Privacy Policy

Version 1.0 — Last updated: April 14, 2026

1. Information We Collect

We collect the following information when you use AppForms:

• Attorney account information: name, email address, password (stored as bcrypt hash, never in plain text), bar number, law firm name, address, and phone number.
• Client immigration data: personal information about your immigration clients that you enter into the system, including names, dates of birth, addresses, immigration status, passport information, family data, and other fields required by USCIS forms.
• Usage data: login timestamps, actions performed within the application (form creation, PDF generation), and error logs for technical support purposes.
• Payment data: subscription status and billing history. Full payment card details are handled exclusively by Paddle and are never stored on our servers.

2. How We Use Your Information

Your information is used solely to provide the AppForms service:

• Authenticating your account and maintaining session security.
• Generating USCIS form PDFs from the client data you enter.
• Processing payments and managing your subscription via Paddle.
• Sending transactional emails (password resets, billing notifications).
• Diagnosing technical issues and improving service reliability.

We do not use your data or your clients' data for advertising, profiling, or any purpose other than operating this service.

3. Data Isolation

Each attorney's data is strictly isolated. No attorney can access another attorney's clients, forms, or account information. All database queries are filtered by account ID at the server level. This isolation is a core architectural guarantee of the system.

4. Attorney Responsibilities Regarding Client Data

You, as the attorney using AppForms, are the data controller for your clients' personal information. You are responsible for:

• Obtaining appropriate consent from your clients before entering their personal data into AppForms.
• Informing your clients that their data is being processed using a cloud-based software tool operated by Impulso Software.
• Complying with all applicable privacy and data protection laws governing the handling of client information in your jurisdiction.

Impulso Software acts solely as a data processor under your direction. We do not access client data except as technically necessary to operate the service.

5. Third-Party Services

• Paddle — payment processing. Your payment data is subject to Paddle's privacy policy.
• Brevo (Sendinblue) — transactional email delivery (password resets, billing emails). Email addresses used for transactional purposes only.
• Contabo — VPS hosting provider in Germany. All application data is stored on servers operated by Contabo.

6. Data Retention

Your data is retained for as long as your account exists. Accounts are never automatically deleted. If you cancel your subscription, your data remains stored and accessible if you resubscribe. If you wish to permanently delete your account and all associated data, contact us at support@impulso.ink.

7. Security

We implement the following security measures:

• HTTPS encryption for all data in transit (Let's Encrypt TLS certificate).
• Passwords stored exclusively as bcrypt hashes — never in recoverable form.
• HTTP-only session cookies to prevent JavaScript-based session theft.
• Firewall-restricted server with no unnecessary open ports.
• Automated daily database backups with 7-day retention.

8. Your Rights

You may request access to, correction of, or deletion of your personal data and your clients' data at any time by contacting support@impulso.ink. We will respond within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you upon your next login and require your explicit acknowledgment before you can continue using the service.

10. Contact

For privacy-related questions or data requests, contact us at support@impulso.ink.