right to perform emergency maintenance to correct website problems, address critical security issues, and respond to critical alerts. Reasonable efforts will be made to avoid website downtime.
Customer requested maintenance
Acquia Support will implement customer-requested changes that carry a risk of outage at a time mutually agreeable to the customer and Acquia.
8. Support Scope
Acquia ensures application availability and provides unlimited support for infrastructure issues that impact application availability or functionality as outlined in the documentation. Acquia will also address how-to and best-practice questions to assist customers in obtaining the most value from the product.
Acquia offers guidance for custom code in the user documentation. Acquia will not troubleshoot custom code unless the customer is seeing unexpected behavior. When customers are seeing unexpected behavior, Acquia will make reasonable efforts to troubleshoot in collaboration with the customer. Additionally, Acquia provides guidance for creating and publishing content in the user documentation. Acquia will not troubleshoot creating and publishing content, unless the customer is seeing unexpected behavior. When customers are seeing unexpected behavior related to creating and publishing content, Acquia will make reasonable efforts to troubleshoot in collaboration with the customer.
9. Data Security
9.1 Data Retention Policy
Acquia Source leverages Acquia Cloud. The Cloud Platform will make hourly internal disaster recovery snapshots of Customer Data. Acquia will retain these snapshots on a diminishing schedule for three months. These backups will be used to restore Customer website(s) at another location within the same Region in the event of a total data center loss or a loss of multiple disk systems. Acquia will not provide Customer access to these snapshots.
9.2 Data Portability
Upon request made by Customer within 7 days of termination or expiration of the Subscription Services, Acquia will make Customer Data and Customer Sites available to Customer for export or download. At the end of such a 7-day period, Acquia will delete or otherwise render inaccessible any Customer Data and Customer Sites, unless legally prohibited. Acquia has no obligation to retain the Customer Data for Customer purposes after this 7-day post termination period. Acquia withholds the right to modify the exported site to protect intellectual property.
10. Acquia Labs
Acquia Source may include experimental features and capabilities that are made available to you for the purposes of evaluation and feedback. These are clearly labelled as “beta”, “Acquia Labs”, “non-GA”, “pilot”, or “developer preview " in the interface. THESE SERVICES ARE NOT CONSIDERED "SERVICES" HEREUNDER AND ARE PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTY AND ACQUIA SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE TRIAL SERVICES.
11. Source Shared Responsibility Model
Security and compliance for Acquia Source is a shared responsibility between Acquia, our infrastructure providers (such as AWS), and our customers. Acquia Source provides a secure, scalable platform where customers can operate their unique sites through data model architectural patterns. Additional information regarding the Shared Responsibility Model may be found in Acquia’s Security Annex. To the extent of a discrepancy between this Product and Services Guide and the Security Annex as to the Shared Responsibility Model, this Product and Services Guide shall control.
11.1 Responsibilities of Acquia
Acquia is responsible for:
Design, security, and maintenance of the platform codebase, including the foundational data model and core application logic.
Maintaining security controls over the platform infrastructure, application environment, and underlying services (including operating system, application servers, and core services).
Continuous monitoring and patching of platform components, addressing vulnerabilities, and responding to emerging threats.
Developing and enforcing secure coding practices, ensuring the integrity of the codebase and data models.
Providing documentation, tools, and support to enable customers to secure the data and sites they create and manage within the platform.
11.2 Responsibilities of Customers
Customers are responsible for:
Managing the data for each site they create and operate, including data collection, storage, and compliance with legal/regulatory obligations specific to their sites.
Ensuring data security and privacy at the site level, including setting site-specific access controls and user permissions.
Adhering to secure data management and content practices within each site.
Conducting periodic reviews of site content, user roles, and data handling processes to ensure ongoing compliance and security.
Reporting issues or vulnerabilities related to their sites promptly to Acquia, and participating in incident response activities as required.
11.3 Responsibilities of Infrastructure Providers (such as AWS)
Infrastructure providers supply the physical hardware, network, and foundational cloud services. They are responsible for:
Physical security of data centers.
Availability and resilience of the core infrastructure.
Ensuring no access to the application’s codebase or customer/site-specific data. Personnel from infrastructure providers cannot access Acquia's codebase or the data managed by customers within their sites.
Document ChangeLog
Date
Update
December 2, 2025
Updated section 2.1 to include integration with Acquia Search powered by SearchStax.
November 6, 2025
Added section on secure login with AcquiaID. Improved numbering for clarity.
October 30, 2025
Updated details about automatic backups and restore functionality in section 2.
September 11, 2025
Adjusted details related to views, automated backups and retention, storage capacity, removed bandwidth constraint, search, and AI tokens. Clarified optional add-ons, protections against abuse, and regional availability. Changed the name of the "Experience Builder" feature to "Drupal Canvas".
August 5, 2025
Adjusted details related to database backups.
July 31, 2025
Document published.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Service Offerings