AcoSpark (acospark.ai) is an AI-driven business automation platform developed and operated by AcoBloom International Private Limited (“AcoBloom”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, share, and protect information when you access or use the AcoSpark platform and associated services. By accessing AcoSpark, you agree to the practices described herein.
Definitions
Platform: The AcoSpark suite AcoSparkCFO, AcoSparkAlpha, and AcoSparkPay accessible at acospark.ai.
User / You: Any individual, accounting firm, CPA practice, finance team, or business entity accessing or using the Platform.
Personal Data: Any information that identifies or could identify a natural person, directly or indirectly.
Financial Data: Transactional records, ledger entries, bank statements, payroll data, lease schedules, and other financial information processed through the Platform.
Controller: AcoBloom International Private Limited, which determines the purposes and means of processing Personal Data.
Processor: AcoBloom International Private Limited (operating the AcoSpark platform), acting as a data processor on behalf of subscribing firms when processing their clients’ financial data.
Information We Collect
Account & Registration Data: Name, business name, email address, phone number, job title, and billing information collected at account creation.
Financial & Accounting Data: To deliver services, we process business or financial data you upload or sync including ERP exports, bank statements, PDF documents, payroll records, and lease schedules.
Integration Data: When you connect third-party tools, you authorise (such as accounting, ERP, payroll, and practice-management systems), we receive data from those systems as authorised by you.
Usage & Analytics Data: Platform usage logs, feature interactions, session metadata, IP addresses, browser and device identifiers, and error reports to improve Platform performance.
Communications: Emails, support tickets, demo requests, and feedback forms submitted to us.
How We Use Your Information
- Provision, operation, and improvement of the AcoSpark Platform and its AI-powered modules.
- Processing financial data to automate workflows including month-end close, lease accounting, Order-to-Cash, payroll, and financial statement generation.
- Delivering real-time dashboards, anomaly detection, forecasting, and executive-ready reports.
- Authenticating users, managing subscriptions, and processing billing.
- Sending service notifications, product updates, and security alerts.
- Providing customer support and responding to enquiries.
- Conducting product analytics to enhance AI accuracy and platform performance.
- Ensuring compliance with applicable laws (GDPR, PIPEDA, APP, and applicable US regulations).
- Marketing communications, where you have given consent or where we have a legitimate interest, with opt-out available at any time.
Important: AcoSpark does not sell, rent, or trade your Personal Data or Financial Data to any third party for their own marketing purposes.
Legal Basis for Processing
For users in the UK, EU, and other jurisdictions requiring a legal basis for data processing, we rely on:
- Contractual necessity — processing required to perform the services you have subscribed to.
- Legitimate interests — security monitoring, fraud prevention, product improvement, and service communications.
- Compliance with legal obligations — applicable tax, accounting, and financial regulations.
- Consent — where explicitly requested, e.g., marketing emails (withdrawable at any time).
Data Sharing & Disclosure
We do not share your data except in the following circumstances:
- AcoBloom: Data may be shared within the AcoBloom International group for service delivery, support, and internal operations, subject to the same privacy standards.
- Technology Sub-processors: We engage vetted cloud infrastructure, AI, and security vendors under strict data processing agreements.
- Integration Partners: When you authorise connections to third-party systems (such as accounting, ERP, and practice-management platforms), data flows as required to deliver the connected service.
- Legal Requirements: We may disclose data if required to comply with applicable law, a court order, or regulatory authority request.
- Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred, subject to equivalent privacy protections.
Data Retention
We retain your data for as long as your account is active or as needed to provide the Platform, comply with legal obligations, resolve disputes, and enforce our agreements. Upon account termination, we will delete or anonymise your Personal Data within 90 days, except where retention is required by law or for legitimate audit purposes.
Financial data processed on behalf of your clients will be retained in accordance with the data processing agreement in place with your firm and applicable statutory record-keeping requirements.
Security Measures
AcoSpark and AcoBloom International implement a layered security programme including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access controls and multi-factor authentication.
- ISO 27001 certified information security management systems (certificate available on request).
- SOC 2 Type 1 controls for availability, confidentiality, and security.
- Regular penetration testing and vulnerability assessments.
- Security awareness training across all delivery centres.
- Incident response and breach notification procedures.
If you discover a security vulnerability, please report it responsibly to marketing@acobloom.com. We are committed to addressing issues promptly.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
- Access — request a copy of your personal data held by us.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your personal data (“right to be forgotten”), subject to legal obligations.
- Restriction — request that we limit processing of your data in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdraw Consent — where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at marketing@acobloom.com. We will respond within 30 days.
Your Rights Under India’s Digital Personal Data Protection Act, 2023
Where we process the Personal Data of data principals located in India, the Digital Personal Data Protection Act, 2023 and the rules made thereunder apply to that processing. In addition to the rights described above, you have the right to access a summary of the Personal Data we process about you and the processing activities undertaken; the right to correction, completion, updating, and erasure of your Personal Data; the right of grievance redressal; and the right to nominate another individual to exercise your rights in the event of your death or incapacity. We process Personal Data on the basis of your consent or for the legitimate uses permitted under the Act, and we provide notice of the purposes of processing as required.
In the event of a personal data breach, we will notify the Data Protection Board of India and affected data principals in the manner and within the timelines prescribed under the Act and the rules made thereunder.
Grievance Officer
If you have any grievance regarding the processing of your Personal Data, you may contact our Grievance Officer at marketing@acobloom.com. We will acknowledge and endeavour to resolve grievances within the period prescribed under the Digital Personal Data Protection Rules, 2025.
Third-Party Integrations
AcoSpark integrates with third-party platforms including accounting, ERP, business-automation, and practice-management systems that you authorise. When you authorise such integrations, data flows are governed by both this Privacy Policy and the privacy policies of those third parties. AcoBloom is not responsible for the data practices of third-party platforms.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or prominent in-platform notice at least 30 days before taking effect. Continued use of AcoSpark after such notice constitutes acceptance of the revised policy.
Contact Us
For privacy-related enquiries, data subject requests, or to contact our Data Protection Officer: marketing@acobloom.com