LEGAL

Privacy Policy.

What we collect. What we do with it. What we never do. The plain-English version is on the right of every section.

Effective: May 15, 2026 Version: 1.0 Privacy contact: privacy@acren.ai
May 15, 2026 v1.0 Initial Privacy Policy at beta launch.

1. What we collect

To deliver the Service, we collect:

  • Account data. Email, name, firm, and territory at signup.
  • Deal data. Source documents you upload, signals we surface in your territory, the underwriting we extract, motivation scores, and any notes or edits you make.
  • Outreach data. Drafts we generate, your edits, and send / response status.
  • Usage data. Standard application analytics — page views, clicks, errors — via PostHog Cloud and Sentry.
  • Communications. Emails you send to Acren and replies we send.

2. What we do with it

Deal data is used exclusively to operate the Service for you. Specifically:

  • Run the Propensity-to-Sell engine in your territory.
  • Extract financial figures via Anthropic Claude.
  • Generate outreach drafts in your voice for your review.
  • Route deal packages to credit providers only after you explicitly authorize submission.
  • Trigger transactional emails for parse status, financing requests, and quote arrivals.

3. What we don't do

We do not sell deal data. We do not share deal data with third parties outside credit providers you authorize on a per-deal basis. We do not aggregate identified deal data for resale, market research products, or any other purpose. We do not share LP lists across GP tenants unless the GP explicitly opts a deal into the public marketplace (Pillar 3).

4. Sub-processors

We rely on these vendors to operate the Service. The current registry — with purpose, data class, region, and DPA version — is published on the Security page. We notify by email at least fourteen days before adding, removing, or materially changing a sub-processor.

  • Supabase — database and storage hosting (US-East).
  • Vercel — application hosting and global edge.
  • Anthropic — Claude Sonnet for extraction. Customer data not used to train models.
  • Sayari, OpenCorporates — entity resolution.
  • Resend — transactional email delivery.
  • Sentry — error tracking with PII scrubbing.
  • PostHog — product analytics (US Cloud).

5. Retention

Account data and deal data are retained while your account is active. After account closure or deletion request, we trigger a thirty-day soft-delete window during which data is recoverable, then permanent purge from primary storage. Backups roll off within fourteen days of soft-delete completion. The full retention matrix by data class is published on the Security page.

6. Your rights

You can export your deal data, delete your account, or request deletion of any specific deal at any time from settings or by emailing privacy@acren.ai. We respond within ten business days. We honor data-subject requests under GDPR, CCPA / CPRA, and equivalent state-level US laws to the extent applicable.

For data-protection inquiries beyond standard requests: privacy@acren.ai — designated as our privacy contact under applicable laws.

7. Cookies

We use session cookies for authentication and analytics cookies for product usage tracking. We do not use third-party advertising cookies. PostHog and Sentry receive only the events documented in our Data Handling document; no source-document content or extracted financials are ever sent to them.

8. Changes

Material changes to this Privacy Policy are communicated by email at least fourteen days before taking effect. The version history at the top of this page tracks every published change.

9. Contact

Privacy questions or data requests: privacy@acren.ai.