Privacy Policy

Effective: February 25, 2026 · Last updated: February 25, 2026

ACE Platform — Powered by GIA Governance — is operated by Advanced Consulting Experts, LLC ("ACE", "we", "us", "our"). This policy describes what data we collect, how we use it, and your rights.

      We do not train AI models on your data. Your governance metadata, audit logs, and operational data are never used for model training, fine-tuning, or any purpose beyond providing the ACE service to you.
    

1. Data We Collect

Account data (provided by you):

Email address (for key provisioning and communication)
Name or organization name (optional, for key identification)
Billing information (processed by Stripe — we never store card details)

API key metadata (generated by our system):

API key hash (SHA-256 — we never store your plaintext API key)
Key prefix and fingerprint (for identification and audit)
Tier, rate limits, and status

Governance metadata (generated during tool usage):

MAI classification results (Mandatory / Advisory / Informational)
Governance scores (Integrity, Accuracy, Compliance)
Audit ledger entries (operation name, timestamp, classification, hash chain)
MANDATORY gate decisions and approval records
Session metadata (session ID, duration, tool call counts)

2. Data We Do Not Collect

We do not collect the content of your LLM prompts or responses
We do not collect your source code, documents, or business data
We do not use cookies for tracking (no third-party analytics)
We do not sell, share, or trade personal data with third parties
We do not train AI models on any customer data

3. How We Use Your Data

Service delivery: Authenticate API requests, enforce rate limits, maintain audit trails
Security: Detect abuse, enforce brute-force protection, key revocation
Billing: Process payments via Stripe, manage subscription lifecycle
Compliance evidence: Generate governance reports and audit records that you request

4. Data Retention

Audit logs: Retained for the duration of your subscription. Configurable retention periods available on Enterprise plans.
API key metadata: Retained while key is active. Revoked key records retained for 90 days for security audit purposes.
Account data: Retained until you request deletion or your subscription ends.
Billing data: Retained by Stripe per their privacy policy.

5. Data Security

Encryption in transit: All connections use TLS 1.2+ (HTTPS enforced)
Encryption at rest: API keys stored as SHA-256 hashes. Database encrypted at rest.
Access control: Role-based access (aRBAC), ISSO-only admin endpoints
Audit integrity: Forensic ledger uses SHA-256 hash chaining — tamper-evident by design
Infrastructure: Hosted on isolated infrastructure with SSH hardened access

6. Third-Party Services

Stripe: Payment processing. See Stripe Privacy Policy.
Anthropic MCP: ACE operates as an MCP server. Tool calls are processed by ACE, not forwarded to Anthropic.

7. Your Rights

Access: Request a copy of your data at any time
Deletion: Request deletion of your account and associated data
Portability: Export your audit logs and governance data
Correction: Update your account information
Revocation: Revoke API keys instantly via admin API or support request

8. Changes to This Policy

We may update this policy as our service evolves. Material changes will be communicated via email to registered users. The "last updated" date above reflects the most recent revision.

9. Contact

For privacy questions, data requests, or concerns:

Email: privacy@aceadvising.com
General support: support@aceadvising.com