Skip to content

General Data Protection Regulation (GDPR)

1. Introduction

Impler.io (“Impler,” “Company,” “we,” “us,” or “our”), operated by Knovator Technologies Pvt. Ltd., is committed to protecting the privacy and security of personal data. This GDPR Compliance Policy outlines how we collect, process, store, and protect data in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

2. Scope

This policy applies to all users, customers, partners, and employees who interact with our platform, applications, and services. It covers:

  • Data collection and processing practices.
  • User rights regarding their personal data.
  • Security measures implemented to safeguard data.
  • Procedures for handling data breaches.
  • Third-party processors involved in data processing.
  • Data retention and deletion policies.

3. Data Collection & Processing

Types of Data Collected:

  • Personal Information: Name, email, phone, address, IP address.
  • Usage Data: Browser type, session details, activity logs, navigation patterns.
  • Technical Data: Cookies, API logs, crash reports, tracking scripts.
  • Communication Data: Messages exchanged within the platform.
  • Financial Data: Payment transactions, billing details, subscription information.
  • Third-Party Data: Information from social media logins, and integrations like LinkedIn.

Legal Basis for Processing Data:

  • Consent (Article 6(1)(a)) – When users voluntarily provide data.
  • Contractual necessity (Article 6(1)(b)) – Processing needed to provide services.
  • Legal obligations (Article 6(1)(c)) – Compliance with legal and regulatory requirements.
  • Legitimate interests (Article 6(1)(f)) – Business operations, fraud prevention, and platform security.

4. Data Protection & Security Measures

  • Access Controls: Role-based access, strong authentication mechanisms, and logging of access activities.
  • Encryption: Data encrypted at rest and in transit using industry-standard cryptographic techniques.
  • Network Security: Firewalls, intrusion detection systems, secure VPNs.
  • Regular Audits: Periodic security assessments, vulnerability testing, and compliance reviews.
  • Data Minimization: Collect only necessary data and ensure data anonymization where possible.

5. Data Retention & Deletion Policy

  • Retention Periods:
    • Customer data: Retained during active import, and subscription, and deleted within 30–90 days post-termination.
    • Backups: Retained for 30–90 days.
  • Deletion Process:
    • Users can request data deletion via support.
    • Data is securely erased from live systems within 90 days.
    • Backup data is purged within the same retention period.

6. Data Transfers & International Compliance

  • Impler.io stores data in India, utilizing Microsoft Azure cloud services.
  • Where data is transferred outside the EU, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and ISO 27001 compliance.

7. Data Subject Rights

Under GDPR, individuals have the right to:

  • Right to Access (Article 15): Request a copy of personal data held.
  • Right to Rectification (Article 16): Correct inaccuracies in personal data.
  • Right to Erasure (Article 17): Request deletion of personal data.
  • Right to Restriction of Processing (Article 18): Limit processing under certain conditions.
  • Right to Data Portability (Article 20): Request transfer of data to another provider.
  • Right to Object (Article 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Users can withdraw consent at any time.
  • Right to Lodge a Complaint: File complaints with the relevant Data Protection Authority.

8. Third-Party Processors & Sub-Processors

We work with the following service providers to process personal data securely:

  • Microsoft Azure – Cloud hosting services.
  • GitHub – Development and code management.
  • AWS S3 – File storage services.
  • CloudFront – Content distribution for speed and performance.
  • Stripe – Payment processing.
  • Google Apps (Analytics, Tag Manager) – Tracking and performance analysis.

9. Data Breach Response Plan

  • Detection & Containment: Immediate identification of breaches and containment measures.
  • Regulatory Reporting: Notification to affected users and regulators within 72 hours.
  • Investigation & Remediation: Root cause analysis, resolution, and future mitigation strategies.

10. Cookie & Tracking Policy

We use cookies for essential functionality, performance analytics, and marketing. Users can manage preferences via browser settings or opt-out mechanisms.

11. Payment & Transaction Processing

  • Impler.io processes payments securely through third-party payment providers.
  • Users can review pricing details before purchasing services.
  • All transactions comply with PCI-DSS security standards.

12. Contact Information

For any data protection inquiries, please contact our Data Protection Officer (DPO):

DPO Contact Details:

  • Name: Bhavik Chavda
  • Email: [email protected]
  • Phone: +1 305 600 0455
  • Mailing Address: First Floor, B/45-46, RamKrishna Society, Lambe Hanuman Rd, near Ram Krushna School, Surat, Gujarat 395006

This policy is reviewed periodically to ensure compliance with GDPR and relevant regulations. Users will be notified of significant updates.