Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Impora (“we”, “us”, or “our”) collects, uses, and protects information when you use our service at impora.app.

1. Who we are

Impora is operated by Impora Technologies (ABN 19 199 417 628).

If you have any questions about this policy, contact us at [email protected].

2. What we collect and why

Account information

We collect your name and email address when you create an Impora account.

This is used to:

  • identify your account
  • authenticate access
  • send transactional emails (receipts, confirmations, password resets)

OAuth connections (Airtable, Google Drive, SharePoint)

When you connect a third-party account, we receive an OAuth access token scoped to the resources you authorise.

These tokens are:

  • stored securely server-side and encrypted at rest
  • used only to perform actions you explicitly initiate
  • never shared with third parties
  • revocable at any time via the relevant provider

Uploaded files

Files submitted through Impora are processed to perform validation and import.

  • Uploaded files are stored securely for up to 30 days following import
  • This supports troubleshooting, error investigation, and audit purposes
  • Files are automatically deleted after this retention period

Import history and IP address

We store limited metadata about imports, including:

  • template name
  • row counts
  • timestamps
  • outcome (success or failure)

We also collect your IP address when you submit an import.

This is used for:

  • security monitoring
  • abuse prevention

Import history and associated metadata (including IP address) are retained for up to 30 days.

Billing information

Payments are processed by Stripe.

We do not store:

  • card numbers
  • CVV
  • full payment details

We store:

  • Stripe customer ID
  • subscription status
  • billing history

Billing records are retained for 7 years to meet legal obligations.

Usage data

We may collect limited product usage data such as:

  • pages visited
  • features used
  • error events

This is used to:

  • operate the Service
  • improve reliability and performance

We do not sell your data or use it for advertising purposes.

3. Legal basis for processing (EEA/UK users)

We process personal data on the following legal bases:

  • Contractual necessity — to provide the Service
  • Legitimate interests — to operate, secure, and improve the Service
  • Legal obligations — including financial record-keeping requirements

4. Third-party services

We use the following third-party services to operate Impora:

  • Airtable — data destination for imports
  • Cloudflare — website hosting and content delivery
  • Google Drive — file storage integration
  • HubSpot — CRM contact capture, website tracking, and waitlist attribution
  • SharePoint — file storage integration
  • Stripe — payment processing
  • Railway — application hosting and infrastructure
  • Meta — marketing analytics pixel for website page-view measurement
  • SendGrid — application transactional email delivery
  • Resend — waitlist confirmation email delivery

We may also use other third-party services and integrations used in connection with the Service.

These providers may process data in Australia or other jurisdictions, including the United States.

We do not sell, rent, or share your personal information with advertisers or data brokers.

5. Data retention

We retain data as follows:

  • Uploaded files — up to 30 days
  • Import history and IP data — up to 30 days
  • Account data — retained while your account is active and up to 90 days after account closure
  • Billing records — 7 years

6. International data transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including Australia and the United States (where our hosting infrastructure is located in US West, California).

By using Impora, you acknowledge that your data may be processed in these locations.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • access
  • correction
  • deletion
  • portability
  • objection
  • withdrawal of consent

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

Australian users

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

EEA and UK users

We comply with GDPR and UK GDPR.

You have the right to lodge a complaint with your local supervisory authority.

8. Cookies

Impora uses a session cookie to keep you signed in.

The marketing website may also use analytics and marketing pixels, including Meta Pixel and HubSpot tracking, to understand page views, campaign performance, and waitlist attribution.

These technologies may be set by third-party providers and may be controlled through browser settings or any consent controls we make available.

We do not sell personal information or use product data to build advertising profiles.

We do not use:

  • uploaded file contents for advertising
  • Airtable data for advertising
  • billing data for advertising

9. Data security

We implement reasonable technical safeguards including:

  • encryption at rest
  • encryption in transit (TLS)
  • access controls

No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's data

Impora is not intended for use by individuals under 18.

We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time.

When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page.

Continued use of Impora after a change constitutes acceptance of the updated policy.

12. Contact

[email protected]

Impora Technologies
ABN 19 199 417 628
Australia