Last updated May 22, 2025
Imper.ai, Inc. (“Imper”, “we”, “our” or “us”) offers to its customers (each, a “Customer”) a software-as-a-service solution to enterprises, intended to provide enhanced GenAI protection against social engineering, seamlessly integrating with its communication channels and third-party business applications (“Business Applications”), by analyzing, detecting suspicious events and validating information therefrom. This Privacy Policy supplements and shall be read in conjunction with our Terms and Conditions, and may be supplemented by additional privacy statements, terms or notices provided to you. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms and Conditions.
Imper respects the privacy of the users of our Services: (I) Customer’s first user of the Services that identifies itself as associated with Customer (“Customer’s Admin”), (II) Customer’s end-users who Customer and/or Customer Admin (namely employees and any other Customer personnel) who use or access the Services under Customer’s account (the “End User(s)”), (III) and third parties who interact with Customer through Business Applications and are required to perform validation process through the Imper Services (“Customer’s Interactors”).
With respect to Customer Personal Data, Imper processes Personal Information on behalf and under the instruction of the respective Customer in our capacity as a “data processor” (as such term is defined under the GDPR) or similar term under applicable data protection laws. Accordingly, if Imper and Customer have entered into a data processing agreement or similar written instrument concerning the processing of Personal Information, such provisions will govern the processing of Customer Personal Data (including with respect to any vendor or other third party engaged with Imper’s Customers). If you have any questions or requests regarding Customer Data, please contact your organization directly.
1. YOUR CONSENT
PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND USING THE SERVICES. BY ACCESSING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SERVICES.
Please note: You hereby acknowledge and agree that you are providing us with Personal Information at your own free will and that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.
2. WHAT TYPES OF INFORMATION DO YOU COLLECT?
● Non-Personal Information: “Non-Personal Information” is un-identified and non-identifiable information pertaining to a user, which may be made available to us, or collected automatically via your use of the Services which does not enable us to identify the person from whom it was collected. This Non-Personal Information, which is being gathered, consists of behavioral information mainly of technical and aggregated non-identifiable usage information, such as system data related to your operating system and browser version, screen resolution, language, duration of usage of the Services, etc.
● Personal Information: “Personal Information” is information that identifies an individual or may with reasonable efforts or together with additional information we
have access to, enable the identification of an individual, or may be of a private or sensitive nature relating to an identified or identifiable natural person. Identification of an individual also includes the association of such an individual with a persistent identifier such as a name, an identification number, etc. Personal Information does not include information that has been anonymized or aggregated and can no longer be used to identify a specific natural person. Personal Information that is collected by us consists of the following types of Personal Information:
I. Imper Services
I. Customer. We collect login credentials such as name, password, and organization email address in connection with Customer Admin’s registration to the Services. We collect name, organization, role, IP address, and network and device metrics of Customer’s End User through Business Applications (including video calls). We may also have access to email correspondence and other online communications, processed strictly for scanning suspicious activities. To clarify,
● Customer’s Interactor(s). We collect name, organization, role, IP address, and network and device metrics of Customer’s Interactor(s).
II. Prospect Data.
● We collect name, organization, role, and email of enterprises representatives who are prospective customers or partners of Imper.
We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of this Privacy Policy.
3. HOW DO YOU COLLECT INFORMATION FROM ME?
● We collect information through your use of the Services. In other words, we are aware of your usage of the Service and may gather, collect and record the information relating to such usage, as further detailed below.
● We collect information that you provide us voluntarily. For example, we collect Personal information that you voluntarily provide when you request to provide us with your name and email upon your initial registration for the Services.
4. WHY DO YOU COLLECT AND PROCESS MY INFORMATION?
● To provide and operate our Services and related services, including enhancing our Services, and user experience, and being able to contact you and to provide them with technical assistance, and support, handling requests and complaints, and collect feedback in connection with the Services;
● To send you updates, notices, notifications, and additional information related to the Services, including related offers;
● To create cumulative statistical data and other cumulative information that is non-personal, with which we and/or our business partners might make use to operate and improve our Services and internal research and development of Imper Services;
● To monitor against, prevent, and handle fraud, illegal behavior on the Services, or other misuse of our Services, including inter-alia detecting, preventing, or otherwise addressing fraud or abuse;
● To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
To clarify, the Services do not retain Personal Information of Customer and its End User obtained through Business Applications (e.g. Google Workspace) to
develop, improve, or train generalized AI and/or ML models.
5. WHAT ARE YOUR LEGAL GROUNDS FOR COLLECTING MY PERSONAL INFORMATION?
● With your consent: We ask for your agreement to process your information for the specific purposes stated in this Privacy Policy and you have the right to withdraw your consent at any time.
● Performing an agreement with you: We collect and process your Personal Information in order to provide you with the Services, following your acceptance of this Privacy Policy and pursuant to the Terms and Conditions.
● Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Service; protecting against harm to the rights, property or safety of our properties, our users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfill our obligations under applicable laws, legal process, subpoena or governmental request.
6. WHO DO YOU SHARE MY INFORMATION WITH AND WHY?
We may share information with third parties (or otherwise allow them access to it) only in the following manners and instances:
● Internally – We may share information with our affiliates, as well as our employees, for the purposes described in this Privacy Policy. In addition, should Imper or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, through prominent notice on our Services.
● Protecting Our Rights and Safety – We may share your information to enforce this Privacy Policy and/or the Terms and Conditions, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public.
● Third Parties & Business Partners – We may share your Personal Information with a number of selected service providers whose services and solutions are required or otherwise facilitate achievement of the purposes of processing set forth under Section 4 above, including without limitation certain third-party artificial intelligence model providers. These third parties serve in facilitating and enhancing our Services and related services, including such third-party services required to allow platform analytics and other essential third party services. Our third party services providers act as our sub-processors and may only process your information according to our instructions (which are given in accordance with this Privacy Policy).
● Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
For the avoidance of doubt, we will NOT sell (as “sell” is traditionally defined) your Personal Information. That is, we will not provide your name and email or other personally identifiable information to third parties in exchange for money. We may share anonymized or de-identified information with any other third party, at our sole discretion. However, under California law, certain cases of sharing information, such as for advertising purposes, may be considered a “sale” of personal information. However, to the extent applicable, including if a supervisory authority determines that our practices include the selling and/or sharing of your personal information (as such terms are defined under applicable US State Privacy Laws including the CCPA), and you would like to opt out of the “sale” or “sharing” of your personal information, please contact us at [email protected].
7. WHERE DO YOU TRANSFER OR STORE MY INFORMATION?
Your information may be transferred to, maintained, processed and stored by us and our authorized affiliates and service providers in Israel and the United States. Please note that the data protection laws in the above jurisdictions may not be as comprehensive as those in your country of residence. Residents of certain countries may be subject to additional protections, as set forth below.
GDPR (EEA Users): This section applies only to natural persons residing in the European Union, EFTA States, or the United Kingdom (for the purpose of this section only, “you” or “your” shall be limited accordingly). It is the Company’s policy to comply with the EEA’s General Data Protection Regulation (“GDPR”) and the UK GDPR. In accordance with the GDPR, we may transfer your Personal Information from your home country to the U.S. and/or other countries, provided that the transferee has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Specifically, we may cause such transfer if we ensured that at least one of the following applies:
The country to which Personal Information has been transferred, has been determined by the EU Commission to be a country providing adequate protection to the privacy rights of EU residents.
Application of Standard Contractual Clauses where appropriate.
8. WHAT ARE MY RIGHTS?
Under certain laws, including the EU, UK and US-state data protection laws, individuals have rights regarding their personal data. You can exercise your rights at any time by contacting us at [email protected]i. Those rights may include, but are not limited to, the following:
Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will correct it as soon as we can. The setting for a particular forum may also allow you to close your account, on the setting page for your account. Depending on the settings for your particular forum, you may also be able to edit, anonymize, or erase your posts.
Data deletion. In some circumstances, you have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized.
Data portability. In some circumstances, you may have the right to request that we will provide you with the Personal Information you have made available to us, so you can transfer it to another party.
Restriction of processing. In some cases, you may have the right to request restriction of the processing of your Personal Information, such as when you are disputing the accuracy of your information held by us.
Please note that these rights are reliant upon the data protection and privacy laws that are applicable in your jurisdiction. Imper may refuse requests to exercise data subject rights if there is a legitimate reason, such as if we cannot authenticate your identity, if the request could violate the rights of a third party or applicable law, or prevent us from delivering a service you requested. If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting or deleting your data, please contact Customer directly.
9. HOW DO YOU KEEP MY INFORMATION SECURE?
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Information. We limit access of your information only to those employees, third party service providers or partners on a “need to know” basis, and strictly in order to enable us to perform the agreement between you and us.
Despite these measures, Imper cannot provide absolute information security or eliminate all risks associated with Personal Information, and security breaches may happen. If there are any questions about security, please contact us at [email protected].
10. HOW LONG WILL YOU RETAIN MY INFORMATION?
We will retain your Personal Information only as long as necessary for the purposes for which it was collected and processed. If you withdraw your consent to our processing your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).
11. HOW DO YOU PROTECT THE PRIVACY OF CHILDREN?
To use our Services, you must be over the age of eighteen (18). Therefore, we do not knowingly collect Personal Information from individuals under the age of eighteen and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of eighteen are not using the Services. If you believe that we might have any information from or about an individual under the age of eighteen, please contact us at [email protected].
12. DIRECT MARKETING
You hereby agree that we may use your contact details provided during registration for the purpose of informing you regarding updates and offers related to our Services that may interest you and other related marketing materials. You may withdraw your consent via sending a written notice to Imper by email to the following address: [email protected] or by clicking the “Unsubscribe” button displayed in the email you received.
13. UPDATES TO THIS PRIVACY POLICY
This Privacy Policy is subject to changes from time to time at our sole discretion. The most current version will always be posted on our Services. You are advised to check for updates regularly. Imper may provide you with notices concerning this Privacy Policy by using the e-mail address you provide in connection with your account registration on the Services. By continuing to access and use our Services after any updates become effective, you accept and agree to be bound by the updated Privacy Policy.
14. GENERAL INFORMATION
This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the applicable laws set out in the Terms and Conditions without respect to its conflict
of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction as set out in the Terms and Conditions.
15. HOW CAN I CONTACT YOU?
If you wish to exercise any of the aforementioned rights or receive more information, please email us at [email protected].