Acelab, Inc. ("Acelab," "we," "our," or "us") maintains an unwavering commitment to protecting the privacy, security, and confidentiality of all Customer Data within the Material Hub platform. We understand that architecture and design firms ("Customer," "you," "your") entrust us with their most valuable intellectual property and proprietary information. This Privacy Policy and Terms of Agreement ("Privacy Terms") establishes our legally binding commitment that your data belongs exclusively to you and will never be shared, sold, analyzed, or used for any purpose other than providing you with our contracted Services.

1.1 Fundamental Data Privacy Commitment

The foundation of our relationship with Customers rests on an absolute commitment to data privacy and protection. We establish this commitment through legally binding terms that ensure all Customer Data remains exclusively under Customer control. Our platform serves solely as a secure repository and processing environment, operating under strict Customer direction and maintaining complete Customer ownership of all data and intellectual property.

1.2 Scope of Privacy Protection

These Privacy Terms encompass all aspects of data handling within the Material Hub platform, including project specifications, material libraries, design documentation, pricing information, vendor relationships, and all other Customer-generated content. Our privacy protections extend to all users operating under Customer's account, whether employees, contractors, or authorized third parties. These protections persist throughout the entire data lifecycle, from initial creation through processing, storage, and eventual deletion.

1.3 Service Boundaries

The Material Hub platform provides a comprehensive suite of tools for material management, project specification, and collaboration while maintaining strict data privacy. Our Services include the core platform functionality, material library management, project specification tools, AI-powered search capabilities, collaboration features, documentation automation, and related APIs. Each component operates under these Privacy Terms, ensuring consistent data protection across all platform features.

2.1 Essential Terminology

Customer Data encompasses all information, materials, and content uploaded, created, or stored within the Material Hub platform under Customer's account. This includes project specifications, material standards, design documentation, pricing information, vendor relationships, collaboration records, and any other data generated through platform use. Customer Data explicitly excludes basic system metrics required for platform operation, such as login timestamps and performance monitoring data.

2.2 Platform Components

The Services comprise the complete Material Hub platform, including all associated tools, features, and functionality provided by Acelab. This encompasses the core platform, mobile applications, APIs, integration capabilities, and any additional features or Add-ons purchased by Customer. All platform components operate under uniform privacy and security standards, ensuring comprehensive data protection regardless of access method or feature utilization.

2.3 User Classifications

Users are defined as individuals authorized by Customer to access the platform under Customer's account. This includes internal employees, external collaborators, and third-party contractors granted access by Customer. Each user operates under role-based permissions established and controlled by Customer, with all activities governed by these Privacy Terms.

3.1 Absolute Customer Data Ownership

Customer maintains complete and exclusive ownership of all data entered into, created within, or stored on the Material Hub platform. This ownership extends to all derivatives, modifications, and enhancements of Customer Data, regardless of how such data is processed or transformed within the platform. Acelab explicitly acknowledges that it acquires no rights to Customer Data and serves solely as a data processor operating under Customer's direction and control.

3.2 Intellectual Property Rights

All intellectual property rights associated with Customer Data remain exclusively with Customer. This includes but extends beyond standard project documentation to encompass proprietary methodologies, design approaches, pricing strategies, vendor relationships, and organizational knowledge captured within the platform. Customer's intellectual property rights cover all aspects of their material libraries, specification standards, custom workflows, and historical project data, ensuring complete protection of Customer's competitive advantages and proprietary information.

3.3 Data Control Rights

Customer maintains absolute control over all aspects of their data within the Material Hub platform. This control includes comprehensive rights to determine data access, usage, sharing, storage, retention, and deletion. Customer has exclusive authority to grant or revoke access permissions, establish usage parameters, and determine how their data is organized and utilized within the platform. Acelab implements these controls strictly according to Customer's directives, maintaining detailed audit trails of all data access and modifications.

4.1 Data Encryption Framework

Acelab employs enterprise-grade encryption throughout the Material Hub platform to ensure maximum data security. All Customer Data is encrypted at rest using AES-256 bit encryption, with encryption keys stored in FIPS 140-2 validated Hardware Security Modules. Data transmission occurs exclusively through Transport Layer Security (TLS) 1.3 protocols, ensuring secure communication across all platform components. Each customer environment maintains dedicated encryption keys, which undergo automated rotation every 30 days to maintain the highest security standards.

4.2 Network Security Architecture

The platform operates within a defense-in-depth security model, implementing multiple layers of protection against unauthorized access or data exposure. Our network infrastructure utilizes enterprise-grade firewalls in redundant configurations, complemented by real-time intrusion detection and prevention systems. Advanced DDoS protection services ensure platform availability, while sophisticated network segmentation maintains strict isolation between customer environments. A dedicated security operations center provides continuous monitoring and threat response capabilities.

4.3 Infrastructure Security

Our infrastructure security framework encompasses both physical and logical security controls. All platform components operate within SOC 2 Type II certified data centers, featuring comprehensive physical security measures including biometric access controls, 24/7 security personnel, and continuous video surveillance. System-level security includes hardened operating systems, automated patch management, real-time threat detection, and comprehensive logging of all system activities.

5.1 Data Processing Limitations

All data processing within the Material Hub platform occurs exclusively under Customer's direction and control. Acelab's processing activities are strictly limited to those necessary for providing the contracted Services and maintaining platform functionality. No Customer Data is processed for any other purpose, including but not limited to market analysis, product development, or machine learning model training. All processing activities are logged and available for Customer audit.

5.2 Data Storage Controls

Customer Data is stored exclusively in specified geographical locations that comply with Customer's regulatory requirements and preferences. Our storage infrastructure employs redundant systems with automatic failover capabilities, ensuring continuous data availability while maintaining strict security controls. Each customer's data remains logically separated within the storage environment, with dedicated storage resources and access controls preventing any possibility of data commingling.

5.3 Data Retention and Backup

The platform maintains comprehensive backup systems to protect against data loss while ensuring Customer maintains complete control over data retention policies. Automated backup procedures create encrypted, geographically distributed copies of Customer Data according to Customer-defined schedules. Retention periods for backups are configurable to meet Customer's specific requirements and compliance obligations. All backup systems maintain the same stringent security controls as primary storage systems.

6.1 Authentication Framework

Access to the Material Hub platform is governed by a robust authentication system that requires multi-factor authentication for all users. The platform supports integration with enterprise identity providers through single sign-on (SSO) capabilities, allowing Customers to maintain consistent access control policies across their organization. Authentication policies enforce strong password requirements, regular credential rotation, and sophisticated session management to prevent unauthorized access.

6.2 Authorization Controls

A comprehensive role-based access control system enables fine-grained management of user permissions within the platform. Customers maintain complete control over role definitions, permission assignments, and access limitations. The platform enforces the principle of least privilege, ensuring users have access only to the specific data and features required for their role. All permission changes and access attempts are logged for security audit purposes.

7.1 Integration Security Framework

The Material Hub platform supports secure integrations with authorized third-party systems while maintaining strict data privacy controls. All integrations operate through secure, authenticated APIs with comprehensive access controls and audit logging. Integration capabilities are limited to specific data elements explicitly authorized by Customer, with no ability to access or expose data beyond these defined parameters. Each integration undergoes thorough security review and maintains encrypted communications at all times.

7.2 BIM and Design Tool Connections

Integration with Building Information Modeling (BIM) and design tools occurs through secure, structured protocols that maintain data privacy and integrity. These connections utilize dedicated API endpoints with specific security controls, ensuring data transfers occur only as authorized by Customer. No persistent storage of Customer Data occurs within integration layers, and all transferred data maintains original encryption and access controls. Customers retain complete visibility and control over all design tool integrations.

7.3 Manufacturer Relationships

Communication with material manufacturers and vendors occurs exclusively through controlled channels that protect Customer's proprietary information. The platform enables selective sharing of specific project requirements while maintaining strict confidentiality of Customer's broader data set. Manufacturer access is limited to explicitly shared information, with no ability to access Customer's material libraries, pricing strategies, or other proprietary content. All manufacturer interactions are logged and auditable by Customer.

8.1 Regulatory Compliance

The Material Hub platform maintains compliance with major international security and privacy regulations. Our compliance program includes regular third-party audits, continuous monitoring, and proactive updates to address evolving requirements. The platform meets or exceeds standards for ISO 27001, SOC 2 Type II, GDPR, and CCPA compliance, with additional frameworks available based on Customer requirements. Our compliance team maintains current certifications and responds promptly to new regulatory developments.

8.2 Industry Standards

Beyond regulatory compliance, we adhere to stringent industry-specific standards for data protection and privacy. The platform implements security controls aligned with NIST frameworks and AIA guidelines, ensuring appropriate protection for architectural and design industry data. Regular assessments verify compliance with these standards, with results available to Customers through detailed compliance reports and certifications.

8.3 Audit and Verification

Customers maintain comprehensive audit rights over their data and platform usage. The system provides detailed audit logs covering all data access, modifications, and security events. These logs are immutable and maintained in a secure, encrypted format accessible only to authorized Customer personnel. Regular third-party security assessments verify the effectiveness of platform controls, with results available to Customers upon request.

9.1 Data Management Rights

Customers maintain absolute control over their data within the Material Hub platform, including comprehensive rights for data access, modification, export, and deletion. The platform provides tools for data management that enable Customers to implement their own data governance policies and procedures. These controls extend to all aspects of data lifecycle management, from initial creation through archival or deletion.

9.2 Privacy Controls

Advanced privacy controls enable Customers to implement their specific requirements for data protection and confidentiality. These controls include granular permission settings, data classification capabilities, and customizable security policies. Customers can establish and enforce their own privacy requirements across their user base, ensuring consistent protection of sensitive information.

9.3 Export and Portability

The platform provides comprehensive data export capabilities, enabling Customers to retrieve their data in industry-standard formats at any time. Export functions maintain data structure and relationships, ensuring Customer Data remains usable outside the platform. All exports include relevant metadata and documentation, providing complete portability of Customer's information assets.

10.1 Service Availability

The Material Hub platform operates with a guaranteed uptime commitment backed by comprehensive business continuity measures. Our infrastructure includes redundant systems, automated failover capabilities, and geographically distributed operations to ensure continuous service availability. Regular disaster recovery testing verifies the effectiveness of these measures, with results documented and available for Customer review.

10.2 Data Resilience

Multiple layers of data protection ensure the continued integrity and availability of Customer Data. The platform maintains real-time replication across redundant storage systems, with automated backup procedures creating additional security copies. All backup and resilience measures maintain the same strict security controls as primary systems, ensuring consistent data protection throughout the business continuity framework.

11.1 Security Incident Management

Acelab maintains a comprehensive security incident response program with defined procedures for identifying, containing, and resolving potential security events. Our incident response team operates 24/7, providing immediate response to any detected security anomalies. In the event of any security incident affecting Customer Data, we commit to notification within 24 hours of detection, including detailed information about the nature of the incident and actions being taken to address it.

11.2 Breach Response Protocol

In the unlikely event of a data breach, our response protocol ensures immediate action to protect Customer Data and minimize potential impact. This includes immediate containment measures, forensic investigation by qualified third-party experts, and detailed incident documentation. We provide affected Customers with comprehensive incident reports, including scope of impact, remediation measures, and preventive actions implemented to prevent recurrence.

11.3 Recovery and Remediation

Post-incident recovery procedures ensure rapid restoration of service while maintaining data security and integrity. Our recovery process includes thorough validation of affected systems, verification of security controls, and confirmation of data integrity before returning to normal operations. Customers receive detailed documentation of all recovery actions and have the opportunity to review and approve security measures before service restoration.

12.1 Data Retrieval

Upon service termination, Customers maintain full access to their data with comprehensive export capabilities for a minimum period of 60 days. During this transition period, all platform security measures remain in full effect, ensuring continued data protection. The platform supports export of all Customer Data in industry-standard formats, including complete documentation of data structures and relationships.

12.2 Data Removal

Following the transition period and Customer confirmation of successful data export, we implement a thorough data removal process that ensures complete elimination of Customer Data from all platform systems. This includes removal from primary storage, backup systems, and any caching or temporary storage locations. We provide written certification of data deletion upon completion of this process.

12.3 Post-Termination Obligations

Our commitment to data privacy extends beyond service termination. All confidentiality obligations regarding Customer Data remain in effect in perpetuity. Staff members who had access to Customer Data maintain their confidentiality obligations, and our security systems prevent any post-termination access to Customer information.

13.1 Contractual Protections

These Privacy Terms form a legally binding component of the service agreement between Acelab and Customer. Our commitments to data privacy and security are backed by substantial financial guarantees and specific performance obligations. The agreement includes provisions for third-party beneficiary rights where appropriate to protect Customer interests.

13.2 Liability and Indemnification

Acelab maintains comprehensive insurance coverage specifically addressing data protection and privacy risks. Our policy coverage includes cyber liability, professional liability, and specific coverage for data breach response costs. This insurance framework provides substantial financial protection for Customers in the unlikely event of a privacy or security incident.

13.3 Dispute Resolution

Any disputes regarding data privacy or security are addressed through a defined resolution process that emphasizes prompt, fair resolution while maintaining data protection throughout the process. The agreement provides for specific performance remedies in privacy-related matters, acknowledging that monetary damages alone may not adequately address data privacy concerns.

14.1 Privacy Support Structure

Acelab maintains dedicated privacy and security teams available to address Customer concerns or questions. Primary contacts include:

Privacy Officer: privacy@acelabusa.com

Security Team: security@acelabusa.com

Technical Support: support@acelabusa.com

Emergency Contact: emergency@acelabusa.com (24/7 response)

14.2 Issue Resolution

Privacy and security issues receive priority handling through our support system. Each issue is assigned a dedicated response team member who maintains communication with Customer throughout the resolution process. Regular status updates ensure transparency and prompt resolution of any privacy-related concerns.

14.3 Documentation and Training

We provide comprehensive documentation covering all privacy features and security controls within the platform. Additional training resources are available for Customer personnel responsible for managing privacy settings and security controls. Regular updates ensure this documentation remains current with platform capabilities and security best practices.

15.1 Privacy Terms Updates

Any updates to these Privacy Terms are provided to Customers with minimum 30-day advance notice. Updates that materially affect data privacy or security require explicit Customer acceptance before implementation. All previous versions of Privacy Terms remain available for Customer reference, with clear documentation of changes between versions.

15.2 Continuous Improvement

Our privacy and security frameworks undergo continuous review and enhancement to address evolving threats and requirements. Customers receive regular updates about security improvements and new privacy features, with detailed documentation of any changes that affect their data protection profile.

By using the Acelab Material Hub platform, you acknowledge and agree to these Privacy Terms. Your continued use of the platform constitutes ongoing acceptance of these terms and any authorized updates.

Last Updated: October 1, 2024 Version: 2.0 Document ID: ACELAB-PRIVACY-2024-V2