Legal

Privacy Policy

Last updated: March 29, 2026

1. Introduction

Vora Technology LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our AI-powered CRM platform ("Vora Platform").

2. Information We Collect

Account Information

When you create a Vora Platform account or use our services, we collect:

  • Name and business name
  • Email address
  • Phone number
  • Company information and industry
  • Billing and payment information (processed by Stripe)

Data You Provide Through the Platform

As you use Vora Platform, you may provide:

  • Customer and lead contact information
  • Business documents, notes, and communications
  • Service and appointment records
  • AI employee configurations and preferences

Data from Connected Third-Party Services

When you connect third-party services (such as Gmail or Google Business Profile), we access and store data from those services as described in the "Google API User Data" section below. You authorize this access through industry-standard OAuth 2.0 consent flows.

Automatically Collected Information

When you visit our website or use our platform, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages viewed and time spent on pages
  • Access times and dates

3. Google API User Data

Vora Platform integrates with Google services to power its AI employee features. This section describes what Google user data we access, how we use it, how we store it, and how you can revoke access.

Gmail Data

When you connect your Gmail account, we request the following permissions:

  • Read your email (gmail.readonly) — Our AI Email Responder reads incoming emails from leads and customers to understand their questions and draft contextually appropriate responses.
  • Send email on your behalf (gmail.send) — The AI Email Responder sends replies and follow-up emails to customers on your behalf. Every email sent is logged in your activity feed.
  • Manage your email (gmail.modify) — After processing an email, the AI agent marks it as read and archives it from your inbox to prevent duplicate processing. No emails are deleted.
  • Manage your email labels (gmail.labels) — The AI agent creates and applies labels (e.g., "Lead," "Support," "Follow-up") to categorize processed emails for easy reference.

Google Business Profile Data

When you connect your Google Business Profile, we request the following permissions:

  • Manage your Google Business Profile (business.manage) — We sync your business locations (name, address, phone, hours, categories) into your Vora dashboard. This enables AI agents to monitor and respond to Google reviews on your behalf.
  • See your email address (userinfo.email) — Used to identify which Google account you connected. Displayed in your integration settings.
  • See your personal info (userinfo.profile) — Used to retrieve your account display name for labeling the connection in your dashboard.

Google Calendar Data

When you connect your Google Calendar, we request the following permissions:

  • View and edit events on your calendars (calendar.events) — Our AI Scheduler reads and creates calendar events to manage appointments, avoid double-bookings, and sync your schedule. Events created through Vora's booking pages are automatically added to your Google Calendar, and existing events are checked to prevent scheduling conflicts.

Google Tasks Data

When you connect Google Tasks, we request the following permissions:

  • Create, edit, and delete your tasks (tasks) — Our AI employees create follow-up tasks on your behalf (e.g., "Call back customer," "Send quote") and mark them complete when handled. Tasks are organized into dedicated task lists per AI employee so they don't mix with your personal tasks.

How We Store Google User Data

All OAuth tokens (access tokens and refresh tokens) are encrypted at rest using AES-256-GCM encryption before being stored in our PostgreSQL database. Tokens are never stored in plaintext. Access tokens expire after one hour; we use refresh tokens to obtain new access tokens automatically without requiring you to re-authorize.

How to Revoke Access

You can disconnect your Gmail, Google Business Profile, Google Calendar, or Google Tasks integration at any time from your Vora dashboard under Settings → Integrations. When you disconnect, we immediately delete all stored OAuth tokens from our database. You may also revoke access directly from your Google Account permissions page.

Limited Use Disclosure

Vora Platform's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve the features described above (AI-assisted email handling, business profile management, calendar scheduling, and task management).
  • We do not transfer Google user data to third parties, except as necessary to provide the service, comply with applicable law, or as part of a merger/acquisition with adequate data protection.
  • We do not use Google user data for advertising purposes.
  • Humans do not read your Google user data unless you provide explicit affirmative consent for specific messages, it is necessary for security purposes (e.g., investigating abuse), it is required by law, or the data is aggregated and anonymized for internal operations.

4. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Vora Platform, including AI employee features
  • Process customer communications on your behalf via AI agents
  • Respond to your inquiries and provide customer support
  • Process billing and subscription management
  • Improve our platform and develop new features
  • Send service-related notifications and updates
  • Send marketing communications (with your consent)
  • Prevent fraud and ensure platform security

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

Service Providers

We use third-party service providers to operate our platform, including cloud hosting (Hetzner), payment processing (Stripe), email delivery (Resend, SendGrid), and AI model providers (Google, Anthropic, OpenAI). These providers process data only as necessary to provide their services and are bound by confidentiality obligations.

AI Model Providers

When our AI employees process your data (such as drafting email replies), the content may be sent to AI model providers (Google Gemini, Anthropic Claude, or OpenAI) for processing. We do not send OAuth tokens or credentials to these providers. AI providers process data according to their own privacy policies and enterprise terms.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your data is subject to a different privacy policy.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • AES-256-GCM encryption for OAuth tokens and sensitive credentials at rest
  • TLS encryption for all data in transit
  • Rate limiting and brute-force protection
  • Per-organization data isolation (multi-tenant architecture)
  • Automatic session management and two-factor authentication (2FA)

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information and account
  • Disconnect any third-party integrations and delete associated tokens
  • Export your data
  • Opt-out of marketing communications
  • Object to processing of your personal information

To exercise these rights, please contact us at hello@voratechnology.com.

8. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to collect information about your browsing activities. You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. Third-Party Links

Our website and platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

11. International Data Transfers

Your information is processed and stored on servers located in the United States. If you are accessing our services from outside the United States, your information may be transferred to and processed in the United States. By using our services, you consent to such transfers.

12. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you delete your account, we delete or anonymize your data within 30 days, except where retention is required by law. OAuth tokens for disconnected integrations are deleted immediately upon disconnection.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: