Privacy Policy

Last updated: April 2026

1. Introduction

Vora Technology ("Vora", "we", "us", or "our") operates the Vora Platform, an AI-powered CRM for service businesses. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services at app.voratechnology.com and related services.

2. Data We Collect

Account Information

When you sign up, we collect your name, email address, company name, and password (hashed using bcrypt). If you sign up with Google, we receive your name and email from Google OAuth; no password is stored.

CRM Data

Data you enter into the platform, including customer contact information (names, emails, phone numbers, addresses), deals, tasks, notes, conversations, and activity history.

Integration Credentials

OAuth tokens and API keys for connected services (Gmail, Google Calendar, Stripe, Twilio, Canva, Ayrshare, QuickBooks, WordPress) are encrypted at rest using AES-256-GCM or Fernet encryption.

Voice and Communication Data

If you use the AI voice or messaging features, we process call metadata, transcriptions, SMS messages, and voicemails. Phone numbers in server logs are masked for privacy.

Usage Analytics

We use PostHog for product analytics. Analytics are only collected after you explicitly grant consent. Without consent, PostHog operates in memory-only mode with no pageview capture, no session recording, and no persistent tracking.

3. Data Retention

We retain your account data for as long as your account is active. When you delete your account, your data is soft-deleted immediately and permanently purged after 90 days. This applies to all core tables including customers, deals, tasks, conversations, AI employee records, caller profiles, and industry-specific data.

Transactional records (activity logs, email logs, SMS messages, voicemails, campaign enrollments) older than 90 days are automatically purged regardless of account status.

4. How We Use Your Data

  • Provide and operate the CRM platform and AI features
  • Process your business communications (voice, SMS, email)
  • Generate AI-powered insights, reports, and recommendations
  • Manage billing and subscription services via Stripe
  • Send transactional emails (verification, password reset, notifications)
  • Improve the platform based on aggregated, anonymized usage patterns

We do not sell your personal data. Marketing communications are opt-in only and default to disabled at signup.

5. Your Rights

You have the following rights regarding your personal data:

  • Access: Export your data at any time via Settings > Export Data (CSV or XLSX format)
  • Rectification: Update your profile information, customer records, and other data directly in the platform
  • Erasure: Delete your account from Profile > Danger Zone. All data is soft-deleted immediately and permanently purged after 90 days
  • Portability: Download your customers, deals, and tasks data in standard CSV or XLSX format
  • Withdraw Consent: Revoke analytics consent at any time; disconnect integrations from Settings

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS) and sensitive credentials are encrypted at rest (AES-256-GCM)
  • Passwords are hashed using bcrypt with per-user salts
  • Two-factor authentication (TOTP) is available; secrets are stored encrypted
  • API rate limiting and brute-force protection on authentication endpoints
  • Session management with secure, HTTP-only cookies
  • PII is masked in server logs (phone numbers, email addresses)

7. Social Media Integration

Canva Connect API

We use Canva's API to help you design social media content using your own Canva account and templates. We store an encrypted OAuth token to maintain your connection. We do not store your Canva designs, media files, or template content on our servers.

Ayrshare Publishing

We use Ayrshare to publish your social media content to connected platforms (e.g., Instagram, Facebook, LinkedIn, X/Twitter). Your social account credentials are stored and managed by Ayrshare, not by Vora. We store an Ayrshare profile key to link your account.

What Vora Stores

  • Encrypted Canva OAuth tokens (AES-256-GCM)
  • Ayrshare profile keys
  • Post metadata: captions, scheduled times, publish status
  • Analytics data: engagement metrics, reach, impressions
  • Comment text for moderation and response tracking

What Vora Does NOT Store

  • Photos, videos, or design files (handled by Canva)
  • Social account passwords (handled by Ayrshare)
  • Raw social platform API tokens (handled by Ayrshare)

8. SMS Messaging

If you are a customer of a service business that uses the Vora platform, you may receive SMS messages from that business through our platform. These messages include appointment reminders, booking confirmations, job status updates, estimates, and follow-up communications.

  • You will only receive SMS messages if you have explicitly opted in by submitting a web form, completing a booking, or otherwise providing written consent to that business.
  • Message frequency varies based on your interactions with the business.
  • Message and data rates may apply.
  • You can opt out at any time by replying STOP to any message. You will receive a one-time confirmation and no further messages will be sent.
  • Reply HELP to any message for assistance.
  • Your mobile phone number will never be shared with third parties for marketing purposes.

Vora Technology acts as a messaging platform on behalf of service businesses. The business you opted in with is responsible for the content and frequency of messages sent to you. For questions about a specific business's messaging practices, contact that business directly.

9. Third-Party Services

In addition to Canva and Ayrshare, Vora integrates with third-party services including Stripe (payments), Twilio (voice/SMS), Google (calendar, authentication), and others. Each integration stores only the minimum credentials required to maintain your connection, encrypted at rest.

10. Cookies

Vora uses essential cookies for session management (authentication). Analytics cookies (PostHog) are only set after you explicitly grant consent. No third-party advertising cookies are used.

11. Contact Us

For privacy-related inquiries, data access requests, or to exercise your data rights, please contact us at:

Email: privacy@voratechnology.com
Website: voratechnology.com

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.