Terms of Service & Privacy Policy

Aquamark ("Aquamark", "we", "us") provides document watermarking, leak-deterrence, and certification services for brokers and funders in the commercial finance industry.

1) What We Do

Aquamark watermarks documents to deter unauthorized sharing and help identify potential leak points. We serve:

Brokers

Example: 5 files sent to 5 funders = 25 billable files.

Funders

SecureFunder™ Certification

SecureFunder™ Certification includes a one-time enrollment fee and an annual renewal fee to maintain certification status. Certification is based on demonstrated technical controls and observable system behavior, not self-reported policies, providing clear, objective assurance, with confidentiality maintained throughout the process.

Certification indicates that at the time of review, the funder demonstrated adherence to data-handling controls. Aquamark does not guarantee certified funders are free from breaches, insider threats, or security failures after certification. Certification may be suspended or revoked if standards are not maintained.

2) Document Handling

Broker API

Funder API

Audit Logs: Server audit logs are available upon request for security review and compliance purposes.

We store uploaded logos to deliver your branding across all services.

3) Data We Collect

• Account & contact information
• Billing & subscription data
• Usage logs (counts, timestamps, API usage)
• Technical logs (e.g., IP for abuse prevention and security)
• Support communications

4) How We Use Data

• Provide and improve our service
• Account and billing administration
• Fraud and misuse prevention
• Service notifications and support
• Compliance with legal obligations

5) Sharing

We do not sell personal information. We share data only with service providers (Stripe for payment processing, Render and Supabase for cloud hosting, support tools) or when legally required.

6) Security & Compliance

Infrastructure Security

• Encrypted API connections (HTTPS/TLS)
• Infrastructure hosted on SOC 2 Type II certified providers (Render, Supabase)
• Multi-factor authentication (MFA) enabled on all administrative accounts
• Restricted access controls & API key management
• Comprehensive audit logging & server activity monitoring
• Infrastructure providers maintain automated security patching and hardening
• Memory-only document processing (no persistent storage)

Compliance Framework

Aquamark operates on enterprise-grade infrastructure certified to industry standards. Our cloud providers (Render, Supabase) maintain SOC 2 Type II compliance, undergo independent security audits, and implement continuous monitoring.

We implement defense-in-depth security controls including encryption at rest and in transit, role-based access controls, and audit logging. Server audit logs are available to clients upon request for compliance and security review.

6.5) Compliance & Audit Features

• Audit Logs: Complete server activity logs available on request
• Data Processing Agreements (DPA): Available upon request
• Custom retention policies: Configurable for compliance requirements
• API documentation: Technical specifications and integration guides
• Security questionnaire support: We respond to vendor security assessments

Contact [email protected] for DPA, security documentation, or compliance inquiries.

7) Billing & Cancellation

• Subscriptions auto-renew monthly
• Usage fees apply to billable files
• Cancel anytime; no refunds for partial periods

8) U.S. & State Privacy Rights

Aquamark primarily serves U.S. businesses and currently falls below thresholds requiring CCPA/CPRA designation as a "business." Regardless, we honor reasonable requests to access or delete account data to the extent feasible.

Submit requests to [email protected].

9) International Users & GDPR Notice

Aquamark is based in the United States and currently serves primarily U.S. business users. As we expand to serve EU/UK clients, we will fully comply with GDPR requirements and provide:

• Right to access, correct, delete, or export personal data
• Lawful basis disclosures
• Data Processing Agreement (DPA) where appropriate
• Transfer mechanisms & safeguards

We honor reasonable privacy requests consistent with applicable law.

10) Service Limitations & Liability

Aquamark provides deterrence and traceability tools designed to reduce unauthorized document sharing. While our watermarking technology is effective, no security system can guarantee 100% prevention of determined bad actors, sophisticated insider threats, or all forms of data misuse.

• Service provided "as-is" with industry-standard security practices
• Total liability limited to fees paid in prior 3 months
• Clients retain responsibility for lawful document handling and internal security controls
• Force majeure and third-party infrastructure limitations apply

11) Data Breach Notification

In the event of a security incident affecting your account data, we will notify affected customers within 72 hours of discovery via email to the primary account contact. Notifications will include the nature of the incident, affected data types, and remediation steps.

Given our zero-storage architecture for broker documents and 30-minute retention for funder documents, the risk of document exposure is minimal. Account and billing data is protected by our infrastructure providers' SOC 2 certified security controls.

12) Suspension & Termination

Access may be suspended for non-payment, abuse, security risk, or violation of these terms.

13) Dispute Resolution

California law governs. Binding arbitration in San Francisco County. No class actions.

14) Changes

We may update this page as laws or services change. Continued use means acceptance.

15) Contact

© 2025 Aquamark. SecureFunder™ is a trademark of Aquamark.