Service Policy

Acua's operating policies for service availability, maintenance, data backup, disaster recovery, and data management

Last updated: May 6, 2026

01

About This Policy

This Service Policy sets out Acua's operating policies for production SaaS services with respect to service availability, scheduled maintenance, data backup, disaster recovery, and data retention and deletion.
Unless otherwise agreed in a separate written Service Level Agreement (SLA) or individual contract, this Policy does not establish service credits, refunds, damages, or other monetary remedies.
In the event of any conflict between this Policy and Acua's Terms of Service, individual contract, or data processing agreement, the terms of such Terms of Service, individual contract, or data processing agreement shall prevail.
02

Service Availability

Acua targets a monthly uptime of 99.9% for its production services, excluding scheduled maintenance, emergency maintenance, and circumstances beyond Acua's reasonable control.
Monthly uptime is calculated as follows: Monthly Uptime (%) = (Total minutes in the month − Qualifying Downtime minutes) ÷ Total minutes in the month × 100. "Qualifying Downtime" means the period during which customers are substantially unable to access core functions of Acua's production environment due to a failure within Acua-managed systems. Minor degradation, delays in non-core features, third-party integration failures, or access issues attributable to the customer's environment are not included.
Acua will perform scheduled maintenance during low-traffic periods. Where scheduled maintenance is planned, Acua will provide at least 48 hours advance notice, to the extent reasonably practicable, via email, in-app notification, status page, or other appropriate means. Acua aims to limit scheduled maintenance to 4 hours per calendar month.
Acua may perform emergency maintenance without prior notice where necessary for security response, critical bug fixes, cloud infrastructure emergencies, or other actions required to maintain stable service operations. In such cases, Acua will notify customers as promptly as reasonably practicable.
In the event of unplanned service interruption or significant functional failure, Acua will use commercially reasonable efforts to restore service promptly and will communicate impact scope and recovery status via email, in-app notification, status page, or other appropriate means.
The uptime targets in this section do not apply to Beta Features, experimental features, free trials, sandbox environments, third-party services, or features expressly excluded under the Terms of Service.
03

Data Backup

Acua uses Google Cloud Platform (GCP) infrastructure for Acua-managed production environments and applies GCP-native backup and recovery capabilities appropriate to each data store. For production databases, Acua generally uses automated backups and, where applicable, point-in-time recovery; for object data, Acua uses Cloud Storage redundancy, lifecycle controls, versioning, replication, or equivalent controls where appropriate.
For the purposes of this Policy, "customer data" means data that the customer or authorized users have stored, transmitted, uploaded, or created within Acua's services. Customer data does not include data stored in third-party services, data on the customer's devices or networks, data managed outside Acua's services, or data in external integrations not stored by Acua.
Acua performs automated backups of customer data stored in Acua-managed production databases at least daily, unless a specific data store is covered by a different GCP-managed durability or replication mechanism. Backup retention is configured based on the applicable GCP service, data type, operational need, and customer contract; as a standard, Acua retains recoverable production database backups for at least 30 days where technically supported.
Acua encrypts backup data at rest and in transit using GCP-supported encryption controls, including Google-managed encryption keys or customer-managed encryption keys where configured. For transmission, Acua uses TLS 1.2 or higher, or equivalent protections. Where supported by the relevant GCP service and operational design, Acua stores backup or replicated data in a separate zone, region, dual-region, multi-region, or otherwise geographically resilient configuration to reduce the impact of zonal or regional infrastructure failures.
Acua restricts backup access to authorized personnel and systems with a legitimate business need. Direct access to backup files is not provided to customers. Where customer data restoration is required, Acua will perform restoration work, to the extent technically and operationally feasible, upon customer request or upon Acua's declaration of a disaster recovery event. The feasibility, scope, and timeline for restoration will vary depending on the type of data, the nature of the failure, the condition of the backup, and the scale of the restoration.
04

Data Recovery

Acua establishes the following recovery objectives for major service failures and disaster recovery events:
  • •Recovery Time Objective (RTO): Acua targets service restoration within 8 business hours from the time Acua declares a disaster recovery event.
  • •Recovery Point Objective (RPO): In a catastrophic failure requiring recovery from backup, Acua targets a maximum data loss of 24 hours.
    • RTO and RPO are operational targets for major failures or disaster recovery events in Acua-managed production environments and are not guaranteed values unless separately agreed in writing.
    The RTO and RPO targets do not apply in the following circumstances:
  • •Errors, deletions, configuration changes, or access control failures caused by the customer or the customer's users
  • •Failures attributable to the customer's devices, networks, browsers, authentication environment, or external systems
  • •Failures caused by third-party services, external APIs, external integrations, internet connectivity, DNS, or telecommunications carriers
  • •Beta Features, experimental features, free trials, or sandbox environments
  • •Force majeure events as defined in the Terms of Service
  • •Circumstances beyond Acua's reasonable control
    • Where Acua declares a disaster recovery event, Acua will, to the extent reasonably practicable, notify affected customers within 2 hours of the declaration and will provide regular status updates via email, in-app notification, status page, or other appropriate means until service is restored.
    05

    Data Retention & Deletion

    Active Accounts

    Acua retains customer data during the active subscription period for the purposes of service delivery, support, security, billing, legal compliance, and other purposes set out in the Terms of Service. During the subscription period, authorized users may access, view, export, or delete customer data within the functionality provided by Acua.

    Post-Subscription Termination

    Upon termination, cancellation, or expiration of a customer's subscription, Acua will retain customer data for 90 days from the termination date (the "Retention Period") for the purposes of data export, account reinstatement, billing processing, dispute resolution, and legal compliance. During the Retention Period, the customer may request export of customer data within a reasonable scope via Acua's available features or by contacting support@acua.ai.

    Deletion After the Retention Period

    After the Retention Period ends, Acua will delete or anonymize customer data in the active production environment, unless retention is required by applicable law, necessary for security, fraud prevention, billing, audit, dispute resolution, or separately agreed in writing with the customer. Customer data contained in backups will be overwritten or deleted in accordance with the normal backup retention cycle. Deleted data contained in backups will not be restored to the standard production environment except for disaster recovery purposes or as required by law.
    Acua will provide confirmation of the status of the data deletion process upon reasonable customer request.

    Early Deletion

    Customers may request early deletion of customer data before the Retention Period ends by contacting support@acua.ai. Acua will fulfill early deletion requests within 30 days of confirmation, to the extent reasonably practicable, following identity verification, authorization verification, and confirmation of any legal or contractual retention obligations. Where early deletion is completed, customer data in the active production environment will be deleted or anonymized. Data remaining in backups will be deleted in accordance with the normal backup retention cycle.

    Anonymized Data and Operational Records

    Acua may retain and use anonymized or aggregated statistics, service usage data, and performance information that cannot be used to identify customers or individuals, for service improvement, analysis, security, and research and development purposes. Acua may also retain access logs, operation logs, billing records, support history, contract-related information, and similar records for a defined period to the extent necessary for legal compliance, security, fraud prevention, audit, billing, support, and dispute resolution.
    06

    Customer Responsibilities

    Customers are responsible for the following, among other things, to use Acua's services appropriately and securely:
  • •Appropriate management of administrator accounts and user permissions
  • •Secure management of passwords, credentials, API keys, and other authentication information
  • •Exporting and internally retaining customer data as needed
  • •Managing integration configurations with third-party services and data stored in external integrations
  • •Compliance with laws, regulations, and internal policies applicable to the customer's business, industry, and jurisdiction
  • •Implementing internal operating procedures to prevent accidental deletion, errors, and configuration mistakes
    • Unless otherwise agreed in writing, Acua is not responsible for data loss caused by customer or customer user errors, configuration changes, deletions, access control failures, external integration failures, or failures attributable to the customer's environment.
    07

    Changes to This Policy

    Acua may update this Policy from time to time in response to changes in service features, operational processes, security requirements, applicable laws, or the technical environment.
    Where Acua makes material changes to this Policy, Acua will notify customers in advance or after the change by reasonable means. Updated Policy provisions will take effect on the date specified by Acua or on the date published on the service.