Voice of Reason
HomeAboutSolutionCase StudyContact

Data Processing Policy

Effective Date: March 1, 2024

This Data Processing Policy ("Policy") explains how Voice of Reason LLC ("VoR," "we," "our," or "us") collects, processes, protects, and manages information when you or your organization use our website, web applications, APIs, or services ("Services").

Our approach prioritizes security, compliance, data minimization, and user trust.

1. Principles Governing Data Processing

We operate under the following principles when handling user and organizational data:

  • Lawfulness, Fairness, and Transparency: Data is collected and processed fairly and lawfully, with transparency regarding its use.
  • Purpose Limitation: Data is collected only for specific, legitimate purposes related to service delivery, security, and lawful improvement of our Services.
  • Data Minimization: We limit data collection to what is relevant and necessary for the intended purposes.
  • Accuracy: We strive to ensure that collected data is accurate, complete, and kept up-to-date.
  • Storage Limitation: Data is retained only as long as needed for the purposes for which it was collected.
  • Integrity and Confidentiality: Appropriate technical and organizational security measures are used to protect data against unauthorized access, alteration, disclosure, or destruction.

2. Categories of Data Processed

We process the following types of data through the VoR Services:

a) User-Provided Data

  • Account registration information (name, email, organizational affiliation)
  • Agency, departmental, or organizational metadata (jurisdiction, operational scope)
  • Submitted inputs (queries, reports, annotations, feedback)

b) System-Generated Data

  • Platform usage logs and interaction records (e.g., dashboard navigation, features used)
  • Analytical outputs (compliance scores, risk indicators, action categorizations)
  • Metadata about submitted queries (timestamps, anonymized reference numbers)

c) Automated Collection (Technical Data)

  • Device information, browser type, operating system
  • IP address and approximate geolocation (for security and fraud detection)
  • Session and authentication tokens

3. Purpose of Data Processing

We process data for the following purposes:

  • Service Provision: To authenticate users, deliver platform features, generate compliance analyses, and enable authorized access.
  • Operational Improvement: To enhance the accuracy, reliability, and usability of VoR's AI models, scoring systems, and compliance algorithms.
  • Security and Integrity: To detect, prevent, and address technical issues, fraud, misuse, or unauthorized access attempts.
  • Compliance: To comply with legal obligations, including safeguarding rights, and responding to legitimate law enforcement requests.
  • Research and Development: To conduct non-identifiable, aggregated research aimed at improving policing accountability technologies without compromising individual privacy.

4. Data Processing Activities

The specific processing activities carried out include:

ActivityDescription
Data CollectionInformation provided by users is collected through secure forms, dashboards, and service interactions.
Data StorageData is encrypted at rest and stored in highly secure, access-controlled environments hosted by reputable cloud providers.
Data AnalysisData is used by internal algorithms to cross-reference legal standards, generate insights, and refine model outputs.
Data LoggingUsage patterns and performance statistics are logged to ensure service reliability and audit readiness.
AnonymizationWhenever possible and appropriate, personal identifiers are removed or encrypted before using data for improvement activities.
Access ManagementOnly authorized personnel, bound by confidentiality agreements, are permitted to access user data based on role-based access controls.
Data Deletion and RetentionData is retained only as necessary for legal, operational, or contractual requirements and is securely deleted or anonymized upon request or upon termination of services.

5. Data Storage and Security Measures

We implement multiple layers of security to protect your information, including:

  • Secure data encryption (in transit and at rest)
  • Regular system audits and vulnerability assessments
  • Firewall protections and intrusion detection systems
  • Multi-factor authentication for administrative access
  • Segregation of data environments to prevent cross-contamination
  • Principle of Least Privilege (PoLP) applied to staff access
  • Continuous monitoring for unauthorized access attempts

Specific configurations and security architectures are confidential to protect system integrity.

6. Subprocessors and Third Parties

We may engage carefully vetted third-party service providers ("Subprocessors") to assist with data hosting, infrastructure maintenance, and analytics.

Subprocessors are contractually obligated to:

  • Maintain confidentiality
  • Follow data protection laws
  • Process data only on our documented instructions
  • Implement security measures consistent with industry best practices

An up-to-date list of subprocessors is available upon request to qualified clients.

7. International Transfers

If personal data is transferred outside of the country of origin, such transfers are governed by legally recognized mechanisms (e.g., Standard Contractual Clauses) to ensure an adequate level of protection.

VoR's primary data processing facilities are located in the United States.

8. User Rights in Data Processing

Depending on applicable jurisdiction, users may exercise the following rights:

  • Right of Access: Obtain copies of your data we process.
  • Right to Correction: Request corrections to inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of data under lawful conditions.
  • Right to Restrict Processing: Request limited use of your data under certain circumstances.
  • Right to Data Portability: Receive a copy of your data in a commonly used format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.

To exercise these rights, contact us at: ๐Ÿ“ง privacy@vors.ai

We may request identity verification before fulfilling your request.

9. Data Retention Policy

We retain personal and organizational data:

  • For as long as an account is active
  • As necessary to comply with legal, regulatory, or operational requirements
  • For improvement of non-identifiable model training unless deletion is requested

At the end of retention periods, data is securely deleted, anonymized, or aggregated.

10. Changes to This Data Processing Policy

We may update this Policy periodically to reflect legal, technical, or operational changes.

All updates will be posted publicly on our website.

Substantive changes will be communicated to registered users via email or dashboard notifications where feasible.

Contact Us

If you have any questions about this Data Processing Policy, please contact us at: privacy@vors.ai