Privacy Trust Center

Protecting our business partner’s data and privacy is of central importance for Acquia. We are dedicated to assisting Acquia’s customers on their own privacy journey. We continuously monitor changes in the global data protection landscape to adapt where necessary.

teal and yellow acquia droplets with an image of two people standing looking over a laptop

Explore Our Privacy Resources

line art of a folder with a security shield over it


Data Processing Agreement, detailed privacy information regarding every Product and Service (Product Notices), and other documents.

Learn More

line art of a computer with a lock over it

Privacy Request Portal

Privacy, security, and transparency are at the core of our mission.

Learn More

Line art of a security badge

Subprocessor List

Sub-processors authorized by Acquia to process Customer Data.

Learn More

Privacy Laws and Acquia

The EU's GDPR and California's CCPA have had and continue to have an enormous impact on the creation and development of data protection laws worldwide. Increasingly, data protection laws are being adapted to the requirements of a digitalized and connected world.

Acquia is committed to protecting our customers' data and therefore operates a proactive privacy program. Part of this data protection program is the continuous monitoring of data protection laws and regulations worldwide.

In the wake of GDPR and CCPA, various countries updated their privacy laws, among many others, for example

  • Brazil: Sharing many of the principles and characteristics of the GDPR, the Brazilian Lei Geral de Proteção de Dados Pessoais (LGPD) came into effect in 2020 (enforcement provisions in 2021) and has similarly extraterritorial application as the GDPR.
  • California: The California Privacy Rights Act (CPRA; coming into effect on 01 January 2023) modifies the CCPA, strengthens the rights of data subjects and creates a new data protection authority for California (California Privacy Protection Agency).
  • Canada: The CPPA (Bill C-27) as a successor to PIPEDA is already in the legislative process and, once enacted, will profoundly reform the Canadian privacy laws.
  • Colorado, Connecticut, Utah, and Virginia: These US States have recently enacted their privacy laws which will come into effect in 2023 (Virginia Consumer Data Protection Act (VCDPA) on 01 January 2023, Colorado Privacy Act (CPA) and Connecticut Data Privacy Act (CTDPA) on 01 July 2023 and the Utah Consumer Privacy Act (UCPA) on 31 December 2023.
  • New Zealand: The New Zealand Privacy Act of 2020 contains a set of Information Privacy Principles governing the use of personal data.

Acquia strives to stay ahead of these legislative changes and continuously adapts, where necessary, its privacy processes, practices, and documentation.

Data Subject Rights

Acquia maintains a Privacy Request Portal to allow any individual to exert their fundamental privacy rights (deletion, update, information, etc.).

Product-specific Privacy Characteristics, Data Deletion, Data Retention, Cross-Border Transfers

Through our Product Notices (please click on the relevant “GDPR Product Notice”), Acquia provides detailed information on our products’ privacy settings, data encryption, obfuscation, and deletion options, cross-border transfers (in connection with our subprocessor list) and similar details. These help you to conduct privacy impact and data protection impact assessments (PIA, DPIA).

Transfer Impact Assessments

Conducting a transfer impact assessment is an obligation of a data controller which is regularly the role of our customers. Acquia assists its customers in conducting such transfer impact assessments and provides upon request (please contact your account manager) relevant material and documentation.


Acquia maintains a list a of subprocessors used to provide our services. Please note that the list of subprocessors varies depending on the product or service chosen.