🛡️ Privacy Policy

1.1 Account Information

When you create an account with ImpactMatrix, we collect:

• Full name and email address
• Company name, industry, and size
• Job title and role
• Password (encrypted and never stored in plain text)
• Account creation date and authentication method

1.2 Sustainability Assessment Data

To provide our services, we collect:

• Environmental practices and metrics (energy use, emissions, waste management)
• Social initiatives (diversity, employee welfare, community engagement)
• Governance structures and policies
• Economic sustainability measures
• Technological sustainability approaches
• Connectedness and stakeholder engagement data
• SDG alignment and goals

1.3 Usage Information

We automatically collect:

• Pages visited and features used
• Time spent on the platform
• Device type, browser, and operating system
• IP address and general location
• Referral source

1.4 Payment Information

For paid subscriptions, we process securely through Stripe and maintain:

• Subscription tier and status
• Payment history and transaction IDs
• Billing address
• Last four digits of credit card (via Stripe)

2.1 Service Provision

• Provide sustainability assessments and recommendations
• Generate customized reports and dashboards
• Track progress towards sustainability goals
• Facilitate collaboration within your organization
• Enable consortium creation and partnerships

2.2 Platform Improvement

We use aggregated and anonymized data to:

• Improve our algorithms and recommendations
• Develop new features and functionality
• Create industry benchmarks and insights
• Train our AI models for better assessments

✓ We Do NOT Sell Your Data

ImpactMatrix does not sell, rent, or trade your personal information or company data to third parties.

3.2 Service Providers

We share data with trusted service providers:

• Stripe: Payment processing (PCI-compliant)
• AWS: Cloud hosting and data storage
• SendGrid: Email delivery
• Google OAuth: Authentication (optional)
• OpenAI: AI-powered recommendations (anonymized queries only)

4.1 Security Measures

• Encryption: All data uses TLS/SSL encryption in transit
• Data at Rest: Sensitive data is encrypted in databases
• Access Controls: Role-based access with multi-factor authentication available
• Security Audits: Periodic vulnerability assessments and penetration testing
• Infrastructure: Hosted on AWS with SOC 2 compliance
• Passwords: Hashed using bcrypt with strong salting

4.2 Data Breach Notification

In case of a data breach, we will notify affected users within 72 hours via email with details about the incident and steps being taken.

5.1 Access and Portability

You can request a copy of your data in machine-readable format (JSON/CSV) through your account settings or by contacting us.

5.2 Deletion

You may request deletion of your account and data at any time. Upon request, we will:

• Delete your account and personal information within 30 days
• Remove your data from active systems and backups
• Retain only anonymized data for legal compliance

5.3 Opt-Out of Communications

You can opt out of marketing emails by clicking the unsubscribe link or updating notification preferences. Note that you cannot opt out of essential service communications.