imaga logo

Privacy Policy

Last Updated: September 11, 2025

Introduction

Welcome to Imaga, Inc. (“Imaga”, "Company", "we", "us" or "our") website. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, products, and services (collectively, the “Services”). It is designed to comply with applicable privacy laws in the European Union (EU), United Kingdom (UK), United Arab Emirates (UAE), United States (US), and specifically California. By using our Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.

Information We Collect

We may collect and process the following categories of personal data:

  • Information You Provide to Us: When you interact with our Services (for example, by filling out contact forms, registering, or communicating with us), you may provide personal information such as your name, company name, phone number, email address, and other contact details. We will also collect any other information you choose to provide (for instance, the content of messages or inquiries).
  • Automatically Collected Data: When you visit our website or use our Services, we automatically collect certain data about your device and usage of our site. This may include your IP address, browser type and version, device identifiers, operating system, referring URLs, pages viewed, the dates/times of access, and your browsing activities on our site (e.g. pages visited, clicks, and time spent). We also gather information about your interaction with our site via cookies and similar tracking technologies as described below. For example, we may collect data on how you arrived at our site and your behavior on the site, which helps us analyze and improve our Services.
  • Cookies and Tracking Technologies: We use cookies, pixel tags, and similar technologies to collect technical and analytics information. This includes both first-party cookies (set by us) and third-party cookies (set by service providers). These technologies help remember your preferences, understand how you use our site, and tailor content or advertising. For more details, see Cookies and Tracking below.
  • Potential Additional Data: In certain cases, we might obtain information from third parties or public sources in accordance with applicable law. For example, if you connect with us via a social media account or use a third-party login, we could receive basic profile information from those platforms (to the extent you authorized it). We may also collect any other information that you voluntarily provide to us in the course of using our Services.

We do not knowingly collect any sensitive personal data (such as government-issued IDs, financial information, health data, etc.) from users, unless explicitly stated. The personal information we collect is generally limited to identification and contact details and usage data as described above.

How We Use Your Information

We use the collected personal data for the following purposes (and in accordance with the lawful bases permitted under relevant law):

  • Providing and Improving Services: To operate, maintain and provide you with the features and functionality of our Services. For example, we use your information to create and manage your account (if any), to deliver the services or information you request, and to ensure the proper functioning and security of our website. We also analyze usage information (e.g. how users navigate our site) to understand and improve the performance and user experience of our Services.
  • Communications and Support: To communicate with you about your inquiries, requests or use of our Services. For instance, if you contact us (such as by emailing us at our contact email), we will use your contact information to respond. We may also send you administrative or account-related messages (e.g. to confirm a service request, notify about changes to our terms or policies, or provide customer support).
  • Marketing and Advertising: To the extent permitted by law, we may use your contact details or online identifiers to send you updates, newsletters or promotional materials about our services that may be of interest to you. (We do not currently engage in mass email newsletters or unsolicited marketing emails, and we will obtain consent where required.) We also use advertising cookies and pixels to deliver tailored advertisements and marketing messages on third-party platforms. For example, we might use information about your visits to our site to retarget ads to you on other websites or social media. All such processing is done in line with applicable consent requirements and your opt-out choices.
  • Analytics and Product Development: We use data (particularly aggregated, anonymized or statistical information) to understand user behavior and preferences in order to improve our existing products/services and to develop new features. For instance, we rely on tools like Google Analytics to measure how users interact with our site and to glean insights about which features are popular. This helps us make informed decisions about enhancements and optimizations.
  • Security and Fraud Prevention: Your information is also processed to maintain the security of our Services, website, and users. This includes efforts to prevent fraud, abuse, and other malicious activities. For example, we deploy anti-spam and bot-detection measures (like Google reCAPTCHA, described below) to protect our site. Data (like IP addresses or usage patterns) may be used to detect and mitigate malicious or unauthorized activities and to enforce our terms and policies.
  • Legal Compliance: Where required, we will process personal data to comply with our legal obligations. This may include maintaining records, responding to lawful requests by public authorities, or fulfilling reporting and compliance requirements (for example, those related to finance or privacy regulations).
  • Other Purposes with Consent: If we intend to use your personal information for a purpose that requires consent (for instance, if we ever wanted to process sensitive data or send certain marketing communications in jurisdictions requiring opt-in), we will ask for your consent. Where consent is given, you can withdraw it at any time.
  • We will not use your personal data for purposes that are incompatible with the ones listed above without notifying you and obtaining your consent when required. We ensure that any use of personal data is necessary and proportionate to our legitimate business needs. If we anonymize or aggregate data so that it can no longer identify you, we may use such non-personal data for any legitimate purpose.

If you are located in the EU, UK, or another jurisdiction with similar legal requirements, we process your personal data under the following legal bases as established by the General Data Protection Regulation (GDPR) and UK data protection law:

  • Performance of a Contract: When we need to process your data to provide the Services you have requested or to take steps at your request before entering into a contract. For example, when you provide your contact information to inquire about our services, we process that data to respond and potentially perform a service agreement with you.
  • Legitimate Interests: We process certain data as necessary for our legitimate business interests, provided those interests are not overridden by your data protection rights. This includes uses like improving our website’s performance, securing our Services, and marketing to our customers. We always consider the impact on your privacy and provide safeguards to protect your information, and you have the right to object to processing based on legitimate interests.
  • Your Consent: We rely on consent in specific situations where we ask for it – for example, if we place non-essential cookies (such as advertising cookies) on your device, or if we send you marketing communications in jurisdictions that require prior consent. Where consent is our legal basis, you have the right to withdraw it at any time, which will not affect the lawfulness of processing before withdrawal.
  • Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation to which we are subject. For instance, retaining transaction records for accounting/regulatory purposes or disclosing information when compelled by law.
  • Vital Interests & Public Interest: These bases are likely not applicable in the context of our Services, except in the unlikely scenario where processing is necessary to protect someone’s life or for a task carried out in the public interest (we will notify you if such a basis becomes relevant).

We identify and document the applicable legal basis for each processing activity, in accordance with GDPR principles.

Cookies and Tracking Technologies

We use cookies and similar technologies to collect information automatically from your device. You will have the opportunity to manage your cookie preferences when you first visit our site (and can adjust them anytime via your browser). Below is how we use these technologies:

  • Necessary Cookies: These are essential for the operation of our website and enable core functionality (e.g., security, network management, accessibility). For instance, when you log in or submit a form, necessary cookies ensure the process works properly. You cannot opt out of these cookies if you wish to use the Services, as they are required for basic operations.
  • Analytics Cookies: We use analytics tools (notably Google Analytics) to understand how users find and use our site. Google Analytics uses cookies to collect data such as your IP address, device identifiers, and browsing actions on our site. This information is aggregated and helps us analyze website traffic and user behavior patterns. We use these insights to improve content and performance. Google may process data collected via our site for its own analytics purposes; however, we have configured Google Analytics in compliance with privacy requirements (for example, in certain jurisdictions we enable IP anonymization). Please note that data collected by Google Analytics may be transmitted to and stored on Google’s servers (for example, in the United States). For more details on how Google uses data collected through our site, see Google's Privacy Policy. You can opt-out of Google Analytics by adjusting cookie settings in our cookie consent banner.
  • Advertising & Tracking Pixels: We utilize third-party advertising cookies and pixels (small snippets of code) from advertising partners to help deliver tailored ads and measure their effectiveness. These may include, for example, the Facebook/Meta Pixel, Google Ads tags, LinkedIn Insight Tag, or other similar trackers. Advertising pixels allow those third-party platforms to collect information about your interaction with our site (such as the pages you visited or links you clicked) in order to retarget ads to you on their networks and measure conversions. The data collected typically includes identifiers like your IP address, device or browser identifiers, and site usage information, which may be combined with information the platform already holds about you to create audiences for our ads. We only deploy these cookies/pixels in jurisdictions where we have obtained appropriate consent (e.g., via our cookie banner in the EU/UK). You can also control the placement of such cookies through your browser settings or opt-out mechanisms provided by those third-party services.
  • Google reCAPTCHA: To protect our site from spam and abuse, we use Google reCAPTCHA on our forms and interactive features. reCAPTCHA is a service that helps us detect automated bots by collecting certain information about the user’s interaction with the site. What data does reCAPTCHA collect? When you load a page with reCAPTCHA, it may collect hardware and software information, such as your IP address, browser and device characteristics, and user behaviors on the page (for example, how you move your mouse or whether you click on certain elements). It also places a cookie on your browser and checks for any Google cookies that might indicate if you are a Google user. In summary, reCAPTCHA gathers data like IP address, mouse movements/clicks, device and browser info, cookies, and the time spent on the site to distinguish human users from bots. This data is sent to Google for analysis. Use of reCAPTCHA data: The information collected via reCAPTCHA is solely used for bot detection and security purposes and will not be used for advertising. Google’s Privacy Policy and Terms of Service apply to this feature. In fact, Google requires that we notify you of the following: “This site is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply.”. By using our forms protected by reCAPTCHA, you consent to such processing. In EU/UK, we load reCAPTCHA only after you have indicated your consent via our cookie/privacy settings (since it involves cookie use and data transfer). If you prefer not to have this data collected, please refrain from using our online forms and contact us through alternate means.
  • Other Third-Party Tools: We may integrate other third-party services that involve cookies or similar technologies (for example, embedded videos or social media share buttons might set cookies by those platforms). Where these are present, we will disclose their usage and ensure any required consent. You can manage and block cookies via your browser settings. Note that disabling certain cookies may affect the functionality of our site.
  • Your Choices: On your first visit to our site, you will have seen a cookie banner or pop-up allowing you to accept or reject different categories of cookies (except strictly necessary ones). Additionally, most web browsers provide options to refuse new cookies, disable existing cookies, or alert you when new cookies are being sent. Please refer to your browser’s help documentation for more information on controlling cookies. Keep in mind that if you block or delete cookies, some features of our Services (especially those that rely on cookies) may not work properly.

How We Share and Disclose Information

We value your privacy and handle your personal data with care. We do not sell your personal information to third parties for their own marketing or commercial use. However, we do share certain information with third parties in the following circumstances:

  • Service Providers / Processors: We share personal data with trusted third-party companies that perform services on our behalf and under our instructions (commonly known as “data processors” under GDPR or “service providers” under CCPA). This includes, for example, companies providing: cloud hosting or data storage, customer relationship management (CRM) systems, analytics services (e.g., Google Analytics), website functionality tools, advertising and marketing services (including advertising networks or social media platforms that display our ads), and professional advisors (such as IT support, security, legal, or accounting services). These third parties only receive the information necessary for them to carry out their specific tasks. We require that all service providers protect your personal data and use it only for the purposes we specify, consistent with this Policy and applicable law.
  • Advertising and Marketing Partners: As noted in the Cookies section, we allow certain third-party advertising partners (like Google, Meta/Facebook, LinkedIn, etc.) to collect data via cookies/pixels on our site for the purposes of analytics and targeted advertising. These partners may act as our service providers (processing data only for our purposes) or, in some contexts, as independent controllers (using data for their own purposes, such as improving their advertising services). We share pseudonymous identifiers or demographic segments with these partners to reach people likely to be interested in our Services. For instance, we might upload a list of business contact emails to a platform like LinkedIn to create a custom audience for our ads – this would involve sharing personal data under strict terms of use. Note that any such “sharing” of data for targeted advertising is done in compliance with relevant laws (e.g., with opt-in consent in the EU, or offering opt-out rights in California).
  • Within Our Corporate Group: We may share data with our subsidiaries, affiliates, or branch offices (we have offices in different countries like the US, EU (Portugal), and UAE, your data might be accessed by staff in those locations). All such intra-group sharing is on a need-to-know basis and under binding confidentiality and data protection arrangements.
  • Business Transfers: If we engage in or undergo a merger, acquisition, reorganization, sale of assets, bankruptcy, or other similar business transaction, your personal data may be transferred to the successor entity or new owner as part of that deal. If such a transfer occurs, the successor will be subject to the same commitments stated in this Privacy Policy or we will notify you and obtain consent if required by law.
  • Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement agencies, regulators, or outside counsel) if we believe disclosure is reasonably necessary to (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce or investigate potential violations of our Terms of Service or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Imaga, our users, our employees, or the public. We will only release the information strictly required and, when legally possible, we will inform you of such disclosure.
  • With Your Consent: Apart from the above, if we want to share your information for other purposes not covered by this Policy, we will obtain your consent or provide an opportunity to opt out. For example, if you opt-in to a feature that involves sharing data with a partner, we will make that clear at the point of collection.

No Third-Party Selling: We do not disclose or sell your personal data to unaffiliated third parties for their independent use (for example, we do not sell email lists to other companies for marketing). We also do not share information about visitors to our site with our client companies; any data we collect is for our own business purposes as described in this Policy (such as improving our services and marketing our own offerings).

Third-Party Privacy Policies: When we integrate third-party tools (like the analytics or ad services mentioned), those third parties may collect information under their own privacy policies. We encourage you to review the privacy policies of any third-party services that you interact with through our Services. We are not responsible for the privacy practices of those third parties when they are acting as independent controllers.

International Data Transfers

Imaga operates in and serves customers in multiple jurisdictions. As a result, your personal data may be transferred to, stored in, or accessed from countries outside of your home country. This includes transfers from European Economic Area (EEA) or UK users to our operations or service providers in other countries (such as the United States or the UAE), and vice versa. For example, if you are in the EU and you fill out a form on our website, the information you provide might be stored on servers in the US, or accessed by our team in the UAE or our headquarters. Likewise, if you are in the UAE, your data might be processed on servers located in the EU, etc.

Data Protection Abroad: We acknowledge that not all countries have the same data protection laws. When we transfer personal data across borders, we take steps to ensure appropriate safeguards are in place to protect your information in line with this Policy and applicable laws. These measures include:

  • European Union/UK Transfers: For transfers of personal data from the EEA, Switzerland, or UK to countries not deemed by the European Commission (or UK authorities) to provide an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms. The SCCs are standardized contractual provisions approved by the EU Commission (and adopted by the UK ICO for the UK) that impose data protection obligations on the foreign recipient and give data subjects rights to protection. We have executed SCCs (or the UK International Data Transfer Agreement, as applicable) with our service providers where required, to cover any export of data from the EU/UK to a third country. In some cases, we may also rely on other transfer mechanisms permitted by GDPR, such as your explicit consent for certain transfers, or transfers necessary for the performance of a contract with you (e.g., if you’re an EU customer using our service based in the US). We continuously monitor regulatory developments and will implement any additional measures if needed (for instance, technical encryption safeguards or following the guidance of authorities) to ensure transferred data enjoys an essentially equivalent level of protection.
  • United Arab Emirates Transfers: The UAE’s Personal Data Protection Law (PDPL) imposes requirements for cross-border transfer and sharing of personal data. Where we transfer data out of the UAE, we will ensure we meet the conditions set by the PDPL and its executive regulations. This may involve obtaining your consent for the transfer, or ensuring the recipient jurisdiction has adequate protection or contractual safeguards similar to the EU’s clauses. As the UAE Data Office may approve certain countries or safeguards, we will adhere to those standards once in effect.
  • Other Regions: For transfers from other countries with data export restrictions, we will similarly ensure compliance. For example, if you are in a country like Brazil or Canada with its own data transfer rules, we will follow the mechanisms provided under those laws (such as Brazil’s Standard Clauses or PIPEDA’s requirements for meaningful consent and protection).

By using our Services or submitting your information to us, you acknowledge that your personal data may be transferred to and processed in countries outside of your own. However, we will always protect your data as described in this Policy, regardless of where it is processed. We have implemented uniform standards across our operations to ensure your privacy is safeguarded.

If you have questions about our international data transfer practices, or wish to obtain a copy of the relevant safeguards in place (such as the SCCs), you can contact us using the details in the Contact Us section.

Data Security

We take security seriously and have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures are designed to provide a level of security appropriate to the risk of processing your personal information. They include, for example:

  • Encryption of data in transit (e.g., TLS/SSL encryption for our website) and at rest where applicable, to prevent interception or access by unauthorized parties.
  • Access controls and authentication measures: Personal data is accessible only by authorized personnel who have a legitimate need to know. We restrict access to your information to employees, contractors, and agents who are bound by confidentiality and trained in data protection.
  • Robust IT security practices: We use firewalls, intrusion detection systems, anti-malware software, and regular security monitoring to guard against external threats. We also keep our systems and software up-to-date with security patches.
  • Organizational policies: We have internal policies for data handling and incident response. We conduct periodic reviews and audits of our security practices. Where appropriate, we pseudonymize or anonymize personal data to mitigate privacy risks.
  • Physical security controls for facilities and servers that contain personal data, to prevent unauthorized physical access.
  • Regular backups of critical data to ensure availability and resilience in case of an outage or disaster.

While we strive to protect your information, please note that no method of transmission over the Internet or electronic storage is 100% secure. Thus, we cannot guarantee absolute security. You should also take care with how you handle and disclose your personal data and login credentials, and notify us immediately if you believe your interaction with us is no longer secure.

In the event of a data breach involving your personal data, we will act promptly to identify, contain, and rectify the issue. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by law.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general:

  • If you are a customer or have a contract with us, we will keep your information for the duration of the contractual relationship and for a period after it ends as necessary to enforce our rights or comply with legal obligations (e.g., retention of invoices or communications as required by law).
  • If you contact us with an inquiry but do not become a customer, we will retain your information for as long as needed to respond to and complete your inquiry, plus a reasonable period thereafter in case you have additional questions or to establish a business relationship.
  • Information collected via cookies and similar tracking technologies is retained as per the lifespan of the cookie (which may vary – some cookies last for the browsing session only, others may persist for a few months or years). You can clear these cookies at any time through your browser settings. We honor such deletions by not re-identifying data once cookies are removed.
  • Analytics data is typically retained for a certain period (e.g., Google Analytics data may be retained for 14 months or a duration we configure) and is mainly in aggregate form.

In all cases, we adhere to the principle of storage limitation, meaning we do not keep personal data longer than necessary for the relevant purpose. The exact retention period may vary depending on the context and legal requirements. For instance, to comply with certain laws, we might need to retain some records for a minimum period (e.g., financial or transaction records for 5-7 years under tax regulations, or logs of consent given under GDPR obligations). Conversely, we will delete data sooner if requested by you (and no lawful exception applies) or if we determine the information is no longer needed.

After the retention period expires, or at your valid request, we will securely destroy or anonymize your personal data so that it can no longer be associated with you.

Your Rights

Depending on your location and the applicable privacy laws, you have certain rights regarding your personal data. We are committed to honoring your rights and have processes in place for you to exercise them. These rights include:

  • Right to Access: You have the right to request confirmation whether we process personal data about you, and if so, to request a copy of the information we hold about you, as well as supplementary details about how we use and share it. This is commonly known as a “Data Subject Access Request.” We will provide you with the information in a commonly used format, normally free of charge (unless the request is excessive, in which case a reasonable fee may apply as permitted by law).
  • Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. If you believe any of your information is incorrect or needs updating (for example, if you change your name or email address), please let us know and we will rectify it.
  • Right to Erasure: You can request that we delete your personal data in certain circumstances. This right (also known as the "right to be forgotten") applies, for instance, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and no other legal basis for processing exists, or if you object to processing and we have no overriding legitimate grounds to continue, or if the data was processed unlawfully. We will assess and act on deletion requests in line with applicable laws. Please note that we may not be able to delete data that we are required to keep by law or which is necessary to defend legal claims; we will inform you if any such exception applies.
  • Right to Restrict Processing: You have the right to request that we restrict (pause) our processing of your personal data under certain conditions. For example, you can ask for restriction if you contest the accuracy of the data (until we verify or correct it), or if the processing is unlawful but you prefer restriction over deletion, or if you need the data retained to establish/exercise a legal claim, or if you have objected to processing and verification of our legitimate grounds is pending. When processing is restricted, we will store your data securely and not use it, except to the extent allowed by you or required for legal reasons.
  • Right to Data Portability: To the extent required by law (e.g., under GDPR or similar regimes), you have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to have that information transmitted to another controller (if technically feasible). This right applies when the processing is based on your consent or a contract with you and the processing is carried out by automated means. We will provide the data directly to you or to another entity as you request, where possible.
  • Right to Object: You have the right to object to our processing of your personal data at any time when the processing is based on our legitimate interests (or those of a third party) and on grounds relating to your particular situation. If you object, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless processing is required for the establishment, exercise, or defense of legal claims. Direct Marketing: You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. If you opt-out or object, we will cease using your data for marketing.
  • Right to Not be Subject to Automated Decisions: Imaga does not make any legal or similarly significant decisions about you solely by automated means (without human involvement). In the event we adopt such practices, you would have the right not to be subject to a decision based purely on automated processing (including profiling) that produces legal effects or similarly significantly affects you. You would also have the right to express your point of view and contest the decision. (This right is granted under GDPR and some other laws. For clarity, our current processing of personal data does not involve this type of decision-making.)
  • Right to Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. For example, if you consented to receive marketing emails, you can opt-out later. If you consented to cookies, you can change your preferences. Withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal. If you withdraw consent for a specific optional activity, we will stop that processing.
  • Right to Complaint: If you believe we have processed your personal data in violation of applicable law or your privacy rights, you have the right to lodge a complaint with a data protection supervisory authority. For EU residents, this could be the authority in your country of residence (e.g., the ICO in the UK, the CNIL in France, etc.). For UK residents, it is the Information Commissioner’s Office (ICO). For UAE residents, you may contact the UAE Data Office or relevant regulatory body once operational. We would appreciate the chance to deal with your concerns before you approach a regulator, so please consider reaching out to us first.

Exercising Your Rights: You may contact us at any time to exercise the above rights. The easiest way is to email us at welcome@imaga.co with your request (please write, for example, "Data Access Request" or "Deletion Request" in the subject line for clarity). You can also reach us via phone or mail at the contacts provided in Contact Us below. For certain requests, we may need to verify your identity to ensure that we do not disclose data to an unauthorized person (for instance, we might ask for the email associated with your account or other information to confirm your identity). We will respond to your request within the timeframe required by law (generally within one month for EU/UK requests, which may be extended by an additional two months for complex requests; and as soon as feasible for other jurisdictions). If we cannot fulfill your request in whole or part (due to a legal exception), we will explain why.

We honor the rights of individuals under all applicable privacy laws, and we generally try to accommodate requests from any user, regardless of jurisdiction, to the extent reasonable. For example, even if you are not in the EU, you can still ask to see what data we have about you or request deletion, and we will do our best to comply unless we have a legitimate reason to retain the data.

If you choose not to provide basic contact details in our forms, we may be unable to respond to your inquiry or provide requested information.

Children’s Privacy

Our Services are not intended for children or minors under the age of majority. We do not knowingly collect personal information from individuals under 18 years of age. If you are under 18, please do not use our Services or submit any personal data to us. In the event we learn that we have inadvertently collected personal data from someone under 18 (for instance, if a minor falsely represents themselves as an adult), we will promptly take steps to delete such information.

For U.S. users: We abide by the Children’s Online Privacy Protection Act (COPPA) which imposes requirements on websites that knowingly collect data from children under 13. We do not knowingly collect or solicit information from anyone under 13. If you are a parent or guardian and believe we have information about a child, please contact us so that we can remove it.

For EU users: Where applicable, we also adhere to GDPR’s provisions regarding children (the age of consent for online data processing varies between 13 to 16 in EU member states). As stated, we do not target or knowingly serve anyone under 18 on our platform. If we ever decide to expand our Services to children (for example, a feature designed for a younger audience), we will implement all required parental consent measures and update this Privacy Policy accordingly. At present, however, we target only business and general audiences and expect users to be adults.

California Privacy Rights

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights are in addition to those already explained in this Policy. In this section, we use the term “personal information” as defined in the CCPA. We also include information on rights under certain other U.S. state laws (such as Virginia’s CDPA, Colorado’s CPA, etc.), which are similar in many respects to the CCPA.

Categories of Personal Information Collected: In the past 12 months, we have collected (from California consumers using our Services) the following categories of personal information, as defined by CCPA:

– Identifiers: e.g., real name, company name, email address, telephone number, and IP address.

– Customer Records Information: e.g., contact details or any personal information you might provide in correspondence (this can include the same data as identifiers, along with any other information like job title if you provide it in a form).

– Internet or Other Electronic Network Activity: e.g., browsing history, clickstream data, pages and content viewed, timestamps, and other usage data on our website. This includes data collected via cookies and tracking pixels (device identifiers, advertising identifiers, etc.).

– Geolocation Data: We do not collect precise geolocation (e.g., GPS coordinates), but we may infer general location (e.g., city, state, or country) from your IP address when you use the site.

– Professional or Employment Information: If you provide us with your company name, job role, or other professional details in a contact form or inquiry, we collect that information. (Our Services are B2B-oriented, so you may provide business-related info which might be considered personal information if it identifies or relates to an individual.)

– Inferences: We do not profile you in ways that infer new characteristics (like creditworthiness or health). However, our advertising partners might classify you into interest segments (for example, interested in technology services) based on your online activities. We do not maintain such inference profiles internally beyond basic segmentation of our own website visitors (e.g., identifying users from a certain industry for marketing analysis). We do not collect sensitive personal information as defined under CPRA (such as Social Security Number, driver’s license number, financial account info, precise geolocation, biometric data, health or genetic data, etc.), and we do not knowingly collect information from persons under 16 years of age.

Sources of Personal Information: We collect the above categories of personal information from the following sources:

– Directly from you (the consumer) when you provide it to us (e.g., through forms or communications).

– Automatically from your devices through cookies and similar technologies when you interact with our website (as described in the Cookies section).

– Service providers or contractors working on our behalf (e.g., analytics or advertising providers may give us summarized insights).

Purposes for Collecting Personal Information: We collect and use personal information for the business and commercial purposes described in the How We Use Your Information section of this Policy. In CCPA terms, these purposes include: performing services and providing the features you requested; maintaining and improving our Services; debugging and repairing errors; analytics and research; advertising and marketing our services; security and fraud prevention; and compliance with legal obligations. We do not use personal information for purposes materially different from those disclosed.

Disclosure of Personal Information: In the preceding 12 months, we have disclosed the above categories of personal information to third parties for our business purposes. The categories of third parties to whom we disclosed information and the purposes are:

– Service Providers: We share all the above categories as needed with service providers (as defined under CCPA) that assist us in running our business. For example, we share identifiers and customer records with our cloud hosting provider and CRM platform to store data; we share internet activity data with our analytics provider (Google Analytics) to analyze usage; we may share identifiers with an email service provider if we were to send newsletters.

– Advertising/Analytics Partners: We allow internet or network activity information and identifiers (like cookie IDs or IP addresses) to be collected by third-party advertising networks and analytics companies on our site. This is done through cookies/pixels as described earlier, for purposes of serving ads and measuring effectiveness. Under CCPA’s broad definitions, this kind of data sharing for “cross-context behavioral advertising” might be considered a “sale” or “sharing” of personal information, even though we do not exchange data for money. Please see below for your opt-out rights.

– Legal or Government Entities: We may disclose any of the categories if required to comply with a law or legal process, or to protect rights and safety (as detailed in our general disclosure section).

No Sale of Personal Information for Monetary Value: We want to emphasize that we do not sell personal information to data brokers or third parties for monetary compensation. We also have not sold any personal information in the past 12 months in the ordinary meaning of “sell.” However, the CCPA’s definition of “sell” and “share” can include some transfers of data that are not for money, such as certain uses of advertising cookies. Out of an abundance of caution, we treat our use of third-party advertising cookies as a potential “sharing” of personal information (specifically, identifiers and internet activity data) for the purpose of cross-context behavioral advertising.

Right to Opt-Out of Sale/Sharing: As a California consumer, you have the right to opt out of any “sale” of your personal information, or the “sharing” of your personal information for targeted advertising purposes. Because we do not sell data for money, this right is more relevant to the advertising cookies on our site:

– If you wish to opt out of the sharing of your data with third-party advertising networks (i.e., opt out of targeted advertising cookies on our site), you can do so by rejecting advertising cookies through our cookie consent banner. You can also utilize browser-based opt-out signals like the Global Privacy Control (GPC); if our website detects a GPC signal from your browser, we will treat it as a valid opt-out request for cookies that are considered “sale/share”.

– Additionally, you may contact us at welcome@imaga.co with the subject “CCPA Do Not Sell Opt-out” or similar, and provide your details (such as any relevant identifiers like your cookie ID or email if you have provided it) and we will ensure that, to the extent we are able to identify your data, it is not shared in a manner that would be considered a sale. Note that opting out of sharing via cookies might be most effective when done through the cookie mechanism, as described, since it is immediate and applies in your browser. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age, and in fact we do not knowingly collect information from individuals under 16.

Other California Rights: Under California law, you also have the following rights:

– Right to Know: You can request that we disclose to you the specific pieces of personal information we have collected about you, as well as additional details like the categories of personal information, the categories of sources, the business or commercial purposes for collection, the categories of third parties we disclosed it to, and the categories of information sold or shared (if any).

– Right to Delete: You can request that we delete personal information we collected from you (and direct our service providers to do the same), subject to certain exceptions (for example, if the information is needed to complete a transaction you requested, to detect security incidents, for legal compliance, etc.). We have outlined our deletion practices in the Your Rights section above.

– Right to Correct: You can request that we correct inaccurate personal information that we maintain about you.

– Right to Limit Use of Sensitive Personal Information: This right applies only if a business collects “sensitive personal information” (SPI) and uses it for purposes not expressly permitted by law. As noted, we do not collect SPI (as defined by CPRA). Because we do not use SPI to infer characteristics or for any purpose outside the permitted scope, this right is not applicable. If that changes, we will provide a way for you to limit such use.

– Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you services, charge you a different price, or provide a different quality of service because you exercised your rights. (If you voluntarily participate in a financial incentive that requires the provision of personal data – which we currently do not offer – we would present terms and obtain opt-in consent, but you can opt out of such incentives at any time).

Submitting Requests: To exercise your California privacy rights (access, deletion, correction, opt-out), you or your authorized agent may submit a request to us by emailing welcome@imaga.co or calling us at +1 610 557 9515. Please include your name, contact information, and which right you seek to exercise. We will need to verify your identity (or authority of an agent) before processing substantive requests. This may involve matching information you provide with our records or asking for additional confirmation. We aim to respond within 45 days of receiving a verifiable request, and will inform you if we need more time (up to an additional 45 days).

If you have an authorized agent making a request on your behalf, we require proof of the agent’s authority (such as a signed permission from you or a power of attorney, plus verification of the agent’s identity). Direct requests by you can also be made through a password-protected account (if applicable) or via the contact methods above.

California "Shine the Light": Separately, California’s “Shine the Light” law (Civil Code §1798.83) allows residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing use without your consent. Thus, we believe we have no disclosures to provide under that law. However, if you have questions about this, you may contact us.

Other U.S. State Privacy Rights: If you are a resident of Virginia, Colorado, Connecticut, or Utah (or other states that enact privacy laws), you may have similar rights to access, correct, delete, or opt-out of certain processing of your personal data. We extend the same core rights and options described above to all users as a baseline. For example, Virginia residents have the right to opt out of targeted advertising and the sale of personal data, and to appeal a decision we make regarding a privacy request. You can exercise these rights in the same manner described for California residents (the mechanisms to contact us or opt out of cookies, etc., are the same). If you need to appeal a decision we made relating to one of your requests (for instance, if we declined to take action on a request), you can do so by replying to our response or contacting us at the email provided, with the subject "Appeal of Privacy Request," and we will review the decision in line with applicable law.

We are committed to complying with all applicable privacy laws across jurisdictions and to honoring your rights. Please reach out to us with any questions or concerns regarding your privacy rights.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. We will post any revisions on this page with a new “Last Updated” date. If the changes are significant, we may also provide a more prominent notice (such as by emailing you if we have your email on file or by placing a notice on our homepage). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If we materially change the purposes for which we collect or use personal data, or if we plan to process your personal data for new purposes not originally disclosed, we will notify you and obtain consent when required. Your continued use of the Services after the effective date of an updated Privacy Policy signifies your acceptance of the revised terms.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

Imaga

Email: welcome@imaga.co

Phone (US): +1 610 557 9515

Phone (EU – Portugal): +351 910 513 707

Phone (UAE): +971 50 883 5307

Postal Address

US: 153 N San Mateo Dr, San Mateo, 94401, California

EU, Portugal: Via do Castelo do Queijo, nº 395, 4100-429, Porto

UAE: Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai

We will be happy to assist you with any questions or issues. By contacting us, you can also request this Privacy Policy in an alternative format if needed (for accessibility or any other reasons).

Thank you for trusting Imaga with your personal data. We are dedicated to protecting your privacy and will continue to improve our measures and practices in line with the highest standards and legal requirements. Your use of our Services is subject to this Privacy Policy and Cookies Policy.