Back to home

Privacy Policy

Last updated: 9 April 2026 Controller / Operator: Impact Cloud (“we”, “us”). Contact: privacy@impact.cloud (replace with production contact).

This Privacy Policy describes how we collect, use, and share personal data when you use the Impact Cloud websites and services (the “Services”). It is a general notice; your organisation may have a separate agreement with us.

1. Who this applies to

  • Visitors to our marketing site.
  • Users with an account (authentication, workspace membership, collaboration).
  • Representatives of organisations that use Impact Cloud on behalf of their beneficiaries or partners.

2. Data we process

Depending on how you use the Services, we may process:

  • Account data: name, email, authentication identifiers, role, preferences.
  • Usage and technical data: IP address, device/browser type, coarse logs for security and reliability.
  • Content you submit: project documents, messages, files, and metadata needed to operate multi-tenant workspaces.
  • Payment-related metadata processed via our payment partners (we do not store full card numbers in Impact Cloud’s application databases in the standard product configuration).

3. Purposes and legal bases (EEA/UK)

Where GDPR/UK GDPR applies, we rely on:

  • Contract — providing the Services you requested.
  • Legitimate interests — securing the platform, analytics in aggregate, product improvement (balanced against your rights).
  • Legal obligation — where required by law.
  • Consent — where we ask explicitly (e.g. certain cookies or marketing).

4. Subprocessors

We use trusted infrastructure and service providers (hosting, database, authentication, maps, optional analytics, optional AI APIs). A current list is published on our Trust & Security page. We impose data-processing terms consistent with our role as processor or controller as applicable.

5. International transfers

If we transfer personal data outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses and vendor measures described in their compliance documentation.

6. Retention

We retain personal data as long as needed to provide the Services and meet legal, accounting, or dispute requirements. Backup copies may persist for a limited period consistent with our infrastructure.

7. Your rights

You may have rights to access, rectify, erase, restrict, object, or port your data, and to withdraw consent where processing is consent-based. To exercise rights, contact privacy@impact.cloud. You may also lodge a complaint with your local supervisory authority.

8. Security

We implement technical and organisational measures including encryption in transit, access controls, and database isolation. See our Security overview on the Trust page.

9. Children

The Services are not directed at children under 16 (or local age of digital consent). Do not provide their personal data.

10. Changes

We may update this policy; the “Last updated” date will change. Material changes will be communicated as required by law.

This text is a starting point for legal review and must be adapted to your entity name, contacts, jurisdictions, and product facts.