Impulso.
enes

Legal

Privacy Policy

How Impulso handles personal information — for the brands we serve, the W-2 field staff we employ, and the consumers our activations reach.

Draft

Pending attorney review

EN

This page is a content skeleton, not a final legal document. A licensed attorney must draft and approve the final Privacy Policy before launch — in particular the worker GPS-tracking disclosure and employee consent, CCPA/CPRA (California), TCPA (SMS/WhatsApp marketing), and data-retention clauses.

ES

Esta página es un esqueleto de contenido, no un documento legal final. Un abogado con licencia debe redactar y aprobar la Política de Privacidad final antes del lanzamiento — en especial la divulgación de rastreo GPS de trabajadores y su consentimiento, CCPA/CPRA (California), TCPA (marketing por SMS/WhatsApp) y la retención de datos.

Draft prepared June 10, 2026 · Effective date: to be set upon attorney approval

Information we collect

Impulso handles three distinct kinds of personal information, and each is treated on its own terms. The final policy will enumerate every data field; the categories below define its structure.

Clients & brand contacts

  • Name, work email, phone, and company submitted through our contact and booking forms
  • Market, budget range, and activation details shared in a brief
  • Correspondence history kept in our CRM

Field staff (W-2 employees)

  • Identity, payroll, and tax information required of any employer
  • Alcohol-service certifications and expiration dates (RBS, TIPS, TABC, BASSET)
  • GPS location during scheduled shifts only — see section 02
  • Photos captured for event recap reports
  • Shift history and earnings records

Consumers at activations

  • Contact details shared voluntarily at events (leads and opt-ins)
  • Survey responses and product feedback
  • Participation is always voluntary and never a condition of receiving a sample

GPS & location tracking disclosure

Our staffing platform uses GPS check-in and check-out with geofencing to verify that every shift happened where and when it was booked. That verification is the backbone of the reporting we deliver to client brands — and it operates under strict limits.

When

Location is captured at check-in, at check-out, and during the scheduled shift window. Nothing more.

Why

Shift verification: confirming presence inside the geofence of the contracted venue, so clients receive proof instead of promises.

Consent

Field staff give explicit written consent during onboarding, before their first shift, and may direct questions to us at any time.

Off the clock

No tracking outside scheduled shifts. The app does not collect location data when staff are off shift, and location is never used for advertising or profiling.

Note for counsel

The final disclosure and consent language — including any state-specific employee-monitoring notice requirements and the mechanism for withdrawing consent — must be drafted by counsel before launch.

How we use data

We use personal information to run the service and to prove it ran well — nothing beyond that without consent.

Service delivery

Scheduling, staffing, and executing the activations clients book.

Verification & reporting

GPS-verified shifts, photo documentation, and recap reports delivered to the client brand that sponsored the activation.

Employment administration

Payroll, certification-expiration tracking, and shift management for our W-2 staff.

Communication

Responding to inquiries and sending messages that people have opted into.

Note for counsel

Counsel to confirm any “we do not sell or share personal information” statement against the CPRA's definitions of sale and sharing before publishing.

First-party data shared with client brands

Leads, opt-ins, and survey data captured at an activation are collected on behalf of the client brand sponsoring that activation, and are delivered to that brand. The legal basis is the consumer's consent, given at the point of capture — where the receiving brand is named — and recorded with the data.

What is shared

Consumer leads and opt-ins, survey responses, and aggregate event metrics from the sponsored activation.

What is not shared

Staff payroll or employment records, and raw GPS traces — clients receive shift-verification summaries, not location histories.

Note for counsel

Counsel to define the controller/processor (or business/service-provider) allocation between Impulso and client brands, and the corresponding contract clauses.

Cookies, analytics, CRM & messaging consent

Three systems touch data on this site and in our follow-up. Each will be detailed, with providers named, in the final policy.

Cookies & analytics

  • This site uses cookies and similar technologies for essential functionality and aggregate analytics
  • The final policy will list each provider and the available opt-out controls

CRM (GoHighLevel)

  • Form submissions and conversation history are stored in our CRM, GoHighLevel, to manage follow-up
  • CRM data is handled under the same use limits described in section 03

SMS & WhatsApp (TCPA)

  • We send marketing texts only with prior express written consent, as the TCPA requires; consent is never a condition of purchase
  • Message frequency varies; message and data rates may apply
  • Reply STOP to opt out at any time; reply HELP for help

Your rights (CCPA/CPRA)

If you are a California resident, the CCPA as amended by the CPRA gives you enforceable rights over your personal information. Residents of other states may have similar rights under their own laws.

Access

Request to know what personal information we have collected about you, and receive a copy.

Deletion

Request that we delete your personal information, subject to legal exceptions.

Correction

Request that we correct inaccurate personal information.

Opt-out

Opt out of the sale or sharing of personal information, where applicable.

Non-discrimination

Exercising any of these rights will never affect the service you receive.

To exercise any right, write to juan@impulso.agency. We will verify your request and respond within the timelines the law sets.

Note for counsel

The final policy must include the CPRA category-level disclosures, a “Do Not Sell or Share My Personal Information” mechanism if applicable, identity-verification procedures, and a review of other state privacy laws in our operating markets.

Data retention & security

We keep personal information only as long as the purposes above require, or as employment, tax, and payroll law obliges us to. A concrete retention schedule, by data category, is pending counsel review.

We protect data with access controls, encryption in transit, and vendor due diligence. No method of storage or transmission is perfectly secure, and the final policy will describe our safeguards and incident-response commitments without overstating them.

Note for counsel

Counsel to set retention periods per category — including GPS verification records and consumer opt-ins — and review the security and breach-notification language.