Legal
Privacy Policy
Last updated: March 2026
This Privacy Policy explains how Impora (“we”, “us”, or “our”) collects, uses, and protects information when you use our service at impora.app.
1. Who we are
Impora is operated by Impora Technologies (ABN 19 199 417 628).
If you have any questions about this policy, contact us at [email protected].
2. What we collect and why
Account information
We collect your name and email address when you create an Impora account.
This is used to:
- identify your account
- authenticate access
- send transactional emails (receipts, confirmations, password resets)
OAuth connections (Airtable, Google Drive, SharePoint)
When you connect a third-party account, we receive an OAuth access token scoped to the resources you authorise.
These tokens are:
- stored securely server-side and encrypted at rest
- used only to perform actions you explicitly initiate
- never shared with third parties
- revocable at any time via the relevant provider
Uploaded files
Files submitted through Impora are processed to perform validation and import.
- Uploaded files are stored securely for up to 30 days following import
- This supports troubleshooting, error investigation, and audit purposes
- Files are automatically deleted after this retention period
Import history and IP address
We store limited metadata about imports, including:
- template name
- row counts
- timestamps
- outcome (success or failure)
We also collect your IP address when you submit an import.
This is used for:
- security monitoring
- abuse prevention
Import history and associated metadata (including IP address) are retained for up to 30 days.
Billing information
Payments are processed by Stripe.
We do not store:
- card numbers
- CVV
- full payment details
We store:
- Stripe customer ID
- subscription status
- billing history
Billing records are retained for 7 years to meet legal obligations.
Usage data
We may collect limited product usage data such as:
- pages visited
- features used
- error events
This is used to:
- operate the Service
- improve reliability and performance
We do not sell your data or use it for advertising purposes.
3. Legal basis for processing (EEA/UK users)
We process personal data on the following legal bases:
- Contractual necessity — to provide the Service
- Legitimate interests — to operate, secure, and improve the Service
- Legal obligations — including financial record-keeping requirements
4. Third-party services
We use the following third-party services to operate Impora:
- Airtable — data destination for imports
- Cloudflare — website hosting and content delivery
- Google Drive — file storage integration
- HubSpot — CRM contact capture, website tracking, and waitlist attribution
- SharePoint — file storage integration
- Stripe — payment processing
- Railway — application hosting and infrastructure
- Meta — marketing analytics pixel for website page-view measurement
- SendGrid — application transactional email delivery
- Resend — waitlist confirmation email delivery
We may also use other third-party services and integrations used in connection with the Service.
These providers may process data in Australia or other jurisdictions, including the United States.
We do not sell, rent, or share your personal information with advertisers or data brokers.
5. Data retention
We retain data as follows:
- Uploaded files — up to 30 days
- Import history and IP data — up to 30 days
- Account data — retained while your account is active and up to 90 days after account closure
- Billing records — 7 years
6. International data transfers
Your data may be transferred to and processed in countries outside your jurisdiction, including Australia and the United States (where our hosting infrastructure is located in US West, California).
By using Impora, you acknowledge that your data may be processed in these locations.
7. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- access
- correction
- deletion
- portability
- objection
- withdrawal of consent
To exercise any of these rights, contact [email protected]. We will respond within 30 days.
Australian users
We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
EEA and UK users
We comply with GDPR and UK GDPR.
You have the right to lodge a complaint with your local supervisory authority.
8. Cookies
Impora uses a session cookie to keep you signed in.
The marketing website may also use analytics and marketing pixels, including Meta Pixel and HubSpot tracking, to understand page views, campaign performance, and waitlist attribution.
These technologies may be set by third-party providers and may be controlled through browser settings or any consent controls we make available.
We do not sell personal information or use product data to build advertising profiles.
We do not use:
- uploaded file contents for advertising
- Airtable data for advertising
- billing data for advertising
9. Data security
We implement reasonable technical safeguards including:
- encryption at rest
- encryption in transit (TLS)
- access controls
No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Children's data
Impora is not intended for use by individuals under 18.
We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this Privacy Policy from time to time.
When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page.
Continued use of Impora after a change constitutes acceptance of the updated policy.
12. Contact
Impora Technologies
ABN 19 199 417 628
Australia