Privacy Policy.

1. Introduction

Acquisition Atlas ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit acqatlas.com or engage with our outreach engine service (the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Book a call or contact us: Name, email address, company name, job title, phone number, and any details you provide about your acquisition thesis
• Begin an engagement: Engagement-letter details, sector and thesis information, designated contacts at your firm
• Contact us: Any information you include in correspondence with our team
• Participate in surveys or interviews: Survey responses, feedback, testimonials

2.2 Automatically Collected Information

When you access the Service, we automatically collect certain information:

• Usage Data: Pages viewed, articles read, calculator interactions, time spent on the site
• Device Information: IP address, browser type and version, operating system, device identifiers
• Log Data: Access times, pages viewed, referring URLs, error logs
• Location Data: General location derived from IP address (not precise geolocation)
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies (see Section 8)

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Booking infrastructure providers (Calendly)
• Analytics providers (PostHog, Google Analytics)
• Marketing partners and advertising platforms
• Public databases and corporate registries (used for thesis-related target research, not personal profiling of visitors)

2.4 Information About Engagement Activity

During an active engagement we maintain records of the target universe built for your thesis, the signals monitored, conversations conducted on your behalf, and the qualified hand-offs delivered to your team. This information is treated as confidential client data and is held in account-segregated infrastructure.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain Our Service

• Respond to inquiries and book intro calls
• Deliver engagement deliverables under the relevant engagement letter
• Send service announcements, engagement updates, and qualified hand-offs
• Manage account, billing and contractual relationships

3.2 To Improve and Optimize Our Service

• Analyze usage patterns and trends
• Develop new capabilities and reporting features
• Conduct internal research and data analysis
• Monitor and analyze performance and technical issues

3.3 For Communication

• Send service announcements and updates
• Respond to your comments, questions, and requests
• Send marketing communications (with your consent, where required)
• Notify you of changes to our Terms or Privacy Policy
• Request feedback or participation in surveys

3.4 For Security and Legal Compliance

• Detect, prevent, and address fraud and security issues
• Enforce our Terms of Service
• Comply with legal obligations and regulatory requirements
• Protect the rights, property, and safety of Acquisition Atlas and our users

4. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context:

• Contract Performance: Processing necessary to provide the Service you have engaged us to deliver
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Consent: When you have given explicit consent (e.g., marketing emails)
• Legal Obligation: When required by law or regulation

You have the right to withdraw consent at any time, though this will not affect the lawfulness of processing based on consent before withdrawal.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Cloud hosting and infrastructure (AWS)
• Booking infrastructure (Calendly)
• Analytics services (PostHog, Google Analytics)
• Email service providers
• Outbound communication infrastructure used to run engagements

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

5.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your information.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Legitimate requests from law enforcement or government authorities
• Situations involving potential threats to safety or security
• Protection of our legal rights and property

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with the Service and maintain the engagement relationship
• Comply with legal, tax, and accounting obligations
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When an engagement ends, client data is retained per the terms of the engagement letter. Inquiries and visitor-side personal information are retained no longer than reasonably necessary. We will delete or anonymize personal information within 90 days of a deletion request, unless we are required to retain it for legal or regulatory purposes. Some information may be retained in backup systems for up to an additional 90 days.

Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and research purposes.

7. Your Privacy Rights

7.1 All Users

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Data Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails (using the link in emails or by contacting us)

7.2 GDPR Rights (EEA Users)

If you are located in the EEA, you have additional rights under GDPR:

• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at contact@acqatlas.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. See our Cookie Policy for a full description.

8.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (security, session state, consent storage)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use the Service (PostHog, Google Analytics)
• Marketing Cookies: Track visits across websites to deliver relevant advertisements

8.2 Managing Cookies

You can control cookies through your browser settings and through our cookie consent banner. Note that disabling cookies may affect the functionality of the Service.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted using industry-standard encryption
• Access Controls: Strict access controls and authentication requirements for employees and systems
• Regular Security Audits: Regular security assessments and penetration testing
• Secure Infrastructure: Use of reputable cloud providers with robust security certifications
• Incident Response: Procedures in place to detect, respond to, and recover from security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

If you are located in the EEA, we ensure that transfers to third countries are protected by appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other lawful transfer mechanisms

11. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We encourage you to review the privacy policies of any third-party services you access through our Service.

12. Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us at contact@acqatlas.com. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

13. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. We currently do not respond to DNT signals because there is no industry-wide standard for how to interpret and respond to these signals.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (for material changes)
• Displaying a prominent notice on our Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: