Privacy Policy.

Information you provide

• Name and email address (via contact or inquiry forms).
• Business, website, service, or public surface details you submit through inquiry, agreement, or intake forms.
• Payment information for engagements and subscriptions (processed by Stripe, never stored on our servers).

Information collected automatically

• Basic analytics data (page views, referral source) via privacy-respecting analytics.
• IP address and browser type (standard web server logs).

What we do not collect

• We do not use tracking cookies for advertising.
• We do not build user profiles for targeted advertising.
• We do not sell or share your data with third parties for their marketing purposes.

• To respond to inquiries and deliver local-business intelligence engagements.
• To process payments for engagements and subscriptions.
• To improve our website, product surfaces, and delivery workflow.
• To send transactional emails related to your engagement, order, or portal access.
• To conduct relevant business outreach where lawful and easy to opt out of.

Lawful basis (GDPR Art. 6): we process professional contact details of business decision-makers under legitimate interest to offer relevant local-business intelligence services. Payment and engagement processing is under contract performance. Every outreach email includes a one-click unsubscribe link; opting out withdraws processing for that purpose immediately.

Our local-business intelligence work may review public business surfaces submitted or approved for an engagement: websites, Google Business Profiles, public reviews, service pages, public social profiles, directory profiles, and other surfaces a buyer can see without private access.

We use these surfaces to identify visible confusion, missing proof, decision friction, stale wording, and owner workflow gaps. We do not bypass authentication, log in as a client or customer, or access content that requires private account access unless you provide access for the engagement.

If you want to know what public business data we hold, request corrections, or ask for data to be removed from an engagement record, email james@byimprint.com.

Imprint publishes /llms.txt and /llms-full.txt as public discovery files describing the Imprint service surface for AI agents and crawlers. These files are static, do not require authentication, and do not collect data from readers beyond the standard request logs kept by our hosting provider.

We use the following third-party services that may process your data:

• Vercel (hosting): processes web requests.
• Supabase (database): stores engagement records, readout metadata, and intake records.
• Stripe (payments): processes engagement purchases and subscriptions.
• Resend (email): sends transactional emails on our behalf, including engagement-portal magic-link emails.
• Upstash (rate limiting): rate-limits public-facing requests by IP address.
• Anthropic (AI analysis): processes engagement notes and public business-surface data through structured analysis prompts.
• Apify (scraping): may retrieve publicly visible business or profile data when an engagement requires structured source collection.

Each of these services has their own privacy policy. We only share the minimum information necessary for each service to function.

Your data is stored on secure, encrypted servers. We use HTTPS for all data transmission. Access to personal data is limited to Imprint's founders and is protected by authentication.

We retain your information for as long as necessary to fulfill the purposes described in this policy, or as required by law. If you request deletion, we will remove your personal data within 30 days, except where we are legally required to retain it.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete your personal data (subject to legal obligations).
• Export your data in a portable format.
• Withdraw consent for any processing based on consent.

These rights apply regardless of where you are located, including under the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and Canadian PIPEDA.

Imprint is based in the United States (Delaware). If you are located outside the US, your data may be transferred to and processed in the US. By using our services, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children.

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page.

For questions about this Policy or to exercise your rights, contact hello@byimprint.com.