Privacy ACA

This Privacy Statement is intended for users of our hosted service and all applications (“Apps”) (e.g., Agiloft Contract Assistants (“ACAs”) for Microsoft ® Word and Outlook) in support of the hosted services (collectively “Agiloft Technology”). A separate Privacy Policy for Website Visitors addresses the privacy needs of visitors to our website.

This Privacy Policy Statement applies to our customers who choose our cloud hosted service and Agiloft Apps. In this document, the term “Customer Information” means information about your end users stored on our servers. The term “Customer” refers to the company (you) that contracts with us for hosted service. This privacy statement should be read in conjunction with the Hosted Service Level Agreement, which contains further provisions relating to Customer Information.

Customers are hosted on either the secure facilities. For more information about your Hosted Service options, refer to our Hosted Service Datasheet.

We will not use customer information for the purposes of marketing to, or otherwise communicating directly with your end users, or provide customer information to any third party, unless we are required to do so to comply with the law. In short, we will never access customer information at all, unless specifically requested to do so by the customer who owns that information, to assist with support or implementation.


A cookie is a small text file containing a unique identification number that is transferred from a web server to the end user’s browser, enabling the serving party to track the website activities of the end user. We do not issue any cookies which enable third parties to track the activities of your end users.


All hosted server environments meet the following physical security requirements:

  • Single point of entry to hosting areas
  • Primary monitored access with additional access for emergency purposes only
  • Surveillance cameras in use
  • Biometric identity check for access validation
  • Access only to people on the Agiloft approved access list

All information transmitted to or from Agiloft over the internet is encrypted using SSL.

All hosted data is backed up at least once every 4 hours. These backups are stored separately in two secure locations to assist with preserving data and auditing changes.

All customer data is encrypted at rest.

Agiloft imposes strict internal controls over those of its employees with access to Customer Information. Such access is granted only on a need-to-know basis.

Correction/Updating of Customer Information

Our software is configurable to enable you to give your end users permissions-based access to their own information for the purposes of creating, modifying, or deleting it.

EU-U.S. Privacy Shield Framework Certification

Agiloft, Inc. still complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Please see Agiloft, Inc.’s Notice of Certification Under the EU-U.S. Privacy Shield Framework. Agiloft will continue to monitor its compliance as EU based legal positions are being revised.

GDPR Compliance

The GDPR codifies the data privacy rights of not just EU citizens but also of anyone whose personal data is collected or processed in the EU. It puts new obligations on anyone who handles EU-based personal data. As a platform that customers may use to store and manage EU-based data, Agiloft meets the data protection standards defined by the GDPR for data processors. Agiloft is committed to clearly defining our responsibilities to our customers under GDPR as well as providing guidance to define customers’ responsibilities to end users while using our platform. For more information, see our GDPR: What You Need to Know whitepaper.

Representation for Data Subjects in the EU

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit:

CCPA Compliance

The California Consumer Privacy Act codifies the data privacy rights of California residents. Agiloft complies with the CCPA and does not ‘sell’ (as defined by the CCPA) any Customer Information.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of health information that is held or transferred in electronic form. At Agiloft, we support the requirements and chain of accountability required by HIPAA.

Changes to Privacy Policy

Agiloft will update this policy from time to time. A “last revised” date will always be included on the bottom of the statement. To keep up to date with Agiloft’s policy, please check this page periodically.

Contacting Us

If you have any questions about this Statement, or our practices as they affect the privacy of hosted data, please contact us at [email protected].

Last revised: 06/28/2021