ProSentra Privacy Policy

ProSentra, Inc. ("ProSentra," "we," "us," or "our") respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the types of information we collect from users of acuity.prosentra.com and prosentra.com (the "Service") and how we use, disclose, and protect that information.

1. Information We Collect

We collect only business-related information necessary to deliver Acuity:

A. Information You Provide

• Account & contact data (name, email, job title, company, phone)
• Uploaded files (tool inventories, budget spreadsheets, NIST CSF / CIS maturity assessments)
• Initiative notes and comments (Jira-style ticket updates)

B. Automatically Collected Information

• Standard web logs (IP address, browser type, pages visited, time/date)
• Analytics via Google Analytics (privacy-first, no cookies, no personal data)

We do NOT collect or process:

• Security event logs or telemetry
• End-user personal data
• Payment information

2. How We Use Your Information

We use the information only to:

• Provide, maintain, and improve Acuity
• Generate risk models, maturity scores, and board-ready recommendations
• Track initiative progress and real-time risk reduction
• Communicate with you (product updates, support, billing)

3. Data Sharing & Disclosure

We do not sell, rent, or share your data except:

• With sub-processors who help us deliver the Service (AWS, Stripe, Plausible — all under strict DPA)
• When required by law or to protect our rights
• In the event of a merger/acquisition (standard clause)

4. Data Security & Retention

• All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Hosted in AWS US-East-2
• Retained only as long as your account is active + 90 days (or per your written request)
• You can export or delete all data at any time via Settings → Data Export / Delete Account

5. Your Rights (CCPA, CPRA, GDPR)

You have the right to:

• Access, correct, or delete your data
• Opt-out of any future data processing
• Receive your data in portable format

Contact privacy@prosentra.com — we respond within 30 days (often same day).

6. Children's Privacy

Acuity is a B2B enterprise tool. We do not knowingly collect data from children under 16.

7. Changes to This Policy

We'll notify you via email and in-app banner before material changes take effect.

8. Contact Us