Data Processing Policy
Effective Date: March 1, 2024
This Data Processing Policy ("Policy") explains how Voice of Reason LLC ("VoR," "we," "our," or "us") collects, processes, protects, and manages information when organizations and users access our website, applications, APIs, verification tools, or related services ("Services").
Our approach prioritizes security, compliance, data minimization, and user trust across every industry we serve.
1. Principles Governing Data Processing
We follow these principles when handling personal, operational, or organizational data:
Lawfulness, Fairness, and Transparency
Data is collected and processed fairly, lawfully, and with transparency regarding its use.
Purpose Limitation
Data is collected only for specific, legitimate purposes related to delivering, securing, and improving the Services.
Data Minimization
We limit collection to what is necessary for verification, platform operation, and authorized functionality.
Accuracy
We work to maintain accurate and up-to-date information.
Storage Limitation
Data is retained only as long as required for the purposes described in this Policy or for legal obligations.
Integrity and Confidentiality
We use strong technical and organizational safeguards against unauthorized access, alteration, disclosure, or destruction.
2. Categories of Data Processed
We process the following categories of data through the Services:
a) User-Provided Data
- Account information (name, email, organization)
- Organizational metadata (industry, operational domain, team or division details)
- Submitted content (reports, documents, queries, uploads, feedback)
b) System-Generated Data
- Interaction and usage logs
- Verification outputs (alignment checks, rule-based indicators, insights)
- Metadata associated with submitted inputs (timestamps, anonymized identifiers)
c) Technical Data Collected Automatically
- Device and browser information
- IP address and basic geolocation (security and fraud detection)
- Authentication tokens and session data
3. Purpose of Data Processing
We process data to:
Service Provision
Authenticate users, deliver verification results, operate platform features, and maintain service functionality.
Operational Improvement
Enhance the accuracy, reliability, and usability of verification logic, alignment rules, and analytical systems.
Security and Integrity
Detect, prevent, and address unauthorized access, system misuse, or technical issues.
Compliance
Meet legal obligations, respond to legitimate regulatory inquiries, and maintain audit readiness.
Research and Development
Produce aggregated, non-identifiable insights that support improvements to Verification Intelligence across industries.
4. Data Processing Activities
The Services involve these processing activities:
| Activity | Description |
|---|---|
| Data Collection | Information entered or uploaded by users is collected through secure interfaces. |
| Data Storage | Data is encrypted at rest and stored in access-controlled environments maintained by trusted cloud providers. |
| Data Analysis | Algorithms apply verification rules, alignment checks, and structured models to submitted information. |
| Logging | System events and usage patterns are logged for reliability, troubleshooting, and auditability. |
| Anonymization | Identifiers are removed whenever possible before using data for improvement or research. |
| Access Management | Only authorized personnel with role-based permissions can access data under confidentiality requirements. |
| Deletion and Retention | Data is retained only as needed and securely deleted or anonymized upon request or contract termination. |
5. Data Storage and Security Measures
VoR implements multiple layers of security, including:
- Encryption in transit and at rest
- Routine security audits and vulnerability assessments
- Firewalls and intrusion detection systems
- Multi-factor authentication for administrative access
- Segregated data environments
- Principle of Least Privilege for all staff access
- Continuous monitoring for suspicious activity
Specific architecture details are confidential for security reasons.
6. Subprocessors and Third Parties
We may engage vetted third-party providers ("Subprocessors") for hosting, infrastructure support, analytics, or related services.
All subprocessors must:
- Maintain strict confidentiality
- Follow relevant data protection laws
- Process data only on VoR's documented instructions
- Apply industry-standard security controls
A current list of subprocessors is available on request to qualified clients.
7. International Transfers
If data is transferred across borders, VoR uses recognized legal mechanisms, such as Standard Contractual Clauses, to ensure an adequate and lawful level of protection.
Our primary processing facilities are in the United States.
8. User Rights in Data Processing
Depending on jurisdiction, users may have the right to:
- Access their data
- Correct inaccurate or incomplete information
- Request deletion under lawful conditions
- Restrict certain processing activities
- Request data portability
- Object to processing based on legitimate interest
To exercise these rights, contact: privacy@vors.ai
Identity verification may be required.
9. Data Retention Policy
We retain data:
- While an account is active
- As required for legal, operational, or regulatory obligations
- For improvement of anonymized or aggregated model training
At the end of the retention period, data is securely deleted, anonymized, or aggregated.
10. Changes to This Data Processing Policy
We may update this Policy to reflect legal, technical, or operational changes. Updates will be posted on our website, and substantive changes may be communicated through email or in-platform notifications.
Contact Us
For questions about this Policy, contact:
๐ง privacy@vors.ai