Privacy Policy for Impulse Analyzer

Developer: Impulse AI LLC
Application: Impulse Analyzer
Effective Date: 01/16/2026
Last Updated: 01/16/2026

Impulse AI LLC (“Impulse AI,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with the Impulse Analyzer software platform and related services (the “Service”).

This Privacy Policy applies to organizations and their authorized users who install and use Impulse Analyzer.

Scope of This Policy

Impulse Analyzer is an on-premise, self-hosted enterprise software platform. In most cases:

  • Customer data is stored and controlled entirely by the customer

  • Impulse AI does not host customer databases

  • Impulse AI does not persistently store user conversations or query results

This Privacy Policy primarily governs:

  • Limited company and billing information processed by Impulse AI

  • Data transmitted to Impulse Cloud for AI processing

  • Error logging and operational metadata

Who We Are

Legal Entity: Impulse AI LLC
Address: 2132 Sunset Dr., Ames, Iowa 50014, United States
Contact Email: impulseaisupport@impulseai.ai

Data Ownership & Roles

For purposes of data protection laws:

  • Customers are the Data Controllers of all data stored within their Impulse Analyzer deployment.

  • Impulse AI acts as a service provider / processor only for limited operational and billing data.

Impulse AI does not determine how customer data is used inside Impulse Analyzer.

Information We Collect

Company & Billing Information

Impulse AI stores limited company-level information necessary to operate licensing and billing, including:

  • Company name

  • License key and license status

  • Billing balances and thresholds

  • Subscription metadata (customer since, last payment, next payment)

  • Stripe customer identifiers

  • AI usage cost summaries

  • OpenAI API key references

This data is stored securely using Google Cloud Firestore.

Payment Information

Payments are processed by Stripe. Impulse AI:

  • Does not store credit card numbers

  • Does not store bank account details

  • Stores only Stripe customer IDs and related billing references

Impulse AI maintains PCI compliance appropriate to its role through SecurityMetrics.

Error Logs & Operational Metadata

Impulse AI collects limited error information for reliability and security purposes, including:

  • Unhandled application errors

  • System exceptions

  • License key identifiers associated with errors

These logs do not intentionally include personal data, though IP addresses or session identifiers may temporarily appear in third-party infrastructure logs.

Google User Data & Google Calendar Access

Access to Google Calendar Data

Impulse Analyzer allows users to connect their Google account to enable calendar-based functionality, such as viewing upcoming events and receiving personalized, AI-assisted responses based on their schedule. Access is limited to read-only permissions enabling Impulse Analyzer to read calendar event information, including event titles, dates and times, locations, descriptions, and attendee information, and expressly does not allow modification or deletion of calendar events.

Storage and Processing of Google Calendar Data

When a user connects Google Calendar, Impulse Analyzer accesses calendar event data (including event titles, dates, times, locations, descriptions, and attendees) using read-only Google Calendar API scopes. During initial synchronization, up to three months of calendar events are retrieved and stored exclusively within the customer’s own self-hosted Impulse Analyzer database. Additional past or future events are retrieved on demand and stored locally on customer-controlled infrastructure.

Impulse AI LLC does not persistently store Google Calendar event data on its own servers. Calendar data may be transiently processed in memory by Impulse Cloud, a Google Cloud–hosted service operated by Impulse AI, solely to facilitate secure synchronization and OAuth token refresh operations. Calendar content is not persistently stored, logged, or retained by Impulse AI outside of customer-controlled systems.

OAuth Token Handling

OAuth access and refresh tokens are stored on customer infrastructure. Impulse Cloud acts only as a secure intermediary to refresh tokens and returns updated tokens to the customer’s system. Tokens are encrypted in transit and access is restricted to automated systems.

Sharing of Google Calendar Data with AI Services

When users submit AI-assisted queries that require calendar context, relevant calendar event data stored on customer infrastructure may be transmitted to third-party AI providers (such as OpenAI), acting as data processors, solely to generate responses requested by the user. This data is not used by Impulse AI or AI providers for advertising or model training. AI providers process the data only to produce the requested output, and handling of such data is governed by the provider’s privacy policies.

User Control, Revocation, and Deletion of Google Data

Users may disconnect their Google account at any time through the Impulse Analyzer interface. Disconnecting revokes OAuth access to Google Calendar and immediately stops further data access. Upon disconnection, all locally stored Google Calendar events are deleted from the customer’s Impulse Analyzer database. Users may reconnect their Google account later by re-authorizing access.

Data We Do NOT Store

Impulse AI does not persistently store:

  • User conversations

  • SQL queries or query results

  • Uploaded files (PDFs, spreadsheets, images, documents)

  • Calendar event data on Impulse AI–hosted infrastructure

  • Employee directory data

  • Database contents

  • Authentication credentials for customer systems

All of the above remain on customer-controlled infrastructure, except where transiently processed for AI requests.

AI Processing & Impulse Cloud

AI Services

Impulse Analyzer integrates with Impulse Cloud, which uses third-party AI services (including OpenAI APIs) to provide natural-language analytics.

When users submit requests, the following data may be transmitted for processing:

  • Conversation text

  • Database schema metadata

  • Limited sample data (if provided)

  • Uploaded files and images

  • Calendar event metadata

  • Employee directory data

Data Handling by AI Providers

  • AI providers process data only to generate responses

  • Data is not used by Impulse AI for AI training

  • Retention and handling of data by AI providers are governed by their own privacy policies

  • Impulse AI does not control AI provider retention periods

Customers should review OpenAI’s privacy policies if they have specific concerns.

Sensitive Data Disclaimer

Users should not submit sensitive personal data (such as social security numbers, passwords, private keys, or protected health information) unless explicitly authorized by their organization.

Impulse Analyzer includes best-effort redaction for exported reports, but redaction is not guaranteed to be perfect.

Cookies & Tracking

Impulse AI does not use marketing cookies or third-party analytics cookies.

Any cookies used are strictly:

  • Functional

  • Session-based

  • Required for software operation

Data Retention

  • Company billing data is retained for 90 days after service termination, unless deletion is requested sooner.

  • AI-generated exports exist only temporarily (typically ~15 minutes).

  • All customer-hosted data is deleted when customers uninstall the software.

  • AI provider retention is governed by the provider’s policies.

Customers may request immediate deletion of retained company data by contacting support.

Data Security

Impulse AI employs industry-standard safeguards, including:

  • Encryption in transit and at rest

  • Secure authentication mechanisms

  • Access controls

  • Audit logging

  • Secure software update mechanisms

However, no system is completely secure, and we cannot guarantee absolute security.

Legal Bases for Processing (GDPR)

Impulse AI processes data under the following legal bases:

  • Performance of a contract

  • Legitimate interests (security, reliability, billing)

  • Legal compliance obligations

Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal data

  • Request correction or deletion

  • Object to processing

  • Request data portability

  • Limit processing

Requests should be submitted to impulseaisupport@impulseai.ai.

CCPA / CPRA Notice (California)

Impulse AI:

  • Does not sell personal information

  • Does not share personal information for advertising

  • Acts as a service provider

California residents may request disclosure or deletion of personal data as permitted by law.

Children’s Privacy

Impulse Analyzer is intended for enterprise employees only and is not directed to children. We do not knowingly collect data from individuals under 18.

Communications

Impulse AI does not send marketing emails. Communications are limited to:

  • Software updates

  • Security notices

  • Operational notifications

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email notification.

Contact Us

If you have questions or requests regarding this Privacy Policy, contact:

impulseaisupport@impulseai.ai