IRM365
Privacy Policy

Privacy Policy

How IRM365 by VoxaSoft collects, uses, protects, and retains information for website visitors, trial users, customers, and tenant staff.

Last updated: June 10, 2026

1. Introduction

VoxaSoft ("we", "us", or "our") operates IRM365, a cloud-based real estate operating platform for CRM, sales, lease management, finance, property operations, reporting, and administration. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website, applications, and related services (collectively, the "Service").

If you use IRM365 on behalf of an organization, your organization controls the business data entered into its tenant. We process that tenant data to provide the Service.

2. Information We Collect

Account and contact information

We may collect names, email addresses, phone numbers, job titles, company names, branch or team details, language/timezone preferences, login credentials, support messages, and demo or trial requests.

Billing and subscription information

We may collect billing contact details, plan and seat information, invoices, payment status, renewal dates, and records needed to administer subscriptions. Card details are processed by our payment provider, such as Stripe, where applicable; we do not store full card numbers ourselves.

Customer and tenant data

IRM365 stores the business data your organization enters or imports into the platform. This may include leads, lead preferences, assignments, duplicate records, customers, companies, brokers, employees, system users, campaigns, opportunities, activities, notes, calls, tasks, sales offers, MOUs, lease contracts, invoices, receipts, payments, payables, installments, PDCs, RCDs, cash flows, commissions, projects, properties, units, ownership history, document templates, attachments, approvals, roles, permissions, audit logs, reports, and related operational records.

Integration data

When your tenant connects integrations, we may process data from or send data to configured services such as property portals, Facebook Lead Ads, TikTok, Google services, email, calendar, messaging, payment, or other third-party systems required for the integration to work.

Usage, device, and security data

We may collect logs and metadata such as IP address, browser, device, pages or features used, timestamps, referring URLs, authentication events, user agent, and error or diagnostic data. Audit logs may record who changed a business record, when, what changed, and from where.

3. How We Use Information

  • Provide, maintain, secure, and improve IRM365.
  • Create and administer accounts, tenants, users, roles, permissions, and subscriptions.
  • Import, process, display, export, and report on tenant data as requested by your organization.
  • Enable integrations, lead capture, activities, document generation, billing, and support workflows.
  • Send transactional communications, security notices, invoices, service updates, and support responses.
  • Analyze usage patterns, troubleshoot issues, prevent abuse, and maintain platform reliability.
  • Comply with legal, accounting, tax, regulatory, and contractual obligations.

4. AI-Assisted Features

IRM365 may include AI-assisted features such as lead summaries, draft messages, and suggested next actions. When these features are used, relevant tenant data may be processed to generate the requested output. AI outputs are provided to assist users and should be reviewed before being sent, relied on, or used in customer communications.

5. Security and Access Controls

We use commercially reasonable administrative, technical, and organizational measures designed to protect information, including tenant isolation, role-based permissions, encrypted connections, access controls, backups, and audit logging where applicable. Your organization is responsible for assigning appropriate roles, limiting permissions, and protecting user credentials.

No electronic transmission or storage system is completely secure. We cannot guarantee absolute security, but we work to maintain appropriate safeguards for the nature of the Service and the data processed.

6. Third-Party Sharing and Processors

We do not sell personal information. We may share information only as needed for the following purposes:

  • Service providers: hosting, infrastructure, email delivery, analytics, monitoring, support, payment processing, backups, and similar vendors.
  • Configured integrations: property portals, advertising platforms, Google services, messaging providers, payment processors, or other systems your organization connects to IRM365.
  • AI or automation providers: where AI-assisted or automation features are enabled and processing is necessary to provide the requested feature.
  • Legal and compliance: when required by law, court order, subpoena, regulator, or to protect rights, safety, security, or prevent abuse.
  • Business transfers: in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate protections.

7. Google & Microsoft Email Connections (Limited Use)

IRM365 offers an optional personal email connector that lets an agent send CRM follow-up emails from their own Gmail or Microsoft Outlook mailbox. This feature is user-initiated and opt-in.

What we access

When you connect a mailbox, we request permission to send email on your behalf (for Google, the gmail.send scope) and to read the connected account’s email address. We do not request permission to read, search, or delete your existing messages.

How we use it

We use these permissions only to send the specific emails you compose and send from within IRM365, so replies arrive in your own inbox. We do not send email automatically without your action.

What we store

We store the OAuth tokens needed to keep the connection active (held securely) and the metadata of messages sent through IRM365. You can disconnect a mailbox at any time from Settings → Mail Accounts, or revoke access from your Google or Microsoft account security settings.

IRM365’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google OAuth permissions only to provide the user-facing email-sending features you request. We do not sell Google user data, use it for advertising, or allow humans to read email content except where required for support, security, legal compliance, or with your explicit permission.

8. Cookies and Website Tracking

We use essential cookies to keep sessions active, remember preferences, and provide core functionality. With your consent, we also use analytics and performance technologies to understand how visitors use our site and to improve it.

These optional technologies include website analytics (such as Google Analytics, delivered through Google Tag Manager) and session-replay and heatmap analytics (such as Microsoft Clarity), which record anonymized interactions like clicks, scrolling, and navigation to show how pages are used. Sensitive input fields are masked and we do not use these tools to capture the content you type into forms.

Non-essential cookies load only after you accept them in our cookie banner. You can change your choice at any time by clearing this site's data in your browser, and you can manage cookies through your browser settings.

9. Data Retention

We retain account and tenant data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and support billing or operational records. Customer data is generally retained while the tenant is active and may be retained for a limited period after termination to allow export, backup recovery, or account reactivation.

Certain records may be retained longer where required or appropriate, including billing records, tax/accounting records, security logs, audit logs, backup records, and records required for legal, compliance, or dispute purposes. Audit log retention may vary by tenant policy and applicable requirements.

10. Your Rights and Choices

Depending on your location and role, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information. For tenant business data, we may direct requests to the organization that controls the relevant tenant. To exercise privacy rights, contact us at [email protected].

11. International Processing

Information may be processed in countries other than where you are located. Where required, we use appropriate safeguards for cross-border processing, such as contractual protections with service providers.

12. Children’s Privacy

IRM365 is a business service and is not intended for individuals under 18. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and update the “Last updated” date. Material changes may be communicated through the website, application, or other reasonable means.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: