Impulse AI LLC ("Impulse AI," "we," "us," or "our") respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with the Impulse Analyzer software platform and related services (the "Service").
This Privacy Policy applies to organizations and their authorized users who install and use Impulse Analyzer.
Scope of This Policy
Impulse Analyzer is an on-premise, self-hosted enterprise software platform. In most cases:
- Customer data is stored and controlled entirely by the customer.
- Impulse AI does not host customer databases.
- Impulse AI does not persistently store user conversations or query results.
This Privacy Policy primarily governs limited company and billing information processed by Impulse AI, data transmitted to Impulse Cloud for AI processing, and error logging and operational metadata.
Who We Are
Legal Entity: Impulse AI LLC
Contact Email: impulseaisupport@impulseai.ai
Data Ownership and Roles
For purposes of data protection laws, customers are the Data Controllers of all data stored within their Impulse Analyzer deployment. Impulse AI acts as a service provider / processor only for limited operational and billing data. Impulse AI does not determine how customer data is used inside Impulse Analyzer.
Information We Collect
Company and Billing Information
Impulse AI stores limited company-level information necessary to operate licensing and billing, including:
- Company name
- License key and license status
- Billing balances and thresholds
- Subscription metadata, including customer since, last payment, and next payment
- Stripe customer identifiers
- AI usage cost summaries
- OpenAI API key references
This data is stored securely using Google Cloud Firestore.
Payment Information
Payments are processed by Stripe. Impulse AI does not store credit card numbers or bank account details. Impulse AI stores only Stripe customer IDs and related billing references. Impulse AI maintains PCI compliance appropriate to its role through SecurityMetrics.
Error Logs and Operational Metadata
Impulse AI collects limited error information for reliability and security purposes, including unhandled application errors, system exceptions, and license key identifiers associated with errors. These logs do not intentionally include personal data, though IP addresses or session identifiers may temporarily appear in third-party infrastructure logs.
Google User Data and Google Calendar Access
Access to Google Calendar Data
Impulse Analyzer allows users to connect their Google account to enable calendar-based functionality, such as viewing upcoming events and receiving personalized, AI-assisted responses based on their schedule. Access is limited to read-only permissions enabling Impulse Analyzer to read calendar event information, including event titles, dates and times, locations, descriptions, and attendee information, and expressly does not allow modification or deletion of calendar events.
Storage and Processing of Google Calendar Data
When a user connects Google Calendar, Impulse Analyzer accesses calendar event data using read-only Google Calendar API scopes. During initial synchronization, up to three months of calendar events are retrieved and stored exclusively within the customer's own self-hosted Impulse Analyzer database. Additional past or future events are retrieved on demand and stored locally on customer-controlled infrastructure.
Impulse AI LLC does not persistently store Google Calendar event data on its own servers. Calendar data may be transiently processed in memory by Impulse Cloud, a Google Cloud-hosted service operated by Impulse AI, solely to facilitate secure synchronization and OAuth token refresh operations. Calendar content is not persistently stored, logged, or retained by Impulse AI outside of customer-controlled systems.
OAuth Token Handling
OAuth access and refresh tokens are stored on customer infrastructure. Impulse Cloud acts only as a secure intermediary to refresh tokens and returns updated tokens to the customer's system. Tokens are encrypted in transit and access is restricted to automated systems.
Sharing of Google Calendar Data with AI Services
When users submit AI-assisted queries that require calendar context, relevant calendar event data stored on customer infrastructure may be transmitted to third-party AI providers, such as OpenAI, acting as data processors, solely to generate responses requested by the user. This data is not used by Impulse AI or AI providers for advertising or model training. AI providers process the data only to produce the requested output, and handling of such data is governed by the provider's privacy policies.
User Control, Revocation, and Deletion of Google Data
Users may disconnect their Google account at any time through the Impulse Analyzer interface. Disconnecting revokes OAuth access to Google Calendar and immediately stops further data access. Upon disconnection, all locally stored Google Calendar events are deleted from the customer's Impulse Analyzer database. Users may reconnect their Google account later by re-authorizing access.
Data We Do Not Store
Impulse AI does not persistently store user conversations, SQL queries or query results, uploaded files, calendar event data on Impulse AI-hosted infrastructure, employee directory data, database contents, or authentication credentials for customer systems. All of the above remain on customer-controlled infrastructure, except where transiently processed for AI requests.
AI Processing and Impulse Cloud
Impulse Analyzer integrates with Impulse Cloud, which uses third-party AI services, including OpenAI APIs, to provide natural-language analytics. When users submit requests, conversation text, database schema metadata, limited sample data, uploaded files and images, calendar event metadata, and employee directory data may be transmitted for processing.
AI providers process data only to generate responses. Data is not used by Impulse AI for AI training. Retention and handling of data by AI providers are governed by their own privacy policies. Impulse AI does not control AI provider retention periods. Customers should review OpenAI's privacy policy if they have specific concerns.
Sensitive Data Disclaimer
Users should not submit sensitive personal data, such as social security numbers, passwords, private keys, or protected health information, unless explicitly authorized by their organization. Impulse Analyzer includes best-effort redaction for exported reports, but redaction is not guaranteed to be perfect.
Cookies and Tracking
Impulse AI does not use marketing cookies or third-party analytics cookies. Any cookies used are strictly functional, session-based, and required for software operation.
Data Retention
Company billing data is retained for 90 days after service termination, unless deletion is requested sooner. AI-generated exports exist only temporarily, typically around 15 minutes. All customer-hosted data is deleted when customers uninstall the software. AI provider retention is governed by the provider's policies. Customers may request immediate deletion of retained company data by contacting support.
Data Security
Impulse AI employs industry-standard safeguards, including encryption in transit and at rest, secure authentication mechanisms, access controls, audit logging, and secure software update mechanisms. However, no system is completely secure, and we cannot guarantee absolute security.
Legal Bases for Processing (GDPR)
Impulse AI processes data under the following legal bases: performance of a contract, legitimate interests for security, reliability, and billing, and legal compliance obligations.
Your Privacy Rights
Depending on your jurisdiction, you may have rights to access personal data, request correction or deletion, object to processing, request data portability, and limit processing. Requests should be submitted to impulseaisupport@impulseai.ai.
CCPA / CPRA Notice (California)
Impulse AI does not sell personal information, does not share personal information for advertising, and acts as a service provider. California residents may request disclosure or deletion of personal data as permitted by law.
Children's Privacy
Impulse Analyzer is intended for enterprise employees only and is not directed to children. We do not knowingly collect data from individuals under 18.
Communications
Impulse AI does not send marketing emails. Communications are limited to software updates, security notices, and operational notifications.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email notification.
Contact Us
If you have questions or requests regarding this Privacy Policy, contact impulseaisupport@impulseai.ai.