Privacy Policy

VoXorian is a proposal-management product operated by Sparcgen, Inc., a Delaware corporation ("VoXorian," "we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect personal information when you visit www.voxorian.com or use the VoXorian application at app.voxorian.com (together, the "Service").

If you do not agree with this Policy, please do not use the Service.

1. Information we collect

Information you provide directly. When you create an account or contact us, we collect your name, work email address, organization name, role, and any information you include in messages to us. When you upload content to the Service (past proposals, RFP documents, library entries, attachments, comments, project metadata), we receive and store that content.

Information collected automatically. When you use the Service we collect log data (IP address, browser type and version, operating system, request timestamps, pages visited, referring URL), session identifiers, and an audit trail of actions taken inside your organization's workspace (who created, edited, accepted, or deleted a record, and when).

Cookies and similar technologies. We use a small number of first-party cookies that are strictly necessary to keep you signed in and to maintain CSRF protection. We do not use third-party advertising cookies. If we add analytics in the future, we will list the providers here and offer a clear opt-out.

AI inputs and outputs. When you invoke AI features (for example, drafting an answer from your library), the inputs you send and the outputs you receive may be processed by the AI provider you have configured (such as Anthropic, OpenAI, or a model you self-host). We retain copies of these inputs and outputs in your organization's audit log so you can replay, review, and account for them.

2. How we use information

We use the information described above to:

• provide, maintain, and improve the Service;
• authenticate users and authorize their access to organization-scoped data;
• respond to support inquiries and contractual obligations;
• detect, prevent, and respond to fraud, abuse, security incidents, and other harmful or illegal activity;
• comply with our legal obligations and enforce our Terms of Service;
• send transactional notices about your account or the Service (we do not send marketing email without your prior consent).

3. Sharing and disclosure

We do not sell personal information. We share personal information only as follows:

• Service providers. Hosting providers, database providers, object-storage providers, email-delivery providers, and other vendors that process data on our behalf under written agreements that require confidentiality and appropriate safeguards.
• AI providers. When you invoke AI features, your prompts and the resulting outputs are sent to the AI provider you have configured. Each AI provider operates under its own terms and privacy policy, which you are responsible for reviewing.
• Within your organization. Content you upload is accessible to users in the same organization workspace, subject to role-based permissions. Cross-organization access does not occur.
• Legal requirements. We may disclose information when legally required (subpoena, court order, government request) or when necessary to protect our rights, your rights, or public safety. Where permitted, we will notify you before disclosure.
• Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred. We will notify affected users before personal information becomes subject to a different privacy policy.

We do not use your content to train third-party AI models. We do not share your library, RFP uploads, or drafts across customers.

4. Data retention

We retain account information for as long as your account is active and for a reasonable period afterward to satisfy our legal, tax, and contractual obligations. We retain content you upload until you or your organization deletes it. Soft-deleted records are recoverable for thirty (30) days, after which they are purged from our active systems. Backups are retained for up to ninety (90) days for disaster-recovery purposes and then expire.

5. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These safeguards include encryption of data in transit (TLS 1.2+), encryption at rest for stored credentials, scoped access controls, internal logging and monitoring, and least-privilege production access. No system is perfectly secure; we cannot guarantee absolute security but commit to promptly notifying affected users of any confirmed unauthorized disclosure of their personal information as required by applicable law.

6. Your rights and choices

Depending on where you live and the role you have within your organization, you may have rights with respect to your personal information, including:

• the right to access a copy of the personal information we hold about you;
• the right to correct personal information that is inaccurate or incomplete;
• the right to delete your account and the personal information associated with it;
• the right to port a copy of your personal information to another service in a structured, machine-readable format;
• the right to object to or restrict certain processing of your personal information;
• the right to withdraw consent where we rely on consent (you can do this without affecting the lawfulness of prior processing);
• the right to complain to your local data-protection regulator.

Your organization is the administrator of its workspace. If you are an end user, please direct deletion and access requests to your organization's administrator first; we will act on your behalf at your administrator's instruction. You may also email us directly using the contact information below; we will respond within a reasonable time and in any event within the period required by applicable law.

7. Children

The Service is not directed to children under sixteen (16). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will delete it.

8. International transfers

We are based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. We use appropriate safeguards (including, where applicable, Standard Contractual Clauses) when we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland.

9. California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights, including the right to know what personal information we collect, the right to request deletion, and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise CCPA rights, email us at privacy@voxorian.com.

10. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify affected users by email and update the effective date above. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

11. Contact us

VoXorian is operated by Sparcgen, Inc., a Delaware corporation. For privacy questions or to exercise the rights described above:

• Email — privacy@voxorian.com
• Legal — legal@voxorian.com
• Support — support@voxorian.com

If you require our mailing address for a formal legal notice, please request it by email and we will provide it.