Impulse

Privacy Policy

Effective Date: 2025-09-26

1. Introduction

Impulse ("we," "our," or "us") operates Impulse, a Conversational commerce application that enhances online shopping experiences through real-time AI-powered interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Email address
  • Name (if provided)
  • IP address
  • Device fingerprint
  • Browser information

2.2 Usage Data

We collect usage data to improve our service:

  • Chat messages and interactions
  • Product search queries
  • AI model usage metrics (token counts)
  • Session duration
  • Feature usage patterns

2.3 Technical Data

We automatically collect technical data:

  • Session IDs
  • Device identifiers
  • User agent strings
  • Application logs
  • Error reports

3. How We Collect Information

3.1 Direct Collection

  • When you interact with our chat interface
  • When you provide your email address for session management
  • When you contact us for support

3.2 Automatic Collection

  • Through cookies and session storage
  • Through device fingerprinting for security
  • Through application logs and analytics

3.3 Third-Party Integration

  • From Shopify stores where our service is installed
  • From AI service providers for processing your requests

4. Cookies and Session Management

We use a single cookie named "chat_session" to maintain your session. This cookie:

  • Contains only a session identifier (not personal data)
  • Expires after 7 days
  • Is used for security and session continuity
  • Can be disabled in your browser settings

Our JWT tokens are short-lived (15 minutes) and use industry-standard security practices.

For our embedded Shopify app, sessions expire after 7 days of inactivity, with the expiration time updating daily to maintain active sessions.

5. How We Use Your Information

We use your information to:

  • Provide and maintain our chat service
  • Process your product queries and provide AI-powered recommendations
  • Ensure security and prevent abuse
  • Improve our service through usage analytics
  • Comply with legal obligations

6. Information Sharing and Disclosure

6.1 Third-Party Services

We share information with the following third-party services:

OpenAI - AI language processing for chat interactions

  • Data types: conversation messages, product queries, usage metrics

Shopify - E-commerce platform integration

  • Data types: product information, customer data, order information

Upstash Redis - Session storage and caching

  • Data types: session data, temporary cache

Vercel - Application hosting and deployment

  • Data types: application logs, performance metrics

6.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal processes
  • Protect our rights and property
  • Prevent fraud or abuse
  • Ensure user safety

7. Data Retention

  • Personal Information: Retained for 365 days after your last interaction
  • Usage Data: Retained for 1095 days for billing and analytics purposes
  • Session Data: Automatically deleted when sessions expire
  • Chat Messages: Deleted when you request data deletion

8. Your Rights and Choices

8.1 Data Access and Portability

You can request a copy of all data we have about you through our webhook system.

8.2 Data Deletion

You can request that we delete your personal data. We will:

  • Delete your personal information within 30 days
  • Retain anonymized usage data for business purposes
  • Provide confirmation of deletion

8.3 Data Correction

You can request correction of inaccurate personal information.

8.4 Opt-Out

You can:

  • Disable cookies in your browser
  • Contact us to opt out of data collection
  • Uninstall our service from your Shopify store

9. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit and at rest
  • Short-lived session tokens
  • Regular security audits
  • Access controls and monitoring

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on our website
  • Sending an email notification
  • Providing notice through our service

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@impulse.sh

Support: support@impulse.sh

Data Protection Officer: privacy@impulse.sh

Mailing Address:

  • Impulse Inc.
  • 100 Market Street
  • San Francisco, CA 94105
  • United States

14. Compliance

This Privacy Policy complies with applicable privacy laws including:

  • California Consumer Privacy Act (CCPA)
  • General Data Protection Regulation (GDPR) for EU users
  • Other applicable state and federal privacy laws

15. Shopify Integration

When our service is installed on a Shopify store:

  • We process data on behalf of the store owner
  • Store owners can request data deletion through Shopify's webhook system
  • We comply with Shopify's app requirements and data handling policies

*This Privacy Policy is effective as of the date listed above and applies to all users of Impulse.*