Privacy Policy
1. Overview
This policy explains what Voris collects, why we collect it, and the choices you have over your data. It covers the two parts of Voris together: the matching layer that proposes specialists for your work, and the operating system that runs your agency day to day. The two share one login and one data model, so the rules here apply across both.
We have written this in plain language because privacy documents that no one can read do not protect anyone. Where a section needs the precise legal meaning, we say so. If anything here is unclear, the contact details in section 13 are real and we will answer.
"We", "us", and "Voris" mean the entity that provides the platform to you. "You" means the person or organisation using it — an agency owner, a team member, a specialist, or an end client interacting with a portal. Different parts of this policy apply to each of these roles, and we say which where it matters.
2. What we collect
We collect three kinds of information, and we try to collect only what the service needs to work.
Account information. When you create an account we ask for your name, email address, and a password (stored as a salted hash, never in plain text). If you sign in through a single sign-on provider, we receive the name and email that provider shares with us and nothing more. For billing we collect the details your payment processor requires, and we do not store full card numbers on our own infrastructure.
The data you enter. This is the bulk of what Voris holds, and it is yours. It includes the records you create in the operating system — clients and contacts in the CRM, projects and tasks, time entries, invoices and payroll records, agreements, and messages in team chat. It also includes the briefs you write for matching and the profile information specialists publish about themselves. We do not read this content to train models or to build marketing audiences. We process it only to make the features you turned on work.
Usage and technical data. We log the kind of information any hosted service needs to stay secure and stable: the times you sign in, the modules you use, approximate location derived from IP address, browser and device type, and error reports. We keep this data in an aggregated or short-lived form wherever we can, and we do not use it to build a profile of individual people for advertising.
3. How we use it
We use your data to do the things you asked Voris to do, and to keep the platform running. Specifically:
- Running the service — signing you in, loading your workspace, saving the records you create, and showing them back to you and the people you have authorised.
- Matching — reading the briefs you write and the profiles specialists publish so we can propose one to three qualified matches instead of a long list of bids.
- Billing — charging your plan, issuing invoices, and keeping the records tax authorities may ask for.
- Support — understanding what went wrong when you ask for help, and getting back to you.
- Security and integrity — detecting abuse, investigating incidents, and keeping the audit logs described in section 6.
We do not sell your data, and we do not use the contents of your CRM, projects, or messages to train automated models. Where we use usage data to improve the product, we work from aggregated patterns, not from reading individual workspaces.
4. Specialists & clients
Voris connects three parties, and data moves between them in a controlled way. Understanding that flow is the core of this policy.
An agency owns its workspace. It creates client records, writes briefs, and invites specialists. A specialist publishes a profile and, when matched, gains scoped access to the parts of a project the agency has opened to them. An end client may interact through a client portal that shows only what the agency has chosen to share.
Access is scoped and isolated. A specialist working on one project cannot see another project's records, another client's data, or the agency's financials, unless the agency has explicitly granted that access. A client using a portal cannot see the agency's internal tasks, costs, or specialist profiles. Permissions are set per role and, for sensitive fields, per field — so an account can be allowed to read a client record without seeing the billing details inside it.
The agency is the controller of the workspace data it enters. Voris is the processor that holds and runs that data on the agency's instructions. Specialists and clients exercise their own rights over the personal data that relates to them, and we describe those rights in section 8.
5. Sharing
We do not sell your data, and we do not share it for advertising purposes. The only situations in which your data leaves our direct control are these.
Sub-processors. We rely on a small number of trusted providers for things we cannot do well ourselves — cloud hosting, email delivery, and payment processing. Each one is bound by a contract that limits what they may do with your data and requires them to protect it to a standard no lower than ours. A current list of sub-processors is available on request through the contact page, and we will tell you in advance before adding a new one that handles workspace data.
Between parties you connected. When an agency matches a specialist or opens a client portal, the relevant data is shared with that specialist or client because the agency asked for it. This is the service working as intended, not a disclosure by us.
Legal requests. If we receive a valid legal order — a subpoena, a court order, or a lawful request from a regulator — we may have to disclose data. We will narrow the disclosure to what the order requires, push back where the request is too broad, and tell you about the request where we are legally allowed to.
6. Data security
We treat the security of your data as a feature, not an afterthought, because the operating system holds financial and client information that an agency cannot afford to lose.
Encryption. Data is encrypted in transit using TLS, and encrypted at rest in our databases and backups. Backups are held in a separate region from the primary data where the infrastructure allows it.
Role-based, per-field access. Access inside a workspace is governed by roles the agency defines, and sensitive fields — payroll figures, contract terms, client billing — can be locked down further at the field level. A team member who can open a client record may still be blocked from seeing that client's invoice totals. Voris staff do not have routine access to your workspace data; where access is needed for support or incident response, it is granted temporarily, logged, and revoked afterwards.
Audit logs. Significant actions — sign-ins, permission changes, exports, deletions, and access to restricted fields — are recorded in tamper-evident audit logs that the agency can review. Logs are retained for a defined period and are themselves access-controlled.
No system is perfectly secure. If we discover a breach that affects your data, we will investigate, contain it, and tell you what happened and what we are doing about it, without undue delay.
7. Data retention
We keep your data for as long as your account is active, and for a limited period afterwards. The principle is simple: hold what we still need, and delete what we do not.
Workspace data you create — CRM records, projects, invoices, messages — is kept while your account is open and for a grace period after closure, currently ninety days, so that you can export it or reopen the account if you change your mind. After that grace period it is deleted from our primary systems and from backups as they cycle out.
Some records are kept longer because the law requires it: financial and tax records tied to invoices and payroll may be retained for the statutory period in your jurisdiction, even after an account closes. Usage and audit logs are kept for a shorter, defined window used for security analysis, and then aggregated or deleted.
If you want data deleted sooner than the standard schedule allows, section 8 explains how to ask.
8. Your rights
Depending on where you live and the role you hold, you may have legal rights over your personal data. We support the following regardless of where the law strictly requires them, because they are good practice.
- Access — you can ask what personal data we hold about you, and we will provide it in a readable form.
- Export — you can export your workspace data in structured files at any time, without waiting on us. The export is yours to keep.
- Deletion — you can ask us to delete your personal data, and we will do so on the schedule in section 7 or sooner where the law allows. We will keep only what we are legally required to retain.
- Correction — you can fix inaccurate information yourself in most modules, or ask us to correct it where you cannot.
To exercise any of these rights, use the contact details in section 13. We will confirm who you are before acting, to protect your data from being accessed or changed by someone else. We aim to respond within thirty days, and we will tell you if a request takes longer and why.
9. Data residency
Where your data is stored matters, particularly for agencies and clients in regions with strict data-protection rules. Voris lets you choose the region your workspace data is primarily stored in, and we will keep the active copy there rather than moving it around for our convenience.
Available regions depend on the plan and on where our infrastructure operates; the current options are listed in your workspace settings. Some data — such as aggregated usage logs or metadata needed to route sign-in — may be processed outside your chosen region, but the substantive workspace data stays where you selected it.
If your residency requirements change, or if you need a region we do not yet offer, tell us through the contact page and we will work with you on whether we can meet the requirement.
10. Cookies
Voris uses a small number of cookies and similar browser storage to keep you signed in and to remember your preferences. We do not use advertising cookies, and we do not sell the information cookies collect.
The cookies we set fall into a few groups: a session cookie that keeps you logged in, a preference cookie that remembers settings like your chosen region, and analytics cookies that help us understand, in aggregate, which features are used. You can block or delete cookies through your browser settings; the service will still work, though you may need to sign in again and re-set preferences.
Where analytics cookies are used, they are configured to anonymise identifying details before storage, and we do not use them to track you across other websites.
11. Children
Voris is a business tool for agencies, specialists, and the clients they serve. It is not intended for anyone under sixteen, and we do not knowingly collect personal data from children.
If you believe a minor has given us personal data, contact us through the details in section 13 and we will delete it. Accounts are created with a verified email and an acceptance of our terms, which are written for adults entering business relationships, not for minors.
12. Changes
We may update this policy as Voris grows and as the law changes. When we do, we will publish the new version and update the "last updated" date at the top of this page. For changes that materially affect how your data is handled, we will try to tell you in advance — by email or an in-product notice — so you have time to review and, if you wish, to act.
If you keep using Voris after a change takes effect, you are treated as having accepted the updated policy. If a change is not acceptable to you, your option is to stop using the service, export your data, and close your account as described in the Terms of Service.
13. Contact
If you have questions about this policy, about a specific data request, or about how your workspace is configured, you can reach us through the contact page. We are happy to clarify anything that is unclear, and to hear where the wording could be plainer.
This policy is a template, not a final legal document. Before you rely on it for your own agency or specialist practice, have it reviewed by a lawyer who knows your jurisdiction and the regions your clients operate in.