ImpactLink

Privacy Policy

Last Updated: December 15, 2024

1. Introduction

ImpactLink, Inc. ("Company", "we", "us", or "our") operates the ImpactLink Dashboard and associated services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

We are committed to protecting your privacy. If you have questions about this Privacy Policy or our privacy practices, please contact us at [email protected].

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide, including:

  • Account Information: Name, email address, phone number, company name, job title, and billing address when you create an account or subscribe to our Service.
  • Communication Data: Content of emails, messages, or support requests you send us.
  • Payment Information: Credit card details and billing information processed through our payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Customer Feedback: Reviews, survey responses, and feature requests you provide.

2.2 Event Data and Infrastructure Information

As part of using our Service, you may send us:

  • Infrastructure Events: Logs, alerts, metrics, and events from your monitoring tools, applications, and business systems (via API, webhook, or SDK).
  • System Metadata: Service names, hostnames, database identifiers, API endpoints, and other technical identifiers necessary to correlate events and provide the Service.
  • Business Data: Transaction volumes, revenue figures, customer counts, or other business metrics you configure for impact calculations.

You are responsible for ensuring that any data you send to ImpactLink does not contain personally identifiable information (PII) of individual users unless you have appropriate consent and legal basis. We recommend you redact or mask sensitive data before transmission.

2.3 Automatically Collected Information

When you visit our website or use the Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent in the application, clicks, and interactions.
  • Device Information: IP address, browser type, operating system, device type, and device identifiers.
  • Log Data: Server logs containing access times, pages viewed, referrer URLs, and error messages.
  • Cookies and Tracking Technologies: Session cookies, preference cookies, and analytics identifiers (see Section 6 for details).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Providing, maintaining, and improving the ImpactLink Service, including event correlation, impact calculation, and reporting.
  • Account Management: Creating and managing your account, authenticating users, and providing customer support.
  • Billing and Payments: Processing payments, invoicing, and managing subscription services.
  • Communications: Sending transactional emails (order confirmations, password resets), service updates, and security alerts.
  • Analytics and Improvement: Analyzing usage patterns to improve the Service, identify bugs, and develop new features.
  • Security and Compliance: Detecting fraud, preventing abuse, enforcing terms of service, and meeting legal obligations.
  • Marketing (with consent): Sending promotional emails, webinar invitations, and product updates only to users who have opted in.

4. Legal Basis for Processing (GDPR)

For users subject to GDPR (European Union and similar jurisdictions), we process personal data on the following legal bases:

  • Contractual Necessity: Processing necessary to perform our obligations under your service agreement (e.g., account management, service delivery).
  • Legitimate Interests: Processing for our legitimate business interests in operating, improving, and securing the Service, provided your rights are not overridden.
  • Consent: Processing based on your explicit consent (e.g., marketing communications, analytics).
  • Legal Obligation: Processing required to comply with applicable laws, regulations, or legal orders.

5. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

  • Service Providers: Third-party vendors who provide hosting, payment processing, analytics, customer support, and other services essential to operating our Service. These providers are contractually obligated to use your data only to provide services to us.
  • Business Partners: Integration partners (with your explicit authorization) for enhanced functionality (e.g., Slack integration for alerts). Sharing is limited to data necessary for the integration.
  • Legal Requirements: When required by law, court order, or government request. We will notify you of such requests unless legally prohibited.
  • Business Transfers: If ImpactLink is acquired, merged, or assets are sold, your data may be transferred as part of that transaction. We will provide notice and the opportunity to opt out where applicable.
  • Aggregated and Anonymous Data: We may share de-identified, aggregated data (e.g., industry benchmarks) without restriction.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and understand how our Service is used.

6.1 Types of Cookies

  • Essential Cookies: Necessary for authentication, session management, and security. These cannot be disabled without affecting service functionality.
  • Preference Cookies: Remember your settings (e.g., theme, language) across sessions.
  • Analytics Cookies: Track how you use our Service to improve features and identify usage patterns (requires consent).
  • Marketing Cookies: Used for targeted advertising and remarketing campaigns (requires consent).

6.2 Managing Cookies

You can manage cookie preferences through the cookie banner on our website. Most browsers also allow you to reject or delete cookies. Note that disabling essential cookies may affect functionality.

7. Data Retention

We retain data according to the following schedule:

  • Account Information: Retained while your account is active. Deleted within 90 days of account closure or termination.
  • Infrastructure Events: Retained for 12 months unless you request earlier deletion. Older data is archived or deleted according to your plan tier.
  • Backup Copies: May be retained for up to 30 days beyond deletion for disaster recovery purposes.
  • Legal Holds: Data may be retained longer if required by law or legal proceedings.

You can request data deletion through your account settings or by contacting support. We will comply with deletion requests within 30 days, subject to legal and technical constraints.

8. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Controls: Role-based access control ensures only authorized personnel access sensitive data.
  • Network Security: Firewalls, intrusion detection, and DDoS protection.
  • Infrastructure: SOC 2 Type II certified hosting with redundancy and automated backups.
  • Monitoring: 24/7 security monitoring and incident response protocols.
  • Employee Training: Regular security training and background checks for all team members.

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use our Service at your own risk.

9. International Data Transfers

ImpactLink is headquartered in Canada, and your data is primarily processed in North America. If you are located in the European Union or other jurisdictions with data protection regulations, your data may be transferred to and stored in countries with different privacy laws.

For international transfers, we rely on:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Your explicit consent
  • Legal necessity to perform our service

By using our Service, you consent to such transfers. You have the right to withdraw consent, though this may affect your ability to use the Service.

10. Your Rights and Choices

Depending on your location, you may have the following rights:

10.1 GDPR Rights (EU/EEA Users)

  • Access: Right to request a copy of your personal data.
  • Rectification: Right to correct inaccurate or incomplete data.
  • Erasure: Right to request deletion of your data ("right to be forgotten").
  • Restriction: Right to restrict processing in certain circumstances.
  • Portability: Right to receive your data in a structured, portable format.
  • Object: Right to object to processing for direct marketing or legitimate interests.
  • Automated Decision-Making: Right not to be subject to automated decisions with legal consequences.

10.2 CCPA Rights (California Users)

  • Disclosure: Right to know what personal data is collected, used, and shared.
  • Deletion: Right to request deletion of personal data (with exceptions).
  • Opt-Out: Right to opt out of "sales" of personal data (we do not sell data).
  • Non-Discrimination: Right to non-discriminatory treatment for exercising your rights.

10.3 How to Exercise Your Rights

To exercise any of these rights, email [email protected] with your request. We will respond within 30 days (GDPR) or 45 days (CCPA). You may also have the right to file a complaint with your local data protection authority.

11. Third-Party Integrations and Links

Our Service integrates with third-party services (Datadog, New Relic, Slack, etc.). When you authorize these integrations, you grant ImpactLink permission to access and process data from those services. Review the privacy policies of third-party services before authorizing integrations.

Our website may contain links to external websites not operated by ImpactLink. This Privacy Policy applies only to our Service. We are not responsible for third-party privacy practices.

12. Children's Privacy

Our Service is intended for business and professional use and is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we learn we have collected such data, we will delete it promptly. Parents who believe their child has provided information to ImpactLink should contact us immediately at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date at the top and, where required, by sending an email notification or displaying a prominent notice on our website.

Your continued use of our Service following such notification constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us:

Customize Your Cookie Preferences

We use different types of cookies to provide you with the best experience. Essential cookies are always enabled. Choose which additional categories you'd like to enable.

View our full Cookie Policy →

Required for basic functionality, security, and legal compliance. Always enabled.

Help us understand how you use our site to improve your experience.

Enable personalized content and track your interactions across our site.

Track performance metrics to optimize site speed and reliability.