Privacy Policy
Last updated: March 12, 2026 · Effective immediately
Your vault passwords are encrypted on your device before reaching our servers. We are technically incapable of reading them — not even our engineers. That is the foundation of Impera.
This Privacy Policy explains how Impera Network, Inc. collects, uses, stores, and protects your personal information when you use the Impera cybersecurity platform. We take your privacy seriously — our entire architecture is designed to minimize what we can see.
Information We Collect
Email Address: We collect your email when you create an account. This is used for login, account notifications, security alerts, and account recovery. We do not sell your email to third parties.
Encrypted Password Vault Data: When you use our password vault, your passwords are encrypted on your device using zero-knowledge encryption before being sent to our servers. We never have access to your plaintext passwords — not even our engineers.
Threat Statistics: We track aggregate counts of threats blocked by our extension to display in your personal dashboard. This data is anonymized and cannot be linked back to specific URLs or browsing sessions.
Device & Browser Information: We collect basic device information (OS version, browser type and version) to ensure compatibility, provide customer support, and improve the extension. We do not use this for advertising.
Payment Information: Payment processing is handled entirely by Stripe, Inc. We receive a Stripe customer ID and subscription status — we never see or store your credit card number, CVV, or full billing address.
Information We Do NOT Collect
❌ Browsing History: We never track, store, or log the websites you visit. Our extension checks URLs against threat databases in real-time without logging your browsing behavior.
❌ Personal Identifiers: We do not collect your full name, home address, phone number, date of birth, or any government-issued identification numbers beyond what Stripe may require for payment processing.
❌ Plaintext Passwords: Your vault uses AES-256-GCM encryption with client-side key derivation. The encryption key never leaves your device. We are technically incapable of reading your vault contents.
❌ Location Data: We do not collect GPS location, precise IP geolocation, or any other location data beyond what is inherent in your internet connection.
❌ Biometric Data: We do not collect fingerprints, facial recognition data, or any other biometric information.
How We Use Your Data
Account Management: Your email is used to authenticate you, send important account notifications (subscription renewals, payment issues, plan changes), and provide account recovery options.
Security Alerts: If our dark web monitoring detects your email or associated accounts in a data breach, we will alert you immediately via email.
Service Delivery: Threat statistics, device information, and extension behavior data are used exclusively to provide the Impera security service — protecting you from phishing, malware, and scams in real-time.
Product Improvement: Aggregated, anonymized threat pattern data helps us improve detection accuracy. For example, identifying new phishing campaign patterns improves protection for all users.
Customer Support: We may use your email and technical information to diagnose and resolve support requests you submit to support@impera.network.
Third-Party Services
Stripe: All payment processing is handled by Stripe, Inc. Your payment information goes directly to Stripe via their secure SDK and is never transmitted to or stored on Impera servers. Stripe's privacy policy is available at stripe.com/privacy.
Resend: We use Resend to send transactional emails (welcome emails, security alerts, billing notifications). Your email address is shared with Resend solely for email delivery purposes under a data processing agreement.
PhishTank / URL Threat Feeds: Our extension checks URLs against threat intelligence databases to detect phishing and malicious sites. URL hashes (not full URLs) are sent for lookup. No personal information accompanies these requests.
Infrastructure: Our backend services run on Railway and Vercel. Data is stored in encrypted databases with automated backups. These providers operate under their own privacy policies and are bound by data processing agreements with Impera.
Data Security
All data is transmitted over HTTPS (TLS 1.2 or higher) and encrypted in transit.
Account passwords are hashed using bcrypt with a work factor designed to resist brute-force attacks.
Vault passwords use AES-256-GCM encryption with PBKDF2 key derivation performed client-side. The encryption key is derived from your master password and never transmitted.
Our infrastructure is hosted with providers that maintain SOC 2 Type II compliance and automated daily backups.
We conduct regular security reviews and encourage responsible disclosure of vulnerabilities at support@impera.network.
Your Rights
Access: You can request a complete export of all data we hold about you at any time by emailing support@impera.network. We will respond within 30 days.
Correction: You can update your email address and account preferences directly in your account settings.
Deletion: You can delete your account at any time from account settings or by contacting support@impera.network. Deletion triggers permanent erasure of your data within 7 days per our retention policy.
Export: You can export your encrypted vault data as a JSON file at any time from your account settings.
Opt-out: You can disable non-essential email notifications from your account notification preferences. Transactional emails related to security and billing cannot be disabled.
GDPR / CCPA: If you are located in the European Economic Area or California, you have additional rights under GDPR or CCPA respectively. Contact support@impera.network to exercise these rights.
Data Retention
Active Accounts: Your data is retained for the duration of your active subscription plus a 30-day grace period after cancellation.
Cancelled Accounts: If you cancel your subscription, your data is retained for 30 days to allow for reactivation. After 30 days, your data is scheduled for permanent deletion.
Deleted Accounts: When you delete your account, all personal data is permanently and irreversibly deleted within 7 business days. Anonymized, aggregated statistics may be retained indefinitely.
Legal Holds: In certain circumstances, we may be required to retain data longer to comply with legal obligations or resolve disputes.
Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have privacy concerns, please contact us:
Impera Network, Inc. Privacy Inquiries: support@impera.network Website: impera.network
We aim to respond to all privacy inquiries within 2 business days. For GDPR data subject requests, we will respond within 30 days as required by law.
This Privacy Policy was last updated on March 12, 2026. We will notify you via email of any material changes to this policy.
Privacy questions or data requests? support@impera.network