Vorion LLC Privacy Policy
Last updated: March 18, 2026
Data Controller: Vorion LLC
EU Representative: To be appointed (GDPR Article 27)
Contact: privacy@vorion.org
1. What Data We Collect
| Data Category | Examples | Legal Basis |
|---|---|---|
| Account data | Name, email, company name | Contract performance (Art. 6(1)(b)) |
| Usage data | Pages visited, features used, session duration | Legitimate interest (Art. 6(1)(f)) |
| Agent data | Agent configurations, trust scores, governance decisions | Contract performance (Art. 6(1)(b)) |
| Payment data | Billing address, payment method (processed by Stripe) | Contract performance (Art. 6(1)(b)) |
| Technical data | IP address, browser type, device info | Legitimate interest (Art. 6(1)(f)) |
2. How We Use Your Data
- To provide and improve our services
- To process payments and manage your account
- To communicate service updates and security notices
- To comply with legal obligations
- To detect and prevent fraud or abuse
We do NOT:
- Sell your personal data to third parties
- Use your data for AI model training without explicit consent
- Profile you for automated decision-making that produces legal effects
3. Data Storage and Transfers
Your data is stored in the European Union (Frankfurt, Germany) on infrastructure provided by Vercel, Neon, and Fly.io. If data is transferred outside the EU, we rely on:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
4. Your Rights (GDPR Articles 15-22)
You have the right to:
- Art. 15Access your personal data
- Art. 16Rectify inaccurate data
- Art. 17Erase your data ("right to be forgotten")
- Art. 18Restrict processing
- Art. 20Data portability — receive your data in machine-readable format
- Art. 21Object to processing based on legitimate interest
- Art. 22Not be subject to automated decision-making with legal effects
To exercise any right, contact: privacy@vorion.org. We will respond within 30 days.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While active + 30 days after deletion |
| Agent data & governance logs | Per your subscription plan retention period |
| Usage / technical data | 12 months |
| Payment data | As required by tax law (typically 7 years) |
6. Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting | EU (Frankfurt) |
| Neon | PostgreSQL database | EU (Frankfurt) |
| Fly.io | API hosting | EU (Amsterdam) |
| Stripe | Payment processing | US (SCCs in place) |
| Supabase | Authentication | EU (Frankfurt) |
A current list is maintained at vorion.org/legal/subprocessors.
7. Cookies
See our Cookie Policy for details on how we use cookies and similar technologies.
8. Changes to This Policy
We will notify you of material changes via email at least 30 days before they take effect.
9. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority. For our EU representative's jurisdiction, the relevant authority will be listed once our representative is appointed.