Legal

Privacy Policy

Last updated: May 22, 2026

This Privacy Policy describes how IMPRiNT Agency (“IMPRiNT,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects information across our two service lines:

• The IMPRiNT Dashboard — our software-as-a-service marketing performance platform at dashboard.imprint.la.
• IMPRiNT Agency Services — our retainer-based marketing services delivered to agency clients.

Together with our website at imprint.la, these are referred to as the “Services.” By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Our role with your data

Our role under data protection laws depends on which Service you use:

• Dashboard users. If you sign up for an IMPRiNT Dashboard account or are invited to one, IMPRiNT acts as the data controller of the personal information you provide directly (such as your name and email), and as the data processor of any third-party data your organization connects to the Dashboard.
• Agency clients. If your business engages IMPRiNT for marketing services (paid media management, SEO, content, creative, press syndication, etc.), IMPRiNT acts as the data controller of the contact and business information you share with us during the engagement, and as the data processor when we access or operate the marketing platforms, ad accounts, or analytics properties you grant us access to.
• End customers of our clients. If you are a shopper or visitor of a business that uses the IMPRiNT Dashboard or works with IMPRiNT Agency, that business is the data controller of your personal information and IMPRiNT acts only as a data processor on their behalf.

When this policy refers to “you,” it generally means a Dashboard user or an Agency client. When it refers to “end customers,” it means the consumers of those businesses.

---

Part A — IMPRiNT Dashboard

This Part describes how we handle data in connection with the IMPRiNT Dashboard SaaS product.

2. Information we collect through the Dashboard

2.1 Information you provide directly

When you create an account, use the Dashboard, or contact us, we may collect:

• Account information — name, email address, password (managed by our authentication provider, Clerk), and the organization you belong to.
• Profile and configuration information — your role in your organization, the clients you have access to, and your communication preferences.
• Content you create — blog posts, content calendar entries, notes, and other material you generate or upload.
• Support communications — messages you send us via email, chat, or contact forms.

2.2 Information collected automatically

When you use the Dashboard, we automatically collect:

• Device and connection information — IP address, browser type and version, operating system, device identifiers, referring URL.
• Usage information — pages visited, features used, time spent, click events, error logs.
• Cookies and similar technologies — see Section 11 below.

2.3 Information from connected integrations

The Dashboard connects to third-party services on the instruction of the user or organization. When an integration is connected, we receive data from that service on the user’s behalf:

• Shopify: Order data (totals, line items, status, dates), product data, store metadata, and customer information embedded in orders (name, email, billing and shipping address).
• Google Ads: Account structure, campaigns, ad groups, ads, keywords, performance metrics (impressions, clicks, conversions, cost).
• Google Search Console: Search performance metrics (queries, impressions, clicks, position) and site indexing data.
• Meta Ads (Facebook & Instagram): Ad account structure, campaigns, ad sets, ads, creative, audience metadata, and performance metrics.
• WordPress / CMS connections: Authentication credentials and content you instruct us to publish to your site.

We only access data that has been explicitly authorized through the relevant OAuth flow, and only the minimum needed to deliver the requested features.

3. How we use Dashboard information

We use the information described above to:

1. Provide, operate, and maintain the Dashboard, including authentication, dashboards, analytics, content publishing, and scheduled jobs.
2. Generate aggregated reports and visualizations for the user’s organization about its marketing performance.
3. Communicate with you about your account, security alerts, product changes, and support requests.
4. Improve the Dashboard — diagnose problems, develop new features, analyze usage patterns.
5. Comply with legal obligations and enforce our agreements.
6. Detect, prevent, and respond to fraud, abuse, and security incidents.

We do not use Dashboard data to serve advertisements to end customers, and we do not sell personal information.

4. AI and automated features in the Dashboard

The Dashboard includes AI-powered tools (such as our AI Blog Writer) that send content and prompts to large language model providers — currently Anthropic (Claude) — and image-generation providers (currently fal.ai). We do not send end customers’ personal information to these providers. Inputs are limited to the marketing content, topic, and parameters you actively supply.

Our AI providers process this data under their own data processing agreements and do not, to our knowledge, train their foundation models on data we send via the API.

5. Anonymized industry benchmarking

We may create aggregated and anonymized datasets from data flowing through the Dashboard — for example, average click-through rates across an industry vertical, typical conversion rates by ad format, or sample content engagement statistics — for use in industry benchmarking features inside the Dashboard.

Before any data is used for benchmarking:

• It is aggregated across many organizations so that no individual organization or end customer can be identified.
• All direct identifiers (names, emails, account IDs, store URLs, contact details) are removed or hashed beyond reversal.
• Sample sizes are constrained so that small groups cannot be used to reverse-identify a participant.

Anonymized benchmark data is no longer “personal information” under applicable law and may be retained and used by IMPRiNT indefinitely, including for product improvement, publishing aggregate industry reports, and helping other users contextualize their own performance.

If you do not want your data included in our benchmarking aggregates, you can opt out by emailing contact@imprint.la.

---

Part B — IMPRiNT Agency Services

This Part describes how we handle data in connection with our retainer-based marketing services for agency clients.

6. Information we collect from Agency clients

When you engage IMPRiNT for agency services, or inquire about doing so, we may collect:

• Business and contact information — company name, website, industry, business address, primary points of contact, their names, titles, emails, and phone numbers.
• Engagement information — scope of work, contracts, statements of work, brief documents, and project communications.
• Billing and payment information — billing contact, billing address, and tax identifiers. Payment card numbers are handled by our payment processor and are not stored by IMPRiNT.
• Communications — emails, meeting notes, transcripts, recordings (where you have consented), shared files, and messages exchanged in our project management tools.
• Creative and content assets — brand assets, copy, imagery, briefs, and other materials you provide to us for use in deliverables.
• Access credentials and platform access — when you grant us access to your marketing platforms (Google Ads, Meta Ads, Google Search Console, Google Analytics, Shopify, your CMS, etc.), either by adding our team as users or by sharing service-account credentials managed in a secrets vault.
• Performance data from platforms we manage — campaign metrics, analytics, audience data, and reporting outputs from the platforms we operate on your behalf.
• End-customer data incidental to platform access — when we operate your ad accounts, analytics properties, or e-commerce platforms, we may incidentally receive personal information about your end customers (such as customer lists you upload to ad platforms for audience targeting). We act as a data processor with respect to that information, only on your instruction.

7. How we use Agency client information

We use the information described above to:

1. Deliver the services you have engaged us to provide, including campaign strategy, execution, optimization, and reporting.
2. Communicate with you about projects, deliverables, performance, and recommendations.
3. Bill you and manage our commercial relationship.
4. Improve our service delivery — internally analyze what works for similar clients and refine our methodology.
5. Comply with legal obligations, defend legal claims, and enforce our agreements.

We do not sell agency client information or end-customer data to third parties.

8. Access to your marketing platforms

When you grant IMPRiNT access to your marketing platforms (whether by adding our team as users, sharing managed credentials, or via OAuth):

• We use that access only to perform the services you have engaged us for.
• Access is limited to the team members who need it.
• We follow each platform’s terms of service and acceptable use policies.
• We support modern access methods (such as Google Ads MCC, Meta Business Manager partner access, and platform-issued user invitations) in preference to credential sharing.
• When our engagement ends, we promptly remove our team’s access at your request.

9. Anonymized learnings from Agency engagements

In the same manner described in Section 5, we may aggregate and anonymize learnings from our Agency engagements (such as average performance ranges by industry, creative patterns that perform well, or media-mix observations) to inform our methodology, internal benchmarks, and the IMPRiNT Dashboard’s benchmarking features. These aggregates do not identify any individual client or end customer.

If you do not want learnings from your engagement included in our anonymized aggregates, you can opt out by emailing contact@imprint.la.

---

Part C — Provisions that apply to all Services

10. Platform-specific disclosures

The following disclosures apply whenever IMPRiNT accesses data from these platforms, whether through the Dashboard or through Agency Services.

10.1 Shopify

When the Dashboard connects to a Shopify store, we request the following scopes: read_orders, read_products, and read_analytics. We do not request read_customers.

Through read_orders we receive customer information embedded in each order, which may include the customer’s name, email address, billing address, and shipping address. We use this data solely to display revenue, sales, and product analytics to the merchant inside the IMPRiNT Dashboard.

We do not use Shopify protected customer data to:

• Market or advertise to the merchant’s shoppers
• Provide personalization or product recommendations to shoppers
• Sell, lease, or otherwise transfer the data to any third party

We honor Shopify’s mandatory compliance webhooks:

• customers/data_request — when a shopper requests a copy of their data, we respond with any data we hold about them, routed through the merchant.
• customers/redact — when a shopper requests deletion, we delete their personal information from our systems within 30 days.
• shop/redact — 48 hours after a merchant uninstalls our app, we receive this webhook and delete all of the merchant’s shop data within 90 days.

10.2 Google API services (Google Ads, Google Search Console)

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide or improve user-facing features that are prominent in our Services.
• We do not transfer Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data to serve advertisements.
• We do not allow humans to read Google user data unless we have the user’s affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in line with applicable privacy policies.

10.3 Meta Ads

We access Meta advertising data only with the ads_read permission (and any other permissions explicitly granted through Meta’s OAuth flow). We use this data only to display ad performance reporting and benchmarking features inside the Dashboard, or to deliver Agency services for clients who have authorized us. We do not access organic social data, messages, or personal profiles, and we do not contact Meta users on a client’s behalf except through ad campaigns the client has approved.

Our use of Meta Platform data complies with the Meta Platform Terms and applicable Meta developer policies.

11. Cookies and tracking technologies

We use cookies and similar technologies for essential functionality (such as keeping you logged in and maintaining your active-client selection in the Dashboard) and for limited analytics about how the Services are used.

You can configure your browser to refuse cookies or alert you when cookies are being set. If you disable cookies, parts of the Services may not function correctly — in particular, authentication.

We do not use third-party advertising cookies on the Dashboard.

12. How we share information

We do not sell personal information. We share information only in the limited circumstances below.

Service providers and sub-processors. We share information with third parties that help us operate the Services, including: Clerk (authentication), Supabase (database hosting in the United States), Vercel (application hosting), Inngest (background job processing), Anthropic (LLM API), fal.ai (image generation), and email providers such as Resend or SendGrid. These providers are bound by contractual confidentiality and data-protection obligations and may only use the data to provide their services to us.

Integration providers. Data flows between the Services and connected platforms (Meta, Google, Shopify, etc.) only as you direct.

At your direction. Where you are the data controller, we follow your instructions, including instructions to export, delete, or transfer information.

Legal and safety. We may disclose information when we believe in good faith that disclosure is required to comply with applicable law, respond to lawful requests from public authorities, enforce our agreements, or protect the rights, property, or safety of IMPRiNT, our users, or others.

Business transfers. If IMPRiNT is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will notify affected users where required by law.

13. Data security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include:

• Encryption in transit — all data exchanged with the Services is encrypted over TLS (HTTPS).
• Encryption at rest — data in our databases is encrypted at rest using industry-standard encryption (AES-256).
• Access controls — internal access is limited to authorized personnel and logged.
• Authentication — accounts are managed through Clerk, which enforces password strength and supports multi-factor authentication.
• Credential management — OAuth tokens, API keys, and third-party credentials are stored encrypted.
• Network isolation — production systems are isolated from development environments.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and any required authorities in accordance with applicable law.

14. Data retention

We retain personal information only for as long as needed for the purposes described in this Policy, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Specific retention defaults:

• Dashboard account information — for the duration of your account, plus up to 12 months after account closure for legal and operational records.
• Dashboard integration data — for as long as the integration is active; deleted within 90 days after the integration is disconnected or the account is closed (sooner on request).
• Shopify shop data — deleted within 90 days of receiving a shop/redact webhook from Shopify.
• Shopify customer-level data — deleted within 30 days of receiving a customers/redact webhook.
• Agency engagement records — retained for the duration of the engagement and up to 7 years after the engagement ends, to comply with tax, accounting, and legal obligations.
• Agency communications and project files — retained for up to 3 years after engagement end, then deleted unless we are required to retain them longer.
• Aggregated and anonymized data — retained indefinitely (this data does not identify any individual).
• Backups — encrypted backups may persist for up to 30 days before being overwritten.

15. Your rights

Depending on where you live, you may have one or more of the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to fix inaccurate or incomplete information.
• Deletion — request that we delete your personal information.
• Restriction or objection — ask us to limit or stop certain processing.
• Portability — receive your information in a portable, machine-readable format.
• Withdrawal of consent — withdraw consent for any processing based on consent.
• Opt-out of “sale” or “sharing” (California residents) — although we do not sell or share personal information in the sense defined by the CPRA.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email contact@imprint.la. We will respond within the timeframes required by applicable law (generally within 30 days). For requests about an end customer’s data, we will route the request to the relevant business (the data controller).

If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

16. International data transfers

IMPRiNT is based in the United States, and our service providers (including Supabase, Vercel, Clerk, and Anthropic) primarily operate in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Services you consent to this transfer.

Where required by law (for example, for personal information of EEA or UK residents), we rely on appropriate safeguards such as Standard Contractual Clauses to govern these transfers.

17. Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If we learn that we have collected information from a child under 16 without verified parental consent, we will delete it.

18. Third-party links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before sharing information with them.

19. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top. For material changes, we will provide notice through the Services or by email before the change takes effect. Your continued use of the Services after a change becomes effective constitutes acceptance of the revised policy.

20. Contact

If you have questions about this Privacy Policy or our privacy practices, or want to exercise any of your rights, contact us at: