Effective Date: June 24, 2026 • Version 1.0
Accure Inc. (“Accure,” “Company,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, integrity, and security of information entrusted to us. Accure Inc. is incorporated in the Commonwealth of Virginia and maintains its principal place of business at:
Accure Inc. — Principal Place of Business
Accure Inc.
10300 Eaton Pl, Suite 440
Fairfax, VA 22030
Email: legal@accure.ai
Website: https://accure.ai
This Privacy Policy describes how Accure collects, uses, stores, processes, discloses, transfers, protects, and otherwise handles information in connection with our websites, software applications, cloud services, artificial intelligence systems, APIs, platforms, mobile applications, professional services, support services, customer portals, and all related products and services (collectively, the “Services”).
This Privacy Policy applies to all current and future Accure products, services, applications, platforms, APIs, and offerings unless superseded by a product-specific privacy notice or a written agreement executed between the parties. In the event of a conflict between this Privacy Policy, a Data Processing Addendum, and a Master Services Agreement or other governing agreement, the following order of precedence shall apply: (1) the executed Master Services Agreement or enterprise agreement; (2) the Data Processing Addendum; (3) this Privacy Policy. This Privacy Policy supplements the Accure Platform Terms of Use. In the event of a conflict between this Privacy Policy and the Platform Terms of Use regarding the processing of personal data, this Privacy Policy and any executed Data Processing Addendum control; the Platform Terms of Use otherwise govern the parties’ commercial and contractual relationship.
By accessing or using the Services, you acknowledge and agree to the practices described in this Privacy Policy.
This Privacy Policy applies to:
We may collect information including name, email address, telephone number, mailing address, company name, job title, account credentials, billing and payment information, support requests, communications, uploaded documents, user-generated content, and feedback and survey responses.
We may collect IP address, device identifiers, browser type, operating system, network information, access times, referring URLs, usage data, session information, log files, diagnostic information, security events, and cookie data.
Customers may upload, submit, transmit, store, or otherwise provide contracts, legal documents, compliance records, policies and procedures, financial documents, business records, images, audio files, video files, spreadsheets, databases, structured data, unstructured data, AI prompts, and AI outputs. Customer Content remains subject to applicable agreements and customer instructions.
We may use information to provide and operate the Services; authenticate users; process transactions; deliver AI functionality and generate outputs; improve performance and usability; monitor availability, security, and detect fraud; respond to support requests; communicate with users; analyze usage patterns; maintain compliance; enforce agreements; protect rights and property; and satisfy legal obligations.
For individuals located in the European Economic Area, United Kingdom, or Switzerland, Accure relies on the following legal bases under Article 6 of the GDPR:
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Accure provides artificial intelligence and machine-learning-enabled products and services. AI systems may perform classification, extraction, summarization, analysis, recommendation, prediction, comparison, generation, translation, interpretation, and workflow automation.
Artificial intelligence systems are probabilistic technologies and may generate inaccurate, incomplete, outdated, biased, misleading, or incorrect information. Users remain solely responsible for reviewing, validating, approving, and relying upon any AI-generated outputs. Accure makes no guarantee regarding the accuracy, completeness, reliability, suitability, legality, or fitness of AI-generated outputs.
Services and outputs do not constitute legal, financial, accounting, tax, medical, healthcare, insurance, compliance, engineering, investment, employment, or regulatory advice. Qualified professionals should be consulted before making decisions based on AI-generated outputs.
Except as expressly stated by applicable law or written agreement:
Customers grant Accure only the limited rights necessary to provide, secure, maintain, and support the Services.
Unless expressly authorized by the Customer in writing:
Accure may create, use, disclose, and commercialize aggregated data, statistical information, benchmark information, operational metrics, usage analytics, performance analytics, security analytics, de-identified information, and anonymized information, provided such information cannot reasonably identify a customer, user, or individual. The Platform Terms of Use limit Accure’s use of anonymized operational metadata derived from Customer Data to service-quality purposes. To the extent this Section is broader than that limitation with respect to data derived from Customer Content, the more restrictive provision, and any executed Order Form, MSA, or DPA, controls.
Accure will not attempt to re-identify de-identified or anonymized data. De-identification and anonymization practices are designed to meet applicable legal standards, including under the GDPR, CCPA, and HIPAA Safe Harbor and Expert Determination methods where applicable.
Customers are solely responsible for obtaining necessary permissions and required consents; ensuring lawful data collection and processing; verifying AI outputs; determining suitability of Services for their use case; and compliance with applicable laws and regulations. Customers represent and warrant that they possess all rights necessary to submit information to the Services.
Customers are responsible for determining whether submission of the following categories of data is appropriate under applicable law and any executed agreements:
Additional agreements, including a Business Associate Agreement (BAA) for HIPAA-covered data or a Data Processing Addendum for GDPR special categories, may be required before processing certain categories of sensitive data.
We may use cookies, session identifiers, local storage, analytics technologies, tracking technologies, and similar technologies.
Users may control certain cookie preferences through our cookie consent mechanism or browser settings. Note that disabling certain cookies may affect the functionality of the Services.
We may share information with cloud hosting providers, AI model providers, security vendors, analytics vendors, payment processors, and customer support providers, each engaged under appropriate data protection obligations.
Information may be transferred as part of a merger, acquisition, reorganization, financing, bankruptcy, or sale of assets. We will provide notice of such transfers where required by law.
We may disclose information to comply with law or court orders; to respond to lawful requests from government authorities; to protect our rights, property, or safety; to investigate fraud; to enforce agreements; or to protect public safety.
Accure may engage affiliates, vendors, contractors, cloud providers, AI providers, and subprocessors to assist in delivering Services.
Upon written request, Accure will provide customers with information regarding current subprocessors that process Customer Data in connection with the Services, subject to confidentiality, security, and legal restrictions.
Accure will provide at least thirty (30) days’ advance written notice of material changes to the subprocessor list, either by email to the primary account contact or via in-platform notification. Enterprise customers may object to new subprocessors pursuant to the terms of their governing agreement. An objecting customer must notify Accure in writing within thirty (30) days of the notice, stating reasonable, good-faith data-protection grounds. Accure will work in good faith to address the objection. If Accure cannot reasonably accommodate the objection and the new subprocessor is material to the Services, the customer’s sole and exclusive remedy is to terminate the affected Services and receive a pro-rata refund of prepaid, unused fees for those Services.
Accure may utilize third-party AI model providers, cloud hosting providers, infrastructure providers, security providers, and storage providers solely to support the delivery of the Services, subject to applicable contractual obligations.
Information may be processed, stored, accessed, or transferred in jurisdictions where Accure, its affiliates, providers, or subprocessors operate. Where required, Accure will implement appropriate safeguards for cross-border transfers, which may include:
Customers may request information about the specific safeguards applicable to their data by contacting legal@accure.ai.
Accure retains information for periods determined by customer requirements, legal obligations, regulatory requirements, security needs, operational needs, contractual obligations, and dispute resolution requirements. General retention guidelines by data category are as follows:
| Data Category | Retention Period |
|---|---|
| Account & Identity Data | Duration of relationship + 7 years |
| Billing & Transaction Records | 7 years (tax/financial compliance) |
| Customer Content (uploaded files) | Per customer agreement or deletion request |
| Support & Communication Logs | 3 years from last interaction |
| Security & Audit Logs | 3 years (or longer if required by law) |
| AI Interaction Logs | Per customer agreement; minimum 1 year for audit trail |
| Marketing & Preference Data | Until opt-out + 1 year |
| De-identified / Aggregated Data | Indefinite |
Retention periods may vary by product, service, and jurisdiction. Upon expiration of the applicable retention period, Accure will securely delete or anonymize the relevant data in accordance with its data disposal procedures.
Accure implements administrative, technical, organizational, and physical safeguards designed to protect information, which may include encryption in transit and at rest, access controls, role-based permissions, logging, monitoring, vulnerability management, backups, and incident response procedures.
Security Disclaimer
No technology, network, transmission method, storage system, or security control can guarantee absolute security. Accure does not represent or warrant that the Services are immune from unauthorized access, data loss, or security incidents.
Accure maintains incident response procedures designed to identify, investigate, contain, and respond to security incidents. Where required by applicable law or contract, Accure will provide notice of confirmed security incidents without undue delay after confirmation of the incident and within any timeframe specified in an executed Data Processing Addendum. Where Accure acts as a processor on a Customer’s behalf, Accure will notify the affected Customer (acting as controller) without undue delay; the 72-hour period under GDPR Article 33 governs a controller’s notification to its supervisory authority and does not, by itself, set Accure’s deadline as a processor.
Accure does not design the Services to make solely automated decisions that produce legal or similarly significant effects without appropriate human review. Accure’s AI systems are designed to support, not replace, human decision-making.
Customers operating in jurisdictions where GDPR Article 22 or equivalent requirements apply are responsible for ensuring that their use of Accure’s outputs complies with applicable automated decision-making restrictions and, where required, for providing individuals with the right to obtain human review of decisions.
Subject to applicable law, individuals may have rights to access, correct, delete, restrict, object to, or port their personal information, and to withdraw consent or lodge complaints with a supervisory authority. To exercise applicable rights, please contact us at legal@accure.ai.
Accure will respond to verifiable privacy rights requests within the timeframes required by applicable law, including:
Accure does not sell personal information and does not share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, collectively “CCPA/CPRA”).
California residents have the right to know, delete, correct, opt out of sale or sharing, and limit use of sensitive personal information. Accure does not use or disclose sensitive personal information beyond the purposes permitted under CPRA Section 1798.121. California residents may submit privacy rights requests by contacting Accure at legal@accure.ai. Accure will verify and respond to requests in accordance with applicable law.
Accure is subject to the Virginia Consumer Data Protection Act (VCDPA) as a controller processing personal data of Virginia residents. Virginia residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects.
To submit a VCDPA request, contact legal@accure.ai. Accure will respond within 45 days. Virginia residents who believe their rights have not been honored may appeal by contacting legal@accure.ai and, if unresolved, may submit a complaint to the Virginia Attorney General.
For individuals located in the European Economic Area, United Kingdom, and Switzerland, Accure may act as either a Data Controller or Data Processor, depending on the specific Service and contractual relationship.
Where Accure acts as a Data Processor on behalf of a Customer, the parties’ respective obligations are governed by a Data Processing Addendum executed between the parties. Where Accure acts as a Data Controller, the applicable legal bases are described in Section 4.
EEA and UK individuals have the right to lodge a complaint with the relevant supervisory authority.
Accure is not a HIPAA-covered entity. Accure will not act as a HIPAA Business Associate unless the parties have executed a separate Business Associate Agreement (BAA). Customers who intend to submit Protected Health Information (PHI) to the Services must execute a BAA before doing so.
Customers should also be aware that certain U.S. state health privacy laws may impose additional obligations on the collection and processing of health-related data, including the Washington My Health My Data Act and Nevada SB 370. Customers are responsible for compliance with applicable state health privacy laws.
Government customers may be subject to additional security requirements, records retention requirements, compliance requirements, and contractual obligations that supplement this Privacy Policy, including:
Government customers should contact their Accure account representative to obtain applicable supplemental terms.
Customers shall not use the Services in violation of applicable export laws, sanctions laws, trade restrictions, or national security regulations, including but not limited to the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR).
Customers are responsible for ensuring that uploaded content does not infringe copyright, trademark, patent, privacy, publicity, confidentiality, or other proprietary rights of any third party.
The Services are not intended for children under thirteen (13) years of age, or such higher age as required by applicable law. Accure does not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will take steps to delete it.
Where required by applicable law or customer agreement, Accure will enter into a Data Processing Addendum (DPA) governing the processing of personal information on behalf of customers. The DPA supplements and, in the event of conflict, takes precedence over this Privacy Policy with respect to personal data processing activities.
Accure may modify this Privacy Policy at any time. Updated versions will be posted at https://www.accure.ai/privacy-policy with a revised Effective Date. Accure will provide reasonable advance notice of material changes, which may include email notification to account holders or in-platform notices. Continued use of the Services following the effective date of any update constitutes acceptance of the updated Privacy Policy.
Privacy Contact
Accure Inc.
10300 Eaton Pl, Suite 440
Fairfax, VA 22030
Email: legal@accure.ai
Website: https://accure.ai
Privacy Requests: legal@accure.ai
AccureLegal may process contracts, legal documents, policies, procedures, legal research materials, playbooks, regulations, and related content.
AccureLegal is a technology platform and does not provide legal advice or legal representation. Users remain responsible for reviewing and validating all legal analyses and recommendations. Use of AccureLegal does not create an attorney-client relationship.
AccureIQx may process structured data, unstructured data, enterprise documents, images, audio, video, and AI-generated outputs.
Customers remain responsible for determining the appropriateness of submitted content and the use of generated outputs.
ComplianceAI may process regulations, compliance materials, policies, audits, assessments, controls, procedures, and evidence.
ComplianceAI provides informational assistance and does not constitute legal, regulatory, compliance, audit, or professional advice. ComplianceAI is currently in limited availability. This Appendix will be updated upon general availability.
Future Accure products, services, applications, APIs, and platforms shall be governed by this Privacy Policy or a successor product-specific privacy notice, as determined by Accure at the time of product launch. Accure will publish applicable notices in advance of any future product release.
Last Updated: December 23, 2025
Accure, Inc., a Commonwealth of Virginia corporation (“Accure,” “we,” “us,” or “our”),
values your privacy and is committed to protecting the personal information you share
with us. This Privacy Statement explains how we collect, use, disclose, and safeguard
personal information when you visit our website, access protected resources, or
interact with our services.
We collect personal information that you voluntarily provide to us and, in certain
cases, that is required to access specific resources or services.
You may be required to provide personal information such as:
This information may be collected when you:
Access to certain protected resources is conditional upon providing this information.
If you choose not to provide the required information, you may not be able to access
those resources.
We use the information we collect for legitimate business purposes, including to:
We do not use your personal information for purposes unrelated to Accure’s business
offerings.
By providing your personal information, particularly to access gated resources, you
acknowledge and consent that Accure may use your information to:
You may opt out of marketing communications at any time by using the unsubscribe
link in our emails or by contacting us directly. Opting out does not affect
transactional or service-related communications.
Accure does not sell, rent, or trade your personal information to third parties.
We may share personal information only in limited circumstances, including:
We implement reasonable administrative, technical, and organizational safeguards
to protect personal information against unauthorized access, disclosure,
alteration, or destruction.
While we strive to protect your data, no internet transmission or storage system
can be guaranteed to be completely secure.
We retain personal information only for as long as necessary to fulfill the
purposes outlined in this Privacy Statement, including providing access to
protected resources, fulfilling business obligations, or complying with legal
requirements.
Depending on applicable law, you may have the right to:
To exercise these rights, please contact us using the details below.
Our website may include links to third-party websites or embedded content.
Accure is not responsible for the privacy practices or content of those third-party
sites. We encourage you to review their privacy policies before providing personal
information.
We may update this Privacy Statement from time to time. Any changes will be
posted on this page with an updated “Last Updated” date. Continued use of our
website or resources constitutes acceptance of the revised Privacy Statement.
Accure, Inc.
Commonwealth of Virginia, United States
privacy@accure.ai
If you are located in the European Economic Area (EEA) or the United Kingdom,
you have rights under the General Data Protection Regulation (GDPR), including:
Legal Basis for Processing
Accure processes personal data based on one or more of the following lawful bases:
You may lodge a complaint with your local data protection authority if you believe
your rights have been violated.
If you are a California resident, you have rights under the California Consumer
Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
No Sale of Personal Information
Accure does not sell or share personal information as defined under the CCPA/CPRA.
You will not be discriminated against for exercising your privacy rights.
Requests may be submitted by contacting us at
privacy@accure.ai.
