Privacy Policy

Effective Date: April 22, 2026

1. Information We Collect

We collect information in several ways depending on how you interact with our services:

• Account Information: When you create an account, we collect your name, email address, company name, billing information, and any other details you provide during registration or profile setup.
• Usage Data: We automatically collect information about how you interact with our platform, including pages visited, features used, agent activity logs, API calls made, session duration, and click-stream data.
• Device and Technical Data: We collect IP addresses, browser type and version, operating system, device identifiers, and referring URLs to help diagnose issues and improve service performance.
• Communications: If you contact our support team or send us emails, we retain those communications to respond to inquiries and improve our services.
• Cookies and Tracking Technologies: We use cookies and similar technologies to maintain session state, remember preferences, and gather analytics data. See our Cookie Policy for details.
• Integration Data: If you connect third-party services (CRM, email, calendar, etc.) to Voleryo's agent platform, we access and process data from those services only to the extent necessary to perform the requested agent actions.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Operation: To create and manage your account, authenticate your identity, process payments, and provide access to the Voleryo platform and all agent capabilities.
• Service Improvement: To understand how the platform is used, identify bugs, measure feature adoption, and inform product development decisions.
• Security and Fraud Prevention: To monitor for unauthorized access, detect abusive or malicious activity, enforce our Terms of Service, and protect the integrity of our systems and users.
• Communications: To send transactional emails (receipts, password resets, onboarding), product updates, and — where you have opted in — marketing communications. You may opt out of marketing emails at any time.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
• Aggregated Analytics: We may use de-identified, aggregated data for internal reporting, benchmarking, and public-facing insights. This data cannot be used to identify individual users.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the services you have signed up for.
• Legitimate interests: Improving our services, ensuring security, preventing fraud, and communicating with users about product updates.
• Legal obligation: Compliance with applicable laws and regulations.
• Consent: Where required (e.g., marketing emails, non-essential cookies), we will obtain your explicit consent before processing.

4. Third-Party Services

We share data with third-party service providers only to the extent necessary to operate and improve our platform. These providers are contractually bound to protect your data and use it only for the purposes we specify. Categories of third parties include:

• Cloud Infrastructure: We host our platform on major cloud providers (such as AWS or GCP) to store and process data securely.
• Payment Processing: Billing is handled by PCI-DSS-compliant payment processors. We do not store full card numbers.
• Analytics: We use privacy-respecting analytics tools to understand usage patterns. Analytics providers do not receive information that identifies you personally.
• Customer Support: Support tooling may process your communications and account metadata to help resolve issues.
• Email Delivery: Transactional and product communications are sent via email delivery providers.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained for the duration of your subscription and for a reasonable period after account closure (typically 90 days) to allow for reactivation and dispute resolution.
• Usage logs and agent activity records are retained for up to 12 months for operational and security purposes.
• Billing records are retained for 7 years to comply with financial and tax regulations.
• You may request deletion of your personal data at any time (see "Your Rights" below). Some data may be retained in anonymized or aggregated form after deletion.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete information.
• Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Restriction: Request that we limit how we process your data in certain circumstances.
• Data Portability: Receive your data in a machine-readable format (GDPR/EEA users).
• Objection: Object to processing based on legitimate interests.
• Opt-Out of Sale (CCPA): California residents have the right to opt out of the sale of personal information. We do not sell personal information.
• Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@voleryo.com. We will respond within the timeframe required by applicable law (typically 30 days).

7. Cookies

We use cookies and similar tracking technologies to enhance your experience on our platform. Essential cookies are required for the site to function. Analytics and preference cookies are optional and subject to your consent. For a full breakdown of the cookies we use and how to manage them, please see our Cookie Policy.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, secrets management, and regular security reviews. While we take these measures seriously, no system is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@voleryo.com.

9. International Data Transfers

Voleryo operates globally. If you are located outside the United States, your data may be transferred to and processed in the United States or other countries. Where required, we apply appropriate safeguards — such as Standard Contractual Clauses (SCCs) for EEA users — to ensure your data receives adequate protection regardless of where it is processed.

10. Children's Privacy

Voleryo is a B2B platform intended for use by businesses and professionals. We do not knowingly collect personal information from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us at privacy@voleryo.com and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on the platform prior to the change taking effect. The "Effective Date" at the top of this page indicates when the policy was last updated. Your continued use of Voleryo after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@voleryo.com
• Website: voleryo.com

We take privacy inquiries seriously and will respond as promptly as possible.