Privacy Policy

1. Introduction

ImaraDesk (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered customer support platform.

We comply with applicable data protection laws including the Kenya Data Protection Act 2019, GDPR (for EU users), and other relevant regulations.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, team size, and password when you register.
• Organization Data: Organization name, team members, and configuration settings.
• Communication Data: Messages, tickets, and conversations between you and your customers processed through our platform.
• Knowledge Base Content: Articles, FAQs, and documents you upload for AI training.
• Payment Information: Billing address and payment method details (processed by our payment provider).

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, click patterns, and interaction data.
• Device Information: IP address, browser type, operating system, and device identifiers.
• Log Data: Server logs, error reports, and performance metrics.
• Cookies: Session cookies, authentication tokens, and preference cookies.

2.3 Information from Third Parties

• OAuth Providers: When you sign in with Google, we receive your name, email, and profile picture.
• WhatsApp Business API: Phone numbers and message content from your WhatsApp channel.
• Integrations: Data from connected third-party services you authorize.

3. How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain the Service
• Process and route customer support tickets using AI
• Generate automated responses and smart replies
• Train and improve our AI models for better accuracy
• Provide analytics, reports, and insights on support performance
• Send transactional emails (account verification, password resets)
• Communicate service updates, security alerts, and support messages
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations and enforce our terms

4. AI & Data Processing

Our AI features process your data to provide intelligent ticket routing, automated responses, sentiment analysis, and analytics. Key points:

• AI processing occurs on secure cloud infrastructure with encryption in transit and at rest.
• Your data is isolated per organization — no cross-tenant data sharing.
• AI models may use anonymized, aggregated data to improve overall service quality.
• You can opt out of AI model training in your organization settings.
• We use third-party AI providers (Google Gemini, OpenAI, Anthropic) for language processing — data sent to these providers is subject to their respective privacy policies.
• No customer data is used for advertising purposes.

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Infrastructure: Hosted on AWS with SOC 2 compliant data centers.
• Access Control: Role-based access with multi-factor authentication for internal systems.
• Monitoring: 24/7 security monitoring with automated threat detection.
• Backups: Automated daily backups with 30-day retention and geo-redundancy.
• Passwords: Hashed using bcrypt with a cost factor of 12.

Data is primarily stored in AWS regions in the United States. For EU customers, we offer data residency options upon request.

6. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Cloud hosting (AWS), AI providers, email services, and payment processors who assist in operating our Service.
• Legal Requirements: When required by law, court order, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize sharing with a third party.

All third-party service providers are bound by data processing agreements and are required to maintain confidentiality.

7. Data Retention

• Active accounts: Data is retained for the duration of your subscription.
• Closed accounts: Data is retained for 30 days after closure, then permanently deleted.
• Conversation logs: Retained based on your organization’s configured retention policy (default: 12 months).
• Analytics data: Aggregated analytics may be retained indefinitely in anonymized form.
• Legal holds: Data subject to legal proceedings may be retained longer as required.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@imaradesk.com. We will respond within 30 days.

9. Cookies & Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and security (session tokens, CSRF protection).
• Functional Cookies: Remember your preferences (theme, language, layout settings).
• Analytics Cookies: Help us understand how you use the Service to improve it.

We do not use advertising cookies or third-party tracking pixels. You can manage cookie preferences through your browser settings.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to remove that information from our servers.

11. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities, to protect your data during international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will send an email notification to all registered users at least 14 days before the changes take effect.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: