Privacy Policy

Effective Date: June 18, 2025

1. Introduction

Accrava ("we," "our," or "us") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our IT consulting services, including custom AI solutions and strategic consulting.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us, including:

  • Contact information (name, email, phone number, address)
  • Business information (company name, job title, industry)
  • Account credentials for systems we manage
  • Project requirements and specifications
  • Communication records and correspondence
  • Payment and billing information

2.2 Information Collected Automatically

When you interact with our services, we may automatically collect:

  • System logs and performance data
  • Usage analytics and metrics
  • Device and browser information
  • IP addresses and network information
  • Security monitoring data

2.3 Information from Third Parties

We may receive information from:

  • Third-party service providers and partners
  • Public databases and sources
  • Social media platforms (with your consent)
  • Background check services (for personnel security)

3. How We Use Information

3.1 Service Delivery

We use collected information to:

  • Provide and maintain our IT consulting services
  • Develop and deploy custom AI agents
  • Monitor and manage client systems
  • Troubleshoot technical issues
  • Provide customer support

3.2 Business Operations

We use information for:

  • Billing and payment processing
  • Contract management and compliance
  • Risk assessment and security monitoring
  • Quality assurance and service improvement
  • Legal and regulatory compliance

3.3 Communication

We use contact information to:

  • Respond to inquiries and provide support
  • Send service notifications and updates
  • Share relevant industry insights and recommendations
  • Conduct satisfaction surveys and feedback collection

4. AI and Machine Learning Practices

4.1 AI Agent Development

When developing custom AI agents, we:

  • Use client data only as authorized and necessary for the specific project
  • Implement appropriate data anonymization and pseudonymization techniques
  • Ensure data minimization principles are followed
  • Obtain explicit consent for any data processing beyond the agreed scope

4.2 Model Training

For AI model training, we:

  • Use only authorized datasets and training materials
  • Implement privacy-preserving techniques where appropriate
  • Maintain clear data lineage and processing records
  • Ensure compliance with applicable AI governance frameworks

4.3 Third-Party AI Services Usage

IMPORTANT: We regularly utilize third-party AI services and platforms in our service delivery, including:

  • Large Language Models: OpenAI (GPT models), Anthropic (Claude), Google (Gemini), Microsoft (Azure AI), and other LLM providers
  • Machine Learning Platforms: AWS AI/ML services, Google Cloud AI, Azure Machine Learning, and similar platforms
  • Specialized AI APIs: Computer vision, natural language processing, speech recognition, and other AI-powered services
  • Development Tools: AI-powered coding assistants, automated testing tools, and development environments

4.4 Data Processing by Third-Party AI Providers

When we use third-party AI services:

  • Your data may be transmitted to and processed by these providers as part of our service delivery
  • We select providers based on their security and privacy practices
  • We implement contractual protections where available
  • We apply data minimization techniques to limit exposure
  • We monitor usage and maintain audit logs

4.5 Third-Party AI Provider Policies

Data processed by third-party AI services is also subject to those providers' terms of service and privacy policies, including:

  • OpenAI's Privacy Policy and Terms of Use
  • Anthropic's Privacy Policy and Terms of Service
  • Google's Privacy Policy and Cloud Terms
  • Microsoft's Privacy Statement and Azure Terms
  • Other applicable third-party provider policies

4.6 Opt-Out Options

You may request that we avoid using specific third-party AI services for your projects by:

  • Providing written notice specifying excluded services
  • Understanding that this may impact service delivery capabilities
  • Accepting potential changes to project timelines and pricing
  • Acknowledging that some services may not be feasible without AI assistance

5. Information Sharing and Disclosure

5.1 Service Providers

We may share information with trusted service providers who assist in:

  • Cloud infrastructure and hosting
  • Payment processing and billing
  • Security monitoring and threat detection
  • Backup and disaster recovery services
  • Third-party AI and machine learning services (as detailed in Section 4.3)

5.2 Third-Party AI Platform Data Sharing

By using our services, you consent to data sharing with third-party AI providers including but not limited to:

  • Project specifications and requirements
  • Code, configurations, and technical documentation
  • Business process information and system architecture details
  • Content and data necessary for AI model processing
  • Performance metrics and usage analytics

This data sharing is essential for:

  • Developing custom AI solutions
  • Troubleshooting and optimization
  • Implementing automated workflows
  • Providing AI-enhanced managed services

5.3 Business Transfers

Information may be transferred in connection with mergers, acquisitions, or other business transactions, subject to equivalent privacy protections.

5.4 Legal Requirements

We may disclose information when required by law, regulation, or legal process, or to protect our rights, property, or safety.

5.5 Consent

We may share information with your explicit consent or as directed by you.

6. Data Security

6.1 Security Measures

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and penetration testing
  • Employee security training and background checks
  • Incident response and breach notification procedures

6.2 Managed Services Security

For managed services clients, we:

  • Implement role-based access controls
  • Monitor systems for security threats
  • Maintain security logs and audit trails
  • Conduct regular security reviews and updates
  • Provide security incident response services

7. Data Retention

7.1 Retention Periods

We retain personal information for as long as:

  • Required to provide our services
  • Necessary for legitimate business purposes
  • Required by legal or regulatory obligations
  • Needed to establish, exercise, or defend legal claims

7.2 Data Deletion

We securely delete or anonymize personal information when:

  • The retention period expires
  • The information is no longer needed for its original purpose
  • You request deletion (subject to legal obligations)
  • We terminate our business relationship

8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

  • Access your personal information we hold
  • Request correction of inaccurate information
  • Update your contact preferences
  • Request a copy of your data

8.2 Data Portability

Where technically feasible, you may request:

  • Export of your data in a structured format
  • Transfer of data to another service provider
  • Assistance with data migration

8.3 Deletion and Restriction

You may request:

  • Deletion of your personal information
  • Restriction of processing activities
  • Objection to certain types of processing

8.4 Withdrawal of Consent

Where processing is based on consent, you may withdraw consent at any time, though this may affect our ability to provide services.

9. International Data Transfers

When we transfer personal information internationally, we ensure appropriate safeguards through:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Other legally recognized transfer mechanisms

10. Cookies and Tracking

10.1 Cookies

Our website may use cookies for:

  • Essential site functionality
  • Performance and analytics
  • Personalization preferences
  • Security and fraud prevention

10.2 Third-Party Tracking

We may use third-party analytics and tracking services to improve our website and services. You can opt out through browser settings or third-party tools.

11. Children's Privacy

Our services are not directed to children under 16, and we do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

  • Email notifications to registered users
  • Prominent notices on our website
  • Direct communication for significant changes

13. Compliance and Certifications

We maintain compliance with applicable privacy laws and regulations, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Industry-specific privacy requirements
  • Relevant international privacy frameworks

14. Contact Information

14.1 Privacy Inquiries

For privacy-related questions, data subject requests, or privacy concerns, contact:

Privacy Officer
Email: privacy@accrava.com
Mailing Address:
Accrava Privacy Office
PO Box 53153
Albuquerque, NM 87153

14.2 Data Protection Officer

For jurisdictions requiring a Data Protection Officer, contact:
Email: privacy@accrava.com

14.3 Security Issues

For reporting security vulnerabilities or data breaches:
Email: security@accrava.com

14.4 General Inquiries

For general business inquiries:
Email: info@accrava.com

14.5 Compliance Matters

For regulatory compliance questions:
Email: compliance@accrava.com

14.6 Regulatory Authorities

You have the right to lodge complaints with relevant data protection authorities in your jurisdiction. Contact information for major authorities:

United States:

  • Federal Trade Commission (FTC)
  • State Attorney General offices

European Union:

  • Your local Data Protection Authority
  • European Data Protection Board (EDPB)

Other Jurisdictions:

  • Contact your local privacy regulatory authority

15. Additional Regional Provisions

15.1 European Economic Area (EEA)

For EEA residents, we provide additional rights under GDPR, including enhanced consent requirements and data subject rights.

15.2 California Residents

For California residents, we provide additional rights under CCPA, including the right to know, delete, and opt-out of sale of personal information.

15.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, and additional provisions may apply based on your location.

Last Updated: June 18, 2025