HomeCompliance Pack

Compliance Pack

A. Legal & Regulatory Disclaimer

Operations-Only Services

Accirva provides administrative, operational, and legal-support services only. Accirva does not provide legal advice and does not act as a law firm. Any legal conclusions, legal strategy, or legal determinations should be obtained from qualified counsel.

FCRA

Accirva is not a Consumer Reporting Agency. Any information, research, or outputs provided by Accirva are not intended for use, and may not be used, for credit eligibility, employment decisions, insurance underwriting, tenant screening, housing decisions, or any other purpose regulated by the Fair Credit Reporting Act.

DPPA

Where a customer requests access to DMV, driver, or motor-vehicle-related data, the customer is responsible for ensuring that any request, access, or use is supported by a valid permissible purpose under 18 U.S.C. § 2721 and applicable state law. The customer may be required to certify such permissible use upon request.

HIPAA

Accirva is not a HIPAA business associate unless and until the parties enter into an applicable Business Associate Agreement. If a valid Business Associate Agreement is in place and protected health information is handled within scope, Accirva will handle such information in accordance with applicable HIPAA requirements.

Children’s Data

Accirva does not direct its services to children. To the extent any online collection from children under 13 were ever implicated, such collection would be handled only in accordance with applicable law, including required notice and verifiable parental consent where applicable.

Remote Online Notarization

Where Accirva facilitates Remote Online Notarization, such facilitation is performed in accordance with applicable state law and operational requirements relevant to the transaction, including recordkeeping and retention requirements where applicable.

Security and Fair Dealing

Accirva seeks to avoid deceptive, misleading, or unfair business practices and maintains reasonable administrative, technical, and organizational safeguards appropriate to the nature of the services provided. Certain sector-specific requirements may apply in particular circumstances, including without limitation the FTC Act or the GLBA Safeguards Rule where legally applicable.

B. Service-Level Information

Purpose

This section describes general service practices and typical operational timeframes for informational and planning purposes only. Actual timing, responsiveness, and completion may vary depending on the nature of the request, workload, customer cooperation, legal requirements, and third-party dependencies. Nothing in this section constitutes a commitment, warranty, guarantee, or fixed service-level obligation.

General Response and Turnaround Practices

During normal business operations, Accirva generally seeks to acknowledge quote requests within a commercially reasonable timeframe and to issue quotes based on the scope, complexity, and completeness of the request.

Court, agency, and public-records retrieval timelines vary materially by jurisdiction, queue, staffing levels, holidays, and third-party processing practices.

Remote Online Notarization scheduling availability depends on legal eligibility, identity-proofing results, appointment capacity, and any other applicable verification or compliance requirements.

Printing and mailing requests are typically processed in the ordinary course of business, subject to submission timing, production capacity, mailing cutoffs, and carrier acceptance.

Support inquiries are generally reviewed and addressed as promptly as reasonably practicable, taking into account urgency, request volume, available channels, and operational circumstances.

Dependencies and Exclusions

Processing times and service availability may be affected by court or agency closures, backlog conditions, carrier delays, force majeure events, vendor or systems interruptions, failed identity verification, failed knowledge-based authentication, incomplete customer instructions, missing documentation, payment issues, compliance review needs, or other dependencies outside Accirva’s direct control.

Where such conditions arise, processing may be delayed, paused, rescheduled, or otherwise adjusted as reasonably necessary.

No Guarantee of Timing or Outcome

Any timeline examples, workflow expectations, or response references are illustrative only. They do not create binding deadlines, service guarantees, warranties of performance, or assurances of any specific result or completion date.

C. Data Processing & Records

Role

For personal information processed in connection with customer-requested services, Accirva generally acts on customer instructions in a service-provider or processor capacity, as applicable under relevant law. For its own internal business functions, including website operations, analytics, billing, fraud prevention, and account administration, Accirva may act as an independent business or controller, as applicable.

1. Processing Instructions and Use Limitations

Accirva processes personal information only for specified, documented, or reasonably necessary business purposes connected to the requested services and related internal administration.

Subject to applicable law and contractual terms, Accirva:

  • processes personal information in accordance with customer instructions where applicable;
  • does not sell personal information;
  • does not share personal information for cross-context behavioral advertising;
  • supports customer compliance efforts in responding to applicable consumer privacy requests where required;
  • requires relevant vendors or sub-processors to operate under contractual restrictions appropriate to the services provided; and
  • returns, deletes, or ceases use of personal information at the end of the engagement where contractually or legally required, subject to retention obligations, legal holds, dispute preservation, and legitimate recordkeeping requirements.

2. Security Program

Accirva maintains a risk-based security program designed to be reasonable in light of the nature of the information handled and the services performed. Depending on scope and context, this may include administrative, technical, and organizational safeguards such as access controls, role-based permissions, encryption in transit where appropriate, logging, vendor diligence, workforce training, and incident-response procedures.

Where sector-specific laws or regulations apply, additional controls may be implemented as legally required.

3. Consumer Rights Assistance

Where required by applicable privacy law and to the extent relevant to the services provided, Accirva offers reasonable cooperation and assistance to customers in connection with access, correction, deletion, restriction, opt-out, or similar privacy-rights requests.

Where legally applicable, Accirva may also support recognition of opt-out preference signals in relation to data processing activities for which such obligations apply.

4. Incident Reporting and Breach Cooperation

If Accirva confirms a security incident affecting customer data within its custody or control, Accirva will provide notice and reasonable cooperation consistent with applicable law, contractual obligations, and the circumstances of the incident. Notification timing, scope, and content may vary depending on legal requirements, facts known at the time, law-enforcement considerations, and the need to verify the nature and extent of the event.

5. Records Retention and Deletion

Accirva maintains records-retention practices intended to reflect operational needs, legal obligations, dispute preservation requirements, and applicable regulatory standards.

Unless a longer or shorter period is required by law, contract, legal hold, or operational necessity, records may generally be retained according to the following baseline framework:

  • Remote Online Notarization recordings and related journals: retained in accordance with applicable state-law requirements;
  • matter and service records, including quotes, work orders, and shipment or service proofs: typically retained for a commercially reasonable period after closure;
  • court retrieval artifacts and receipts: typically retained for recordkeeping and audit support purposes;
  • billing, accounts-receivable, and tax records: retained as required or permitted under applicable tax and financial recordkeeping rules;
  • web analytics and event logs: retained for operational, security, and analytical purposes, and may later be de-identified, aggregated, minimized, or deleted; and
  • identity-proofing, knowledge-based authentication, or credential-analysis outputs: retained only for so long as reasonably necessary for the service, dispute handling, fraud prevention, compliance, or legal requirements.

Specific retention periods may be disclosed in customer-facing notices, statements, or privacy documentation where required by law.

6. E-Sign and Electronic Records

Where electronic consents, acknowledgments, or signatures are used, Accirva may provide disclosures and obtain consent in accordance with applicable electronic-signature and electronic-records laws, including ESIGN, UETA, or state-law equivalents where applicable.

7. Sector-Specific Rules

Additional legal frameworks may apply depending on the nature of the information, customer, or transaction. These may include, without limitation:

  • HIPAA, where protected health information is handled under a valid Business Associate Agreement;
  • FCRA, which does not apply to Accirva outputs as consumer reports and prohibits use of those outputs for regulated eligibility determinations; and
  • DPPA, which may require documented permissible purpose, controlled access, and audit support for motor-vehicle-related information.

8. Legal Holds

If Accirva becomes aware of litigation, arbitration, government inquiry, subpoena, preservation obligation, or similar legal process affecting relevant records, ordinary deletion or destruction practices may be suspended for potentially relevant data for as long as reasonably necessary to comply with applicable preservation obligations.

9. Sub-Processors

Accirva may engage vendors, platforms, contractors, or other service providers in support of its operations. Where appropriate, such parties may be subject to contractual, confidentiality, data-protection, or use-restriction obligations consistent with the nature of the services provided and applicable law. Accirva may update its vendor or sub-processor arrangements from time to time in the ordinary course of business.