Solutions Impact Web
Privacy policy
Last updated: September 24, 2025
This policy describes our privacy practices, how we comply with Law 25, and the safeguards in place to protect your personal information.
Purpose of this policy
This policy explains how Web Impact Solutions collects, uses, stores, and protects personal information in compliance with Quebec Law 25 and Canadian privacy legislation.
We only collect the data required to provide our bilingual web agency services, perform diagnostics, and communicate with clients or prospects.
Personal information collected
Contact forms: name, email, company, phone (optional), project details, and consent preferences.
Scheduling: preferred time slot, meeting agenda, and optional notes to prepare our consultation.
Chatbot: name, email, chat messages, and project information (collected only after explicit consent to enable chat).
Google Analytics 4: aggregated traffic metrics, page views, user interactions, and conversion events captured only when visitors accept analytics cookies. We use Google Analytics to measure website performance, understand user behavior, and improve our services.
Google Business Profile: profile views, search queries, actions (calls, directions, website clicks), and messaging interactions. These statistics are aggregated and used to improve our local presence and service delivery.
Google Search Console: search performance data including impressions, clicks, and indexing status. This helps us monitor and improve our website's visibility in search results.
Published content: blog posts, FAQ pages, and other public content may reference general industry practices or anonymized case studies. Personal information is never published without explicit consent.
Legal bases and use of data
We process personal information on the basis of consent, contractual necessity, and legitimate interest when assisting existing clients.
Data is used to schedule consultations, deliver proposals, execute projects, send agreed-upon communications, and maintain platform security.
Retention and safeguards
Project records are retained for seven years to satisfy legal, tax, and audit obligations. Lead records without engagement are purged after eighteen months.
Consent logs are retained for at least one year as required by Law 25. After one year, logs may be anonymized or deleted unless required for legal purposes.
We apply encryption at rest, access controls, and least-privilege administration across our infrastructure and subcontractors.
Your rights and how to exercise them
You may request access, rectification, portability, or deletion of your personal information at any time. Contact us via privacy@solutionsimpactweb.com or by using the data request form below.
We respond to all formal data requests within 30 days as required by Law 25. Identity verification may be required to protect your information.
For Google Analytics data: You can request access to or deletion of your analytics data. We will process these requests within 30 days and coordinate with Google to ensure your data is handled according to your request.
For Google Business Profile data: Profile interaction data is generally aggregated, but you can request information about how your interactions are processed. We respond to these requests within 30 days.
For chatbot data (Crisp): You can request access or deletion of your chat history and contact information. We process these requests within 30 days and will coordinate with Crisp to ensure your data is removed from their systems as well.
For email marketing data (MailerLite): You can request access or deletion of your email subscription data at any time. We use double opt-in confirmation, and you can unsubscribe directly from any email using the unsubscribe link. We process deletion requests within 30 days and coordinate with MailerLite to ensure your data is removed.
For operational data (Supabase): Leads, bookings, payments, and consent logs are stored in our internal database. You can request access or deletion of your data at any time. We process these requests within 30 days and will remove your data from our systems. Consent logs are retained for at least one year as required by Law 25, but can be anonymized upon request.
For payment data (Stripe): Payment information is processed by Stripe in compliance with PCI-DSS standards. You can request information about your payment transactions. We process these requests within 30 days and coordinate with Stripe as needed.
Data transfers outside Quebec
Some subcontractors operate infrastructure in the United States or the European Union. Contracts include standard contractual clauses and security reviews to guarantee equivalent protection.
We maintain an updated assessment of vendors to confirm their compliance with Law 25, GDPR, and applicable data protection frameworks.
Contact the privacy officer
Privacy Officer: Daniel Germain, Founder.
Email: privacy@solutionsimpactweb.com
Postal address: 400 Rue Montfort, Suite 220, Montreal, QC, H3C 4J8, Canada.
Subcontractor registry
We keep an up-to-date list of vendors that support our operations. Each vendor is reviewed against Law 25 and GDPR requirements.
| Vendor | Service | Purpose | Data handled | Location |
|---|---|---|---|---|
Vercel Privacy policy | Hosting and deployment | Provides secure hosting, serverless functions, and edge caching for the public website. |
| United States (ISO certifications, SOC 2 compliant) |
Resend Privacy policy | Transactional email delivery | Sends confirmation and follow-up emails requested by prospects or clients via contact forms. |
| United States (SOC 2 Type II, GDPR commitments) |
MailerLite Privacy policy | Email marketing automation | Hosts optional newsletters and drip sequences activated only after explicit double opt-in confirmation. We use double opt-in to ensure consent is verified before adding contacts to our email lists. |
| European Union (GDPR compliant, ISO 27001) |
Cal.com Privacy policy | Consultation scheduling | Handles booking slots for diagnostics and discovery workshops. |
| United States and European Union data centers |
Supabase Privacy policy | Database and authentication services | Provides secure database storage for leads, bookings, payments, consent logs, and operational tasks. All data is stored in Canada Central region to comply with Law 25 requirements. Consent logs are retained for at least one year as required by Law 25. |
| Canada Central (SOC 2 Type II, GDPR compliant) |
Stripe Privacy policy | Payment processing | Processes secure online payments for our service packages (one-time and monthly subscriptions). Stripe handles payment card data in compliance with PCI-DSS standards. Payment records are logged to our internal database for operational tracking. |
| United States (PCI-DSS Level 1 certified, SOC 2 Type II) |
Sentry Privacy policy | Application monitoring | Collects anonymised error events to keep the platform reliable. |
| European Union data storage (Frankfurt) with US processing safeguards |
Crisp Privacy policy | AI chatbot and live chat support | Provides bilingual AI receptionist and live chat functionality. Processes chat messages and contact information only after explicit user consent. |
| European Union (GDPR compliant, ISO 27001) |
Google LLC Privacy policy | Google Analytics 4, Google Business Profile, Google Search Console | Google Analytics 4 provides website traffic analysis and user behavior insights. Google Business Profile manages our local presence and customer interactions. Google Search Console monitors search performance and indexing. All analytics services are activated only after explicit user consent to analytics cookies. |
| United States (with equivalent protection guarantees, GDPR commitments) |
Request form
Use the data request form to access, correct, or erase your information. We acknowledge every request within seven days.
Update your preferences
You can adjust non-essential cookies at any time. We log your consent choices for a maximum of 12 months.