This policy sets out:
the information we collect about you when you use our products or services, or otherwise interact with us;
In this policy, “AirImpact”, “we” or “us” refers to Airimpact Pte. Ltd or other companies within the same group and “Platform” means our Project Dashboard and any related applications such as the project publishing application as the services provided through our Platform (“Services”). Our website at airimpact.co is referred to as our “Site” and is covered by our Site Privacy Policy and Site Terms and Conditions.
Any use of the Platform and Services are subject to acceptance of this Platform Privacy Policy, and utilisation of any third-party application connected to the Platform are subject to their own terms displayed for approval before using any such third-party applications including our affiliated application for onboarding and signing (provided by DLT Technologies Pte. Ltd (“Zippie”) in accordance with their Privacy Policy https://www.zippie.com/did-privacy-policy).
In this policy, “personal information” refers to any data, information, or combination of data and information that is provided by you to us, or through your use of our Platform and Services, that relates to an identifiable or unidentifiable individual.
1 What information we collect about you
1.1 We may store and collect the following types of information about you:
i. Information stored or processed in encrypted form when onboarding our Platform. AirImpact or Zippie do not have access to the data in unencrypted form unless you specifically approve access to specific information:
a) Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example username or similar identifier data, (collectively, Identification Data); and
b) Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example password or similar login data. We never have access to your authentication data in non-encrypted form (collectively, Authentication Data); and
c) Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example your email address, telephone numbers(s) or other contact information you provide (collectively, Contact Data); and
d) Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example your name, other personal description, and other information provided as well as public keys stored in your private storage. (collectively, Account Data); and
e) Based on a remote decryption service your private key is stored in encrypted form. Such private keys are fully encrypted with only you able to access the encryption key after authenticating as the user. We never have access to your private key in non-encrypted form (collectively, Signing Data).
ii. Information collected and/or processed by us:
a) We access information about your device or connection, for example your internet protocol (IP) address and location data when you first sign up for our Platform and Services. We do not store this information, and only use this for enabling you to access localized content. You can later change this preference in the settings (collectively, Technical Data);
b) information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, Support Data);
c) content you provide through use of our products or services and give us specific consent to access or share (collectively, User Content);
d) communication, and other preferences that you set when you set up your account or profile, or when you participate in any communication with us (collectively, Preference Data); and
e) We may collect user numbers and service-related, diagnostic, and performance information (Metrics and Performance Data).
f) Information that you may voluntarily add when using the Platform including text, numbers, documents, images and videos uploaded. Such data is stored and transferred in encrypted format and only shared publicly or by invitation in human readable format when approved by a user of the Workspace. All such data is shared between the users of the Workspace (collectively, Project Data).
iii. Information we get from others / communication with others.
a) If you use your account to access and application send a message to or engage in a transaction with another user or third party, that user will have access to your message content or transaction information, respectively. We have no control over how users or applications with whom you interact store or use your information, on or off of our Services. We, will never have access to your underlying data or store your transaction information (collectively, Transaction Data).
b) Data you or a user in your Workspace published publicly or by invitation (Published Data)
c) Project Data can also when its not Personal Information be processed by public AI models in accordance with their Privacy Policy https://openai.com/policies/privacy-policy. We do not allow the data shared to be used for training of AI models and are protected by enterprise security. We never share Personal Information to AI models.
1.2 We collect the above information in anonymized form when you provide it to us or when you use our Services or visit our Platform.
1.3 We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, health, or sexual orientation.
2 How we use information we collect
2.1 We do not access your information in unencrypted form which limits our use of your information. If you have explicitly agreed to share any Account Information with us in non-encrypted form, we only use your personal information where the law allows us to. We use your personal information only where:
(a) we need to perform the contract we have entered into (or are about to enter into) with you, including to operate our Platform and Services, to provide support and to protect the safety and security of our Platform and Services;
(b) you've given us consent to do so for a specific purpose and may be rewarded for this, for example when you use our publishing services or AI writing tools with your explicit permission; or
(c) we need to comply with a legal or regulatory obligation.
2.2 If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by accessing your account and removing the information, but please note this will not affect any use or sharing of your information that has already taken place.
2.3 We do not share your personal information with any company outside our group for marketing purpose, unless with your express specific consent to do so.
2.4 For users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Bases Table at the end of this policy.
3 How we share information we collect
3.1 We share information in encrypted format with third partie that help us operate, provide, support, and improve our Platform and Services for example third-party service providers who provide, data storage and backup, infrastructure, and other services. Such providers never have access to any information in unencrypted form.
3.2 Applications using our Platform to provide you a service have access to your personal information only for the purpose of performing their services and in compliance with applicable laws and regulations and any information shared in unencrypted format will always have specific and explicit approval from you to share Account Data, Contact Data User Data or Project Data. We never have access to any Identification Data, Authentication Data or Signing Data in unencrypted or readable format. We require these third-party service providers and applications to maintain confidentiality and security of all information that they process on our behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity, and availability of your information. When giving explicit approval to share your Account Data or Contact data, please familiarize yourself with the privacy policy of the application you are sharing such data with as this data may be shared in unencrypted format in accordance to their Privacy Policy.
3.3 We take reasonable steps to confirm that all third-party service providers and applications that we share personal information or encrypted data in the manner provide at least the legally required level of protection, but as we do not guarantee this, please familiarize yourself with their privacy policy and practices before allowing any sharing of information in unencrypted form. Where any third-party provider or application is unable to satisfy our requirements, we will require them to notify us immediately and we will take reasonable steps to prevent or stop non-compliant processing.
3.4 Our Platform may contain links to and is used by third-party websites or applications over which we have no control. If you follow a link to any of these websites or approve sharing of any information with applications, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.
3.5 We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, illegal activities, national security requests or investigations of violations of our Terms. As we do not store or process the information in unencrypted format and do not have access to decrypt your information without your approval, the information we share is mainly in encrypted form.
3.6 If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such transaction. We will notify you if such transaction takes place and inform you of any choices you may have regarding your information.
4 How we store and secure information we collect
4.1 We use cloud storage service providers such as but not limited to AWS, MongoDB Atlas and Hetzner and to host the information we collect.
4.2 For all the data you provide us through the Platform and Services stored in encrypted form, only you hold the encryption key and we are not able to access any of this data or your encryption key. This ensures we are not able to access any of your private information or use this for any purposes and only have access to encrypted data for providing you our Service. Interaction with our Services are encrypted end-to-end, so even if we temporarily store them on our servers, neither we nor any third parties can read them. We have access to temporarily decrypt your Contact Data but only to provide you our services for recovery and login. All Account Data and Contact Data is otherwise only shared to us if you explicitly give us permission for example to support you from our customer service or other reasons specifically approved.
4.3 We have adopted the following measures to protect the security and integrity of your personal information:
(a) Information transfers are encrypted using TLS/SSL technology;
(b) We use industry standard data encryption such as ECIES (Elliptic Curve Integrated Encryption Scheme), AES128-CBC or AES256-CBC and for signatures ECDSA (Elliptic Curve Digital Signature Algorithm).
(c) access to any information is restricted so we do not have access to decrypt information stored in encrypted form and other very limited information processed is limited to personnel or service providers on a strictly need-to-know basis such as Contact Data for performing OTP authentication or initiate recovery, who will only process your information on our instructions and who are subject to a duty of confidentiality and does not store the data; and
(d) our information collection, storage, and processing practices are reviewed regularly.
4.4 We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
4.5 While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure. Most of the information is encrypted already in your browser and therefore only transferred over the internet in encrypted form.
4.6 We only retain personal information for so long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After such time, we will delete or anonymise your information, or if this is not possible, we will securely store your information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy.
5 How you can access, forget or change your information
5.1 To manage, change or delete your information you can do this under the Settings icon on the Platform or in an application. By doing this your information will be forgotten and will not be possible to recover.
5.2 You can delete your Account at any time from settings which will delete your access to our Services and Platform. Before deleting your account make sure you do not need any information or similar data from your account as you will not be able to recover your account once deleted. We do not store your private key and will not be able to help you recover your information if you delete your Account.
6 How we transfer information internationally
6.1 We collect information globally and primarily store information on servers, in the EU (Ireland). We transfer, process, and store your information outside your country of residence where we or our service providers operate for the purpose of providing our products and Services to you.
6.2 Some of the countries in which our companies or service providers are located may not have the privacy and data protection laws that are equivalent to those in your country of residence. When we share information with these companies or service providers, we make use of contractual clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of information.
i. be informed of what we do with your information;
ii. request a copy of any unencrypted information we hold about you;
iii. request a copy of encrypted information when specifying exact identifier for the encrypted information;
iv. require us to correct any inaccuracy or error in any unencrypted information we hold about you;
v. request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure in cases such as but not limited to information stored on a chain that cannot be erased, for such information you have the ability to be forgotten);
vi. withdraw your consent at any time where we are relying on consent to process your information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent).
7.2 Note that any information stored in encrypted form can only be accessed by you and we are therefore unable to make any changes to such information or provide copies in any human readable form.
7.3 Our Platform enables you to update certain information about yourself, for example if you have created an account you may change your personal information by updating your user profile or changing your user settings.
7.4 Any request under paragraph 7.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive.
7.5 We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.
8.1 We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform and Services after the changes come into effect, you agree to be bound by the revised policy.
9.1 Our products and services are not directed to individuals under 16. We do not knowingly collect personal information from individuals under 16. If we become aware that an individual under 16 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 16.
10.1 Please contact us at legal@AirImpact.co
10.2 Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.
| Processing purpose | Type of data processed | Legal basis |
|---|---|---|
| To register your Account on our Platform | Account Data, Contact Data, Identification Data, Access Data | To perform our contract with you |
| To enable you to use our Platform and Services | Account Data, Transaction Data, Support Data, Third Party Data, Technical Data, User Content, Project Data | To perform our contract with you |
| To administer and maintain safety and security of our Platform | Metrics and Performance Data, Technical Data | To perform our contract with you |
| To study usage of our products or services | Preference Data, Support Data, Metrics and Performance Data | Legitimate interest to improve our Platform and Services |
| To gather feedback on our products, services, or features | Support Data | Legitimate interest to improve our Platform and Services |
Cookies and HTML5 local storage are small text files that are placed on your devices by a web server or by our Platform when you use our Platform. We use cookies to identify your access and provide functionality of the Platform and Services. Cookies are typically sent back to the server whereas local storage is not. Cookies are only used by us for functionality purpose and the contents of the cookies are not readable by us.
We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Platform or a partner site that uses our Services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).
We use the following types of cookies:
You can block cookies by activating the setting on your browser that allows you to refuse the use of all or some cookies. However, if you do so, you will not be able to access our Platform or Services.
