Privacy Policy

1. Introduction

Impact Radar ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at impactradar.co ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly when using our Service:

• Account Information: Email address, password (hashed), name, and profile information
• Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
• Watchlist Data: Companies and tickers you track
• Custom Preferences: Alert criteria, scoring weights, and custom configurations
• Communications: Messages you send to our support team
• Portfolio Data: Holdings data you upload for risk analysis (if using portfolio features)

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain information:

• Usage Data: Pages viewed, features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, device type, and screen resolution
• Log Data: IP address, access times, and error logs
• Cookies and Tracking: Session cookies, preference cookies, and analytics cookies
• API Usage: API endpoints called, request frequency, and response times (for Pro/Enterprise users)

2.3 Information from Third Parties

• Payment Processors: Transaction information from Stripe
• Authentication Providers: Information from social login providers (if enabled)
• Analytics Services: Aggregated usage data from analytics tools

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Provide, operate, and maintain the Service
• Process your transactions and send transaction notifications
• Deliver personalized event alerts based on your watchlist
• Generate impact scores and analytics based on your preferences
• Provide customer support and respond to inquiries

3.2 Service Improvement

• Understand and analyze usage patterns
• Develop new features and functionality
• Improve our machine learning models and impact scoring algorithms
• Debug and fix technical issues
• Conduct research and analytics

3.3 Communication

• Send account-related emails (verification, password reset, billing)
• Send event alerts and notifications you've configured
• Send service updates and announcements
• Send marketing communications (with your consent, you can opt out)
• Respond to your comments and questions

3.4 Security and Compliance

• Detect, prevent, and address fraud and security issues
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and property

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party vendors who perform services on our behalf:

• Payment Processing: Stripe (for billing and payment processing)
• Email Services: Resend (for transactional and alert emails)
• Cloud Hosting: Replit and database providers (for data storage and hosting)
• Analytics: Analytics platforms (for usage tracking and insights)
• Error Tracking: Sentry (for monitoring and debugging)

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government or regulatory requests
• Protection of our rights, property, or safety
• Prevention of fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, sale, or other business transaction, your information may be transferred to the acquiring entity. We will notify you of such transfer and any choices you may have.

4.4 Aggregated Data

We may share aggregated, anonymized data that does not identify you personally. For example, we might share statistics about overall platform usage or popular watchlist tickers.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted.
• Access Controls: Strict access controls limit who can access your data
• Password Security: Passwords are hashed using bcrypt
• Regular Audits: Security reviews and vulnerability assessments
• Monitoring: Continuous monitoring for suspicious activity

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

When you delete your account, we will delete or anonymize your personal information within 90 days, except for data we are required to retain for legal, tax, or regulatory purposes.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal data and request a copy in a structured, machine-readable format. You can export your data from your account settings or contact us at privacy@impactradar.co.

7.2 Correction

You can update your account information at any time through your account settings. If you need assistance, contact us at support@impactradar.co.

7.3 Deletion

You can delete your account at any time through your account settings. This will permanently delete your personal information, subject to legal retention requirements.

7.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or updating your preferences in account settings. Note that you will still receive transactional emails (alerts, billing notifications).

7.5 Cookie Preferences

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

7.6 Do Not Track

Our Service does not respond to Do Not Track (DNT) signals. You can manage tracking preferences through cookie settings.

8. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent for data processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@impactradar.co. We will respond within 30 days.

9. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of data collected and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale of personal information (note: we do not sell your data)
• Right to Non-Discrimination: Not be discriminated against for exercising CCPA rights

To exercise these rights, contact us at privacy@impactradar.co or call 1-800-XXX-XXXX (toll-free).

10. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve the Service:

10.1 Essential Cookies

Required for the Service to function (authentication, security, preferences)

10.2 Analytics Cookies

Help us understand how users interact with the Service

10.3 Preference Cookies

Remember your settings and preferences

You can manage cookie preferences through our cookie consent banner or your browser settings.

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately.

If you believe we have collected information from a child, please contact us at privacy@impactradar.co.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

13. Third-Party Links

The Service may contain links to third-party websites (source links to SEC, FDA, etc.). We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending an email notification for material changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: