Regulatory ImpactRegulatory Impact
Legal

Privacy Policy

Effective Date: June 16, 2026Last Updated: June 16, 2026

This Privacy Policy explains how Regulatory Impact collects, uses, discloses, retains, and protects personal information when you use RegulatoryImpact.com and related products, websites, dashboards, reports, tools, integrations, and services.

This Policy applies to the Service and to communications with us. It does not apply to third-party websites, services, databases, or platforms that we do not control.

1. Personal Information We Collect

Account and Profile Information

  1. Name;
  2. Email address;
  3. Organization name;
  4. Job title or role;
  5. Login credentials or authentication information;
  6. Subscription plan;
  7. Account settings; and
  8. User preferences.

Billing and Transaction Information

  1. Billing name;
  2. Billing address;
  3. Payment method details;
  4. Transaction history;
  5. Subscription status;
  6. Tax information where applicable; and
  7. Invoice and receipt information.

We do not intend to store full payment card numbers on our own systems. Payment information may be processed by third-party payment processors.

Usage, Device, and Log Information

  1. IP address, browser type, device type, and operating system;
  2. Referring pages, pages viewed, features used, and search queries;
  3. Time and date of access, session activity, error logs, and approximate location derived from IP address;
  4. Usage patterns, diagnostics, and performance data.

Content You Submit

  1. Search terms and prompts;
  2. Saved projects, notes, uploaded files, product lists, and regulatory research inputs;
  3. User-generated labels, tags, or annotations;
  4. Support messages, feedback, and other information you choose to provide.

You should not submit protected health information, patient-level data, confidential regulatory submissions, trade secrets, or other sensitive information unless we expressly permit it in writing.

Cookies and Similar Technologies

We may collect information using cookies, pixels, local storage, analytics tags, session replay tools, or similar technologies to keep you signed in, remember preferences, measure site traffic, understand feature usage, improve performance, detect fraud or abuse, troubleshoot errors, and evaluate product effectiveness.

Integrations and Third-Party Connections

If you choose to connect an integration, data source, account, API, or third-party service, we may collect information from that source as authorized by you and as needed to provide the Service.

2. How We Collect Information

  1. Directly from you when you create an account, subscribe, upload information, contact support, or use Service features;
  2. Automatically through usage logs, cookies, analytics tools, security tools, and similar technologies;
  3. From payment processors and vendors involved in billing or account administration;
  4. From integrations or third-party services you connect;
  5. From public sources used to provide regulatory intelligence and data products; and
  6. From your organization if it creates or manages your account.

3. How We Use Personal Information

  1. Provide, operate, maintain, and improve the Service;
  2. Create and manage accounts and authenticate users;
  3. Process subscriptions, payments, invoices, and renewals;
  4. Deliver regulatory intelligence, search results, analytics, reports, dashboards, and generated outputs;
  5. Save user preferences and projects;
  6. Provide customer support and respond to inquiries, requests, and feedback;
  7. Monitor performance, diagnose errors, and improve reliability;
  8. Analyze feature usage and product effectiveness;
  9. Protect against fraud, abuse, unauthorized access, and security threats;
  10. Enforce our Terms of Service and comply with legal, tax, accounting, and regulatory obligations;
  11. Communicate service updates, administrative notices, billing notices, legal notices, and security alerts; and
  12. Develop new features, datasets, tools, and services.

4. How We Share Personal Information

Service Providers and Vendors

We may share information with vendors that help us operate the Service, including hosting, cloud infrastructure, database and storage, analytics, payment, authentication, email, support, security, monitoring, error logging, professional adviser, and contractor providers.

Your Organization

If your account is associated with an organization, we may share account, usage, subscription, and administrative information with authorized organization administrators.

Integrations You Authorize

If you connect a third-party integration, we may share information with that integration as necessary.

Legal, Compliance, and Protection Purposes

We may disclose information when needed to comply with law, enforce our Terms, protect rights, safety, security, or property, investigate fraud or security incidents, prevent harm, or establish, exercise, or defend legal claims.

Business Transfers

If the operation, assets, ownership, or control of Regulatory Impact is transferred, reorganized, financed, sold, merged, or otherwise changed, personal information may be disclosed or transferred as part of that transaction.

5. Sale or Sharing of Personal Information

We do not sell personal information for money.

Some privacy laws define “sale,” “sharing,” or “targeted advertising” broadly. If we use analytics or tracking technologies that are considered a sale, sharing, or targeted advertising under applicable law, you may have the right to opt out.

6. Cookies and Tracking

We may use strictly necessary cookies to operate the Service. We may also use analytics or performance cookies to understand how users interact with the Service.

  1. Maintain sessions and login status;
  2. Remember user preferences;
  3. Measure page views and feature usage;
  4. Understand how users find the Service;
  5. Diagnose errors and improve performance;
  6. Detect suspicious activity; and
  7. Improve product design and content.

You can control cookies through your browser settings. Blocking cookies may affect Service functionality. If we use optional analytics or tracking tools, we may provide additional controls, consent notices, or opt-out mechanisms where required by law.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, and support legitimate business needs.

  1. Account information may be retained while your account is active;
  2. Billing records may be retained as required for tax, accounting, and compliance purposes;
  3. Usage logs may be retained for security, diagnostics, analytics, and operational purposes;
  4. Support communications may be retained to manage customer service history;
  5. Backups may persist for a limited period before deletion through normal backup cycles; and
  6. Aggregated or de-identified information may be retained for product improvement, analytics, and business purposes.

You may request deletion of personal information, subject to legal, security, contractual, and operational limitations.

8. User Rights and Choices

Depending on your location and applicable law, you may have rights to:

  1. Access personal information we hold about you;
  2. Correct inaccurate personal information;
  3. Delete personal information;
  4. Restrict or object to certain processing;
  5. Opt out of sale, sharing, or targeted advertising where applicable;
  6. Receive a copy of certain personal information in a portable format; and
  7. Appeal a decision regarding a privacy request where applicable.

To exercise privacy rights, contact support@regulatoryimpact.com with the subject line “Privacy Request.” We may need to verify your identity before fulfilling a request.

9. Security Practices

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These may include access controls, encryption in transit, vendor controls, monitoring, authentication, backups, and security review practices.

No system is completely secure. If you believe you have discovered a security issue, contact support@regulatoryimpact.com with the subject line “Security Issue.”

10. International Transfers

Regulatory Impact is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States or other countries where we or our vendors operate.

11. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact support@regulatoryimpact.com.

12. Third-Party Links and Sources

The Service may link to or display information from third-party websites, databases, APIs, and services. We are not responsible for the privacy practices, security, content, or accuracy of third-party services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new “Last Updated” date. If changes are material, we may provide additional notice through the Service, by email, or by another reasonable method.

14. Contact for Privacy Requests

For privacy questions or requests, contact:

Regulatory ImpactEmail: support@regulatoryimpact.comSuggested subject line: Privacy Request

For security issues, use the subject line “Security Issue.” For billing issues, use “Billing Help.” For legal questions, use “Legal Question.”