Privacy Policy
Implemnt ("we", "us") builds and operates automation systems for businesses. We are registered in Abu Dhabi, UAE and operate in Ontario, Canada. This page explains what data we collect, why, and how you can control it.
Website data
We collect anonymous usage data through Google Analytics when you consent to cookies. This includes:
- Pages you visit and how long you stay
- Your general location (country/city level, not precise)
- Device type, browser, and screen size
- How you found the site (search engine, direct, referral)
We do not collect your name, email, phone number, or any personal details through the website itself. If you contact us via Calendly or email, those platforms have their own privacy policies.
Client service data
When we work with you as a client, we may access, process, or store business data as part of building and operating your systems. This can include:
- Business contact information (customer names, emails, phone numbers)
- Operational data (appointments, orders, invoices, inventory)
- Communications data (emails, messages) when building automation workflows
- Staff information (names, roles, login credentials for systems we build)
We only collect and use client data as needed to deliver the services described in our agreement with you. We do not use your data for any other purpose.
How we protect client data
- Access to client systems is limited to team members actively working on your project
- API keys, tokens, and credentials are stored in secure environment variables, never in frontend code
- All dashboards and systems we build use HTTPS encryption in transit
- We do not share, sell, or disclose your data to any third party unless required to deliver our services (e.g., a database provider hosting your data) or by law
- When our engagement ends, we delete or return all client data within 30 days unless you ask us to keep it for ongoing support
Where data is stored
Depending on the systems we build for you, your data may be stored using one or more of the following services:
- Cloudflare: Frontend hosting and API layer (global edge network, US-headquartered)
- Supabase: Database and authentication (region selected per project)
- NocoDB: Database (hosted on Hetzner, Germany)
- n8n: Workflow automation (client's own instance, location depends on their hosting choice)
We will tell you where your data is stored before we start building. If you need data hosted in a specific country or region, we can accommodate that.
Cookies
We use a single analytics cookie from Google Analytics (GA4). It is only set if you click "Accept" on the cookie banner. If you decline, no cookies are set and no tracking occurs.
Your choice is saved in your browser (localStorage) so you are not asked again on return visits. You can clear this at any time by clearing your browser data.
Third-party services
The site uses or links to the following external services:
- Google Analytics: anonymous traffic analytics (only with your consent)
- Google Fonts: loads typefaces from Google servers on every page visit, regardless of your cookie choice. Google receives standard request data such as your IP address when fonts load.
- Calendly: booking links open on calendly.com
- Cloudflare Web Analytics: privacy-first, cookieless traffic measurement. No cookies are set, no cross-site tracking, and no personal data is collected.
Each of these services has its own privacy policy. We do not control what data they collect on their platforms.
Data sharing
We do not sell, rent, or share your data with anyone. Analytics data is only visible to us in aggregate through Google Analytics dashboards. Client data is only shared with the third-party services needed to run your systems, as described in our agreement with you.
Your rights
Whether you are a website visitor or a client, you have the right to:
- Know what personal data we hold about you
- Request a copy of that data
- Ask us to correct inaccurate data
- Ask us to delete your data (subject to any legal obligations we may have)
- Withdraw consent for data processing at any time
- Decline cookies when visiting the site (no tracking occurs)
These rights apply under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
To exercise any of these rights, email karim@implemnt.com. We will respond within 30 days.
Data breach notification
If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law. In Canada, this means reporting to the Office of the Privacy Commissioner within the timeframes required by PIPEDA.
Changes to this policy
We may update this policy as our services or legal requirements change. The date at the top of the page shows when it was last updated. We will not reduce your rights under this policy without notifying affected clients directly.
Contact
If you have questions about this policy or how we handle your data, email karim@implemnt.com.