Immigranta is a UK-based AI assistant that helps people understand UK immigration rules. This policy explains what personal data we collect, why we collect it, and the rights you have over it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Immigranta is operated by Ruach Technologies Ltd, a company registered in England and Wales. We are the data controller for the personal data processed via this site and the chat product.
You can reach us about anything in this policy at hello@immigranta.com. Once we have a Data Protection Officer, that contact will be listed here too.
2. What we collect
We try to collect as little as possible. The categories below are the full list:
- Account data. The email address you sign in with, and (if you sign in via Google or Apple) the basic profile name returned by that provider. We never see your social password.
- Conversation data. The questions you type into the chat and the answers Immigranta returns, so we can show you your history and let you continue past threads.
- Service logs. Standard server logs (IP address, request timestamp, user agent, error traces) kept for security, abuse prevention, and debugging.
- Communications. If you email us, we keep the message thread so we can reply and follow up.
We do not collect special-category data (health, ethnicity, religion, etc.) and we ask that you don't share that kind of detail in chat. If you do, we'll treat it sensitively but it stays subject to this policy.
3. How we use it
- To provide the chat product itself — answering your question and showing your history.
- To keep the service running and secure (rate limiting, abuse detection, error triage).
- To improve the product. This means reviewing aggregated, de-identified usage patterns and diagnosing specific bugs. We do not use your conversations to train AI models, ours or anyone else's.
- To respond to support requests and legal obligations.
4. Lawful bases under UK GDPR
- Performance of a contract (Article 6(1)(b)) — for delivering the chat product to a signed-in user.
- Legitimate interests (Article 6(1)(f)) — for security, fraud prevention, product improvement, and answering support emails. We've balanced these against your privacy rights and believe they're proportionate. You can object at any time.
- Consent (Article 6(1)(a)) — if and when we add optional analytics cookies, we'll ask first.
5. Sharing
We don't sell your personal data. We don't share it with third parties for their own marketing. The limited cases where we do share are:
- Infrastructure providers who host the site and the chat backend (e.g. cloud compute, authentication, email delivery). They process data on our instructions only, under a UK GDPR Article 28 data-processing agreement.
- AI model providers who power the chat responses. We send the question plus the relevant context, configured so the provider does not retain or train on the input.
- Law enforcement or regulators, only when we have a clear legal obligation and only the minimum required.
6. Cookies
Today the marketing site uses only the essential cookies needed for it to work (e.g.
remembering your light/dark theme preference, which is stored in localStorage).
We don't run analytics or advertising trackers right now.
In the future we may add a privacy-respecting analytics tool to help us understand which pages are useful. If we do, we'll ask for your consent through a banner before any non-essential cookie is set, and you'll be able to change your mind at any time.
7. International transfers
Some of our infrastructure providers are based outside the UK. Where personal data is transferred outside the UK, we rely on UK adequacy regulations or the International Data Transfer Agreement (IDTA) with appropriate safeguards.
8. How long we keep data
- Account data — for as long as your account is open.
- Conversation history — until you delete it from the app or close your account, then up to 30 days in cold backups before final deletion.
- Service logs — typically 30 days, longer only if needed to investigate a security incident.
- Support emails — kept while the matter is active and for two years after.
9. Your rights
Under UK GDPR you can ask us to:
- See a copy of the data we hold about you (right of access).
- Correct anything that's wrong (right to rectification).
- Delete your data (right to erasure), subject to legal obligations we have to keep it.
- Stop or limit certain processing (right to object / restriction).
- Get your data in a portable format (right to data portability).
Email hello@immigranta.com and we'll respond within 30 days. You also have the right to complain to the Information Commissioner's Office if you think we've handled your data badly — though we'd rather you came to us first so we can put it right.
10. Children
Immigranta isn't intended for under-16s. We don't knowingly collect data about children. If you believe a child has signed up, email us and we'll remove the account.
11. Changes
We'll update this policy as the product changes. Material changes will be flagged at the top of the page and (where we have your email) sent to you in advance.