Privacy Policy for Impct Beta


This Privacy Policy explains the nature, scope, and purposes of how Impct Engineering FlexCo (“Impct”) collects and uses your personal data when you visit the website [https://www.impct.app/] (“the Website”) and when you use the “TestFlight – Impct” app provided by Impct (“the App”). Protecting your data is very important to us. Accordingly, we treat your personal data confidentially and in compliance with this Privacy Policy and all relevant legal requirements.

1. Controller

The controller for data processing under the General Data Protection Regulation (“GDPR”) is:

Impct Engineering FlexCo
Registered in Vienna, Austria, under company registration number 631423p
Address: Pasettistraße 70/14, 1200 Vienna, Austria
Email: julian@impct.app
Phone: +43 699 12472623

2. What Is Personal Data?

Personal data refers to information relating to an identified or identifiable natural person (“data subject”). Examples include a name, address, email address, phone number, date of birth, age, gender, location data, driving or travel behavior, social security number, IP addresses, and possibly user names. Some forms of personal data are considered “special categories” (also known as “sensitive data”) under the GDPR, such as health or certain legal or criminal-related data.

In connection with the App, personal data is generally collected only if you submit it yourself. Details on which data we process are set out below:

  • Data Processing on the Website: If you contact us through the Website or merely visit it, please see the additional information at [https://www.impct.app/imprint].

  • Data Processing When Using the App:

    • User Account Data: We process your login information (email address, password, possibly other login data like name or pseudonyms, IP address, and any other data you choose to provide voluntarily).

    • Location and Activity Data: We process location data (GPS coordinates), movement data, and fitness/activity data to measure and calculate “spatiotemporal features” (e.g. speed, distance, acceleration, bearing) that help us automatically estimate the CO₂ emissions of your journeys. This estimation is based on the trips you take, including the mode of transport used, distance covered, and duration.

    • Contextual Features (Map-Features): In this Beta version, your location data—including GPS coordinates—may also be used to compare your route against our own map data to determine, for example, whether you are on a subway or train route. This improves the accuracy of identifying your mode of transport in cases where movement profiles are similar (e.g. bus vs. car, train vs. subway).

In this version of the App, your location data and coordinates will be transmitted to the Impct Cloud Database to calculate these contextual features, then used by an Impct machine learning service to process your trips. If you wish, and unless you expressly withdraw your consent, the start and end coordinates of each journey will also be used for “reverse geocoding” to determine start and end addresses (e.g., the nearest street or building address). You can revoke your consent to this at any time.

Please note that you will be unable to use the App’s functionalities unless you grant these permissions. Specifically, the following permissions are required on your smartphone:

  1. “Allow Impct to use your location?” → “Allow while using the App.”

  2. “Allow Impct to also use your location even when you are not using the App?” → “Change to always allow.”

  3. “Impct would like to have access to your motion & fitness activity” → “Allow.”

Note on Future Release (Public Beta): In an upcoming version of the App, your location data never leaves your mobile device. Both reverse geocoding and map comparison (to identify how you traveled) will occur locally on your phone, and the relevant map tiles are only downloaded temporarily. Afterward, the map tiles are deleted, meaning your location data remains securely on your phone, and even Impct cannot create any movement profile on you.

3. Legal Bases for Data Processing

Impct processes your personal data only where a legal basis under Article 6(1) GDPR applies. In particular:

  1. Consent (Article 6(1)(a) GDPR)
    If you have consented (for example, when contacting us or for certain cookies), the relevant data processing occurs on that basis. We may also process any sensitive data (Article 9 GDPR) you provide, subject to your explicit consent. The scope and purposes of each processing activity are governed by the specific consent you have given. You may withdraw your consent at any time with future effect by contacting us at julian@impct.app or by postal mail at Impct Engineering FlexCo, Pasettistraße 70/14, 1200 Vienna, Austria.

  2. Performance of a Contract (Article 6(1)(b) GDPR)
    Most of the data processing related to the App’s functions (e.g., measuring CO₂ emissions) is necessary for performance of a contract (including any pre-contractual relationships, such as free testing or use of the App).

  3. Legal Obligations (Article 6(1)(c) GDPR)
    If Impct is under a legal obligation requiring the processing of personal data (e.g., bookkeeping or other statutory obligations), we process your data on this basis.

  4. Legitimate Interests (Article 6(1)(f) GDPR)
    In some cases, processing is necessary to protect legitimate interests pursued by Impct or by a third party, such as:

    • Improving our software and enabling it to “learn,”

    • Conducting direct marketing activities,

    • Ensuring network and data security (where consistent with applicable law and the rights/freedoms of the user),

    • Exercising, defending, or establishing legal claims.

4. Automated Decision-Making Under Article 22 GDPR

Impct does not use any automated decision-making processes as described in Article 22 GDPR.

5. Source of Your Data

Generally, Impct processes only the personal data that you provide. When you reach out to us through the App, for example, you may supply contact information such as your email address. When you use the App, you provide location data so that it can calculate your CO₂ emissions and display them, along with any other features.

6. Will Your Data Be Shared?

Your personal data may be processed by third-party service providers (acting as our processors) on our behalf. This includes providers of marketing tools, IT services, software solutions, hosting and maintenance, accounting services, and other providers we rely on to deliver our services. Such processors only process your data according to our instructions and for the purposes laid out in this Privacy Policy.

Examples include:

  • Cloud Database Provider: Supabase Inc. (EU-Central-1 Frankfurt)

  • Cloud Hyperscaler: Amazon Web Services (EU-Central-1 Frankfurt)

    • For both providers, we use our own “virtual private cloud” (non-shared server infrastructure).

  • App Ecosystem Providers:

    • Apple Inc. (iOS App Store Analytics, push notifications)

    • Google Inc. (Google Play Store Analytics, push notifications)

If a recipient of your personal data is located outside the European Union or processes data outside the EU, and that country does not offer an adequate level of data protection (per the EU Commission), Impct will ensure an adequate level of protection through legal agreements (such as the EU Standard Contractual Clauses).

In certain circumstances, we may be legally obliged to disclose data to government or law enforcement authorities (e.g., to prevent or detect fraud, or to ensure network and data security).

7. Data Security

We employ appropriate technical and organizational measures to protect your personal data against unauthorized, unlawful, or accidental access, processing, loss, or misuse. Nonetheless, transmitting information over the internet always carries some risk that others could view or use it. Impct cannot be held liable for any disclosure or misuse of information if we have taken all necessary security measures and if unlawful access (e.g., hacking) occurs without our fault.

8. Retention Period

We store your personal data only as long as is required to fulfill the contractual and/or statutory obligations (e.g., mandatory retention periods) or for as long as we have a legitimate interest (e.g., defending against possible liability claims). Once the relevant purpose ceases to apply, data is deleted or anonymized. During this entire retention period, we ensure data is handled in compliance with this Privacy Policy.

If we rely on your consent as the legal basis for processing, we process the data for the duration of your consent, and possibly longer if required by law. If you contact us without later entering into a contract or granting consent, we typically delete your message and any associated data after six months.

9. Your Rights

As a data subject under the GDPR, you have the right to request access to the personal data we hold about you, including its source, recipients, and the purposes of its processing. You also have the right (as applicable) to rectification, data portability, objection to processing, restriction of processing, and erasure. You may address these requests or any related questions to julian@impct.app or send them to:

Impct Engineering FlexCo
Pasettistraße 70/14
1200 Vienna
Austria

If you believe that our processing of your personal data violates applicable data protection laws or otherwise infringes your rights, you may lodge a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority (see www.dsb.gv.at).

10. Changes to This Privacy Policy

Impct may revise this Privacy Policy to reflect technical or legal changes, or to reflect new services or products. Any updated version of the Privacy Policy will be published in the App.

Last Updated: February 2025

Impct Engineering FlexCo

Privacy Policy for Impct Beta


This Privacy Policy explains the nature, scope, and purposes of how Impct Engineering FlexCo (“Impct”) collects and uses your personal data when you visit the website [https://www.impct.app/] (“the Website”) and when you use the “TestFlight – Impct” app provided by Impct (“the App”). Protecting your data is very important to us. Accordingly, we treat your personal data confidentially and in compliance with this Privacy Policy and all relevant legal requirements.

1. Controller

The controller for data processing under the General Data Protection Regulation (“GDPR”) is:

Impct Engineering FlexCo
Registered in Vienna, Austria, under company registration number 631423p
Address: Pasettistraße 70/14, 1200 Vienna, Austria
Email: julian@impct.app
Phone: +43 699 12472623

2. What Is Personal Data?

Personal data refers to information relating to an identified or identifiable natural person (“data subject”). Examples include a name, address, email address, phone number, date of birth, age, gender, location data, driving or travel behavior, social security number, IP addresses, and possibly user names. Some forms of personal data are considered “special categories” (also known as “sensitive data”) under the GDPR, such as health or certain legal or criminal-related data.

In connection with the App, personal data is generally collected only if you submit it yourself. Details on which data we process are set out below:

  • Data Processing on the Website: If you contact us through the Website or merely visit it, please see the additional information at [https://www.impct.app/imprint].

  • Data Processing When Using the App:

    • User Account Data: We process your login information (email address, password, possibly other login data like name or pseudonyms, IP address, and any other data you choose to provide voluntarily).

    • Location and Activity Data: We process location data (GPS coordinates), movement data, and fitness/activity data to measure and calculate “spatiotemporal features” (e.g. speed, distance, acceleration, bearing) that help us automatically estimate the CO₂ emissions of your journeys. This estimation is based on the trips you take, including the mode of transport used, distance covered, and duration.

    • Contextual Features (Map-Features): In this Beta version, your location data—including GPS coordinates—may also be used to compare your route against our own map data to determine, for example, whether you are on a subway or train route. This improves the accuracy of identifying your mode of transport in cases where movement profiles are similar (e.g. bus vs. car, train vs. subway).

In this version of the App, your location data and coordinates will be transmitted to the Impct Cloud Database to calculate these contextual features, then used by an Impct machine learning service to process your trips. If you wish, and unless you expressly withdraw your consent, the start and end coordinates of each journey will also be used for “reverse geocoding” to determine start and end addresses (e.g., the nearest street or building address). You can revoke your consent to this at any time.

Please note that you will be unable to use the App’s functionalities unless you grant these permissions. Specifically, the following permissions are required on your smartphone:

  1. “Allow Impct to use your location?” → “Allow while using the App.”

  2. “Allow Impct to also use your location even when you are not using the App?” → “Change to always allow.”

  3. “Impct would like to have access to your motion & fitness activity” → “Allow.”

Note on Future Release (Public Beta): In an upcoming version of the App, your location data never leaves your mobile device. Both reverse geocoding and map comparison (to identify how you traveled) will occur locally on your phone, and the relevant map tiles are only downloaded temporarily. Afterward, the map tiles are deleted, meaning your location data remains securely on your phone, and even Impct cannot create any movement profile on you.

3. Legal Bases for Data Processing

Impct processes your personal data only where a legal basis under Article 6(1) GDPR applies. In particular:

  1. Consent (Article 6(1)(a) GDPR)
    If you have consented (for example, when contacting us or for certain cookies), the relevant data processing occurs on that basis. We may also process any sensitive data (Article 9 GDPR) you provide, subject to your explicit consent. The scope and purposes of each processing activity are governed by the specific consent you have given. You may withdraw your consent at any time with future effect by contacting us at julian@impct.app or by postal mail at Impct Engineering FlexCo, Pasettistraße 70/14, 1200 Vienna, Austria.

  2. Performance of a Contract (Article 6(1)(b) GDPR)
    Most of the data processing related to the App’s functions (e.g., measuring CO₂ emissions) is necessary for performance of a contract (including any pre-contractual relationships, such as free testing or use of the App).

  3. Legal Obligations (Article 6(1)(c) GDPR)
    If Impct is under a legal obligation requiring the processing of personal data (e.g., bookkeeping or other statutory obligations), we process your data on this basis.

  4. Legitimate Interests (Article 6(1)(f) GDPR)
    In some cases, processing is necessary to protect legitimate interests pursued by Impct or by a third party, such as:

    • Improving our software and enabling it to “learn,”

    • Conducting direct marketing activities,

    • Ensuring network and data security (where consistent with applicable law and the rights/freedoms of the user),

    • Exercising, defending, or establishing legal claims.

4. Automated Decision-Making Under Article 22 GDPR

Impct does not use any automated decision-making processes as described in Article 22 GDPR.

5. Source of Your Data

Generally, Impct processes only the personal data that you provide. When you reach out to us through the App, for example, you may supply contact information such as your email address. When you use the App, you provide location data so that it can calculate your CO₂ emissions and display them, along with any other features.

6. Will Your Data Be Shared?

Your personal data may be processed by third-party service providers (acting as our processors) on our behalf. This includes providers of marketing tools, IT services, software solutions, hosting and maintenance, accounting services, and other providers we rely on to deliver our services. Such processors only process your data according to our instructions and for the purposes laid out in this Privacy Policy.

Examples include:

  • Cloud Database Provider: Supabase Inc. (EU-Central-1 Frankfurt)

  • Cloud Hyperscaler: Amazon Web Services (EU-Central-1 Frankfurt)

    • For both providers, we use our own “virtual private cloud” (non-shared server infrastructure).

  • App Ecosystem Providers:

    • Apple Inc. (iOS App Store Analytics, push notifications)

    • Google Inc. (Google Play Store Analytics, push notifications)

If a recipient of your personal data is located outside the European Union or processes data outside the EU, and that country does not offer an adequate level of data protection (per the EU Commission), Impct will ensure an adequate level of protection through legal agreements (such as the EU Standard Contractual Clauses).

In certain circumstances, we may be legally obliged to disclose data to government or law enforcement authorities (e.g., to prevent or detect fraud, or to ensure network and data security).

7. Data Security

We employ appropriate technical and organizational measures to protect your personal data against unauthorized, unlawful, or accidental access, processing, loss, or misuse. Nonetheless, transmitting information over the internet always carries some risk that others could view or use it. Impct cannot be held liable for any disclosure or misuse of information if we have taken all necessary security measures and if unlawful access (e.g., hacking) occurs without our fault.

8. Retention Period

We store your personal data only as long as is required to fulfill the contractual and/or statutory obligations (e.g., mandatory retention periods) or for as long as we have a legitimate interest (e.g., defending against possible liability claims). Once the relevant purpose ceases to apply, data is deleted or anonymized. During this entire retention period, we ensure data is handled in compliance with this Privacy Policy.

If we rely on your consent as the legal basis for processing, we process the data for the duration of your consent, and possibly longer if required by law. If you contact us without later entering into a contract or granting consent, we typically delete your message and any associated data after six months.

9. Your Rights

As a data subject under the GDPR, you have the right to request access to the personal data we hold about you, including its source, recipients, and the purposes of its processing. You also have the right (as applicable) to rectification, data portability, objection to processing, restriction of processing, and erasure. You may address these requests or any related questions to julian@impct.app or send them to:

Impct Engineering FlexCo
Pasettistraße 70/14
1200 Vienna
Austria

If you believe that our processing of your personal data violates applicable data protection laws or otherwise infringes your rights, you may lodge a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority (see www.dsb.gv.at).

10. Changes to This Privacy Policy

Impct may revise this Privacy Policy to reflect technical or legal changes, or to reflect new services or products. Any updated version of the Privacy Policy will be published in the App.

Last Updated: February 2025

Impct Engineering FlexCo

Privacy Policy for Impct Beta


This Privacy Policy explains the nature, scope, and purposes of how Impct Engineering FlexCo (“Impct”) collects and uses your personal data when you visit the website [https://www.impct.app/] (“the Website”) and when you use the “TestFlight – Impct” app provided by Impct (“the App”). Protecting your data is very important to us. Accordingly, we treat your personal data confidentially and in compliance with this Privacy Policy and all relevant legal requirements.

1. Controller

The controller for data processing under the General Data Protection Regulation (“GDPR”) is:

Impct Engineering FlexCo
Registered in Vienna, Austria, under company registration number 631423p
Address: Pasettistraße 70/14, 1200 Vienna, Austria
Email: julian@impct.app
Phone: +43 699 12472623

2. What Is Personal Data?

Personal data refers to information relating to an identified or identifiable natural person (“data subject”). Examples include a name, address, email address, phone number, date of birth, age, gender, location data, driving or travel behavior, social security number, IP addresses, and possibly user names. Some forms of personal data are considered “special categories” (also known as “sensitive data”) under the GDPR, such as health or certain legal or criminal-related data.

In connection with the App, personal data is generally collected only if you submit it yourself. Details on which data we process are set out below:

  • Data Processing on the Website: If you contact us through the Website or merely visit it, please see the additional information at [https://www.impct.app/imprint].

  • Data Processing When Using the App:

    • User Account Data: We process your login information (email address, password, possibly other login data like name or pseudonyms, IP address, and any other data you choose to provide voluntarily).

    • Location and Activity Data: We process location data (GPS coordinates), movement data, and fitness/activity data to measure and calculate “spatiotemporal features” (e.g. speed, distance, acceleration, bearing) that help us automatically estimate the CO₂ emissions of your journeys. This estimation is based on the trips you take, including the mode of transport used, distance covered, and duration.

    • Contextual Features (Map-Features): In this Beta version, your location data—including GPS coordinates—may also be used to compare your route against our own map data to determine, for example, whether you are on a subway or train route. This improves the accuracy of identifying your mode of transport in cases where movement profiles are similar (e.g. bus vs. car, train vs. subway).

In this version of the App, your location data and coordinates will be transmitted to the Impct Cloud Database to calculate these contextual features, then used by an Impct machine learning service to process your trips. If you wish, and unless you expressly withdraw your consent, the start and end coordinates of each journey will also be used for “reverse geocoding” to determine start and end addresses (e.g., the nearest street or building address). You can revoke your consent to this at any time.

Please note that you will be unable to use the App’s functionalities unless you grant these permissions. Specifically, the following permissions are required on your smartphone:

  1. “Allow Impct to use your location?” → “Allow while using the App.”

  2. “Allow Impct to also use your location even when you are not using the App?” → “Change to always allow.”

  3. “Impct would like to have access to your motion & fitness activity” → “Allow.”

Note on Future Release (Public Beta): In an upcoming version of the App, your location data never leaves your mobile device. Both reverse geocoding and map comparison (to identify how you traveled) will occur locally on your phone, and the relevant map tiles are only downloaded temporarily. Afterward, the map tiles are deleted, meaning your location data remains securely on your phone, and even Impct cannot create any movement profile on you.

3. Legal Bases for Data Processing

Impct processes your personal data only where a legal basis under Article 6(1) GDPR applies. In particular:

  1. Consent (Article 6(1)(a) GDPR)
    If you have consented (for example, when contacting us or for certain cookies), the relevant data processing occurs on that basis. We may also process any sensitive data (Article 9 GDPR) you provide, subject to your explicit consent. The scope and purposes of each processing activity are governed by the specific consent you have given. You may withdraw your consent at any time with future effect by contacting us at julian@impct.app or by postal mail at Impct Engineering FlexCo, Pasettistraße 70/14, 1200 Vienna, Austria.

  2. Performance of a Contract (Article 6(1)(b) GDPR)
    Most of the data processing related to the App’s functions (e.g., measuring CO₂ emissions) is necessary for performance of a contract (including any pre-contractual relationships, such as free testing or use of the App).

  3. Legal Obligations (Article 6(1)(c) GDPR)
    If Impct is under a legal obligation requiring the processing of personal data (e.g., bookkeeping or other statutory obligations), we process your data on this basis.

  4. Legitimate Interests (Article 6(1)(f) GDPR)
    In some cases, processing is necessary to protect legitimate interests pursued by Impct or by a third party, such as:

    • Improving our software and enabling it to “learn,”

    • Conducting direct marketing activities,

    • Ensuring network and data security (where consistent with applicable law and the rights/freedoms of the user),

    • Exercising, defending, or establishing legal claims.

4. Automated Decision-Making Under Article 22 GDPR

Impct does not use any automated decision-making processes as described in Article 22 GDPR.

5. Source of Your Data

Generally, Impct processes only the personal data that you provide. When you reach out to us through the App, for example, you may supply contact information such as your email address. When you use the App, you provide location data so that it can calculate your CO₂ emissions and display them, along with any other features.

6. Will Your Data Be Shared?

Your personal data may be processed by third-party service providers (acting as our processors) on our behalf. This includes providers of marketing tools, IT services, software solutions, hosting and maintenance, accounting services, and other providers we rely on to deliver our services. Such processors only process your data according to our instructions and for the purposes laid out in this Privacy Policy.

Examples include:

  • Cloud Database Provider: Supabase Inc. (EU-Central-1 Frankfurt)

  • Cloud Hyperscaler: Amazon Web Services (EU-Central-1 Frankfurt)

    • For both providers, we use our own “virtual private cloud” (non-shared server infrastructure).

  • App Ecosystem Providers:

    • Apple Inc. (iOS App Store Analytics, push notifications)

    • Google Inc. (Google Play Store Analytics, push notifications)

If a recipient of your personal data is located outside the European Union or processes data outside the EU, and that country does not offer an adequate level of data protection (per the EU Commission), Impct will ensure an adequate level of protection through legal agreements (such as the EU Standard Contractual Clauses).

In certain circumstances, we may be legally obliged to disclose data to government or law enforcement authorities (e.g., to prevent or detect fraud, or to ensure network and data security).

7. Data Security

We employ appropriate technical and organizational measures to protect your personal data against unauthorized, unlawful, or accidental access, processing, loss, or misuse. Nonetheless, transmitting information over the internet always carries some risk that others could view or use it. Impct cannot be held liable for any disclosure or misuse of information if we have taken all necessary security measures and if unlawful access (e.g., hacking) occurs without our fault.

8. Retention Period

We store your personal data only as long as is required to fulfill the contractual and/or statutory obligations (e.g., mandatory retention periods) or for as long as we have a legitimate interest (e.g., defending against possible liability claims). Once the relevant purpose ceases to apply, data is deleted or anonymized. During this entire retention period, we ensure data is handled in compliance with this Privacy Policy.

If we rely on your consent as the legal basis for processing, we process the data for the duration of your consent, and possibly longer if required by law. If you contact us without later entering into a contract or granting consent, we typically delete your message and any associated data after six months.

9. Your Rights

As a data subject under the GDPR, you have the right to request access to the personal data we hold about you, including its source, recipients, and the purposes of its processing. You also have the right (as applicable) to rectification, data portability, objection to processing, restriction of processing, and erasure. You may address these requests or any related questions to julian@impct.app or send them to:

Impct Engineering FlexCo
Pasettistraße 70/14
1200 Vienna
Austria

If you believe that our processing of your personal data violates applicable data protection laws or otherwise infringes your rights, you may lodge a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority (see www.dsb.gv.at).

10. Changes to This Privacy Policy

Impct may revise this Privacy Policy to reflect technical or legal changes, or to reflect new services or products. Any updated version of the Privacy Policy will be published in the App.

Last Updated: February 2025

Impct Engineering FlexCo