Every tool your practice runs on. One workspace.
Calendar, accounting, ImmiAccount eLodge, inbound email, AI document extraction - connect the integrations you already pay for. Encrypted OAuth, audit-logged, and disconnect-anytime.
Integrations
Plug in the tools you already use.
One-click OAuth or workspace install. Tokens encrypted at rest with a per-organisation HKDF key. Disconnect any time without losing a trace of what was synced.
Google Calendar
Bookings sync straight to your calendar
When a client books a slot via your lead form, an event lands on your Google Calendar in seconds - with attendee emails, agenda and reminders. Encrypted OAuth tokens, no third-party access.
Microsoft 365 (Outlook)
The same flow, for the Microsoft stack
Bookings push to your Outlook calendar via Microsoft Graph. Multi-tenant + personal accounts both supported. Tokens auto-refresh; revocation is one-click from the settings page.
Xero
Invoicing without the double-entry
OAuth 2 connect, 15-minute polling sync. Per-client invoice flow from CRM. Cross-client status from Accounting. Contacts auto-created on first invoice. Australian GST handled.
ImmiAccount eLodge
Auto-fill the form. One click per page.
Chrome extension that fills DHA ImmiAccount visa applications from your client records. Top-7 subclasses on launch, ⌘⏎ shortcut, audit-log integrated. Server-side automation also available for hands-off lodgement with human approval at the declaration page.
Inbound Email
Forward your firm's inbox in
Forward your firm's email address into your per-org ImmiIQ inbound (`inbox+org{N}@in.immiiq.com`). Every client email auto-attaches to that client's communications thread. SPF/DKIM/DMARC compliant.
Send From Your Own Domain
Outbound as [email protected], DKIM signed
Connect your domain and outbound client emails ship from your firm's address with proper DKIM + SPF + DMARC. Two-stage verification (DNS + sending mailbox), per-tenant deliverability tracking, auto-pause at 3% bounce / 0.08% complaint to protect your sender score with Gmail and Outlook. Inbound replies optionally mirrored to your verified mailbox so the firm keeps an external backup.
AI Document Extraction
Drop a passport. Get structured fields.
Multi-engine extraction reads passports, skills assessments and visa grants into structured client-record fields. Per-field confidence scores, low-confidence highlighted for review, MARA-grade human accountability preserved.
Webhooks
Real-time events for your stack
Subscribe to client, case, invoice and document events via signed HTTPS webhooks. Five event types, HMAC signature header, delivery logs with retry. Stream updates straight into your data warehouse or BI.
VEVO Lookup
DHA visa-status checks, prefilled
Prefilled VEVO modal - passport + DOB copied straight from the client record. Per-client check or cross-client batch run. Audit-friendly with timestamped responses.
Card payments
Payment links inside every invoice
Every invoice can carry a secure card payment link. Clients pay; ImmiIQ marks the invoice paid; Xero stays in sync. Australian Dollars, GST-aware. Processed by a PCI-compliant card processor — standard card-processing rates apply.
Pro · A$49/mo billed annually
Calendar, Xero, Email, VEVO
Every revenue-grade integration except eLodge + AI extraction. Includes secure card payment links and inbound email. (A$79/mo monthly.)
Premium · Custom
ImmiAccount eLodge + AI Document Extraction
Auto-fill Australian visa applications. Extract passport / skills assessment / visa grant fields with the hybrid AI pipeline. Bundled with the capacity uplift your firm needs.
Enterprise
Webhooks, custom integrations, SLA
Build your own connectors via signed HTTPS webhooks. Talk to us about MYOB, QuickBooks, Twilio SMS, custom auth.
Frequently asked
Are the integrations included in the price or do they cost extra?
Calendar (Google + Outlook), Xero, Inbound Email, Send From Your Own Domain, VEVO Lookup and Card Payments are included in every paid plan including Pro (A$49/mo billed annually, A$79/mo monthly). The ImmiIQ eLodge Chrome extension and AI Document Extraction are Premium features - Premium is a custom package, contact us for a price tailored to your firm's capacity. Webhooks are Enterprise.
How are credentials and OAuth tokens stored?
Every connected integration's access + refresh tokens are AES-256-GCM encrypted with a per-organisation HKDF key derived from AUTH_SECRET. Plaintext tokens never touch the database or logs. The encryption is symmetrical between the app server and the Cloudflare worker that pushes events.
Can I disconnect an integration at any time?
Yes. From Settings → Integrations, click Disconnect on any tile. The encrypted token row is deleted from our database immediately and we don't keep any further reference to the connected account. You can also revoke access from your Google/Microsoft/Xero account directly - we handle that gracefully on the next refresh attempt by marking the connection invalid.
What happens when an OAuth token expires?
Access tokens for Google Calendar and Microsoft 365 expire roughly hourly. We store the refresh token alongside and automatically exchange it for a new access token within 60 seconds of expiry. Microsoft rotates refresh tokens on each refresh; we persist the new one. Google reuses the original. Either way, the agent doesn't have to re-auth unless they revoke access on the provider side.
Will my client data leave Australia?
Application data lives on a managed Postgres instance hosted in Sydney (ap-southeast-2). Edge runtime serves the API globally but the database row that holds the encrypted credentials never leaves Australia. OAuth integrations call Google / Microsoft / Xero APIs over HTTPS - those providers route via their own infrastructure but no client PII is sent to them beyond what's intrinsic to the operation (e.g. the attendee email on a calendar invite). Sub-processors are listed in our privacy policy.
Can I build my own integration via webhooks?
Yes. Webhooks are an Enterprise feature. Subscribe to client.created, case.staged, invoice.paid, document.uploaded and webhook.test events. Each delivery carries an HMAC-SHA256 signature in the X-ImmiIQ-Signature header. We retry up to 5 times with exponential backoff and surface the delivery log in your dashboard.
What integrations are coming next?
Twilio (SMS), MYOB (alongside Xero), QuickBooks Online, Zapier (general automation) and a public REST API are on the roadmap. Send us the list of tools your practice depends on and we prioritise based on real customer signal.
Bring the tools you already pay for.
7-day free trial of Premium. Connect everything in five minutes. Cancel any time.