← Home

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy is part of, and should be read together with, our Terms of Service. Capitalized terms not defined here have the meaning given in the Terms.

About this Policy

This Privacy Policy explains the categories of personal information Vorvano LLC (“Vorvano,” “we,” “us,” or “our”), a Wyoming limited liability company with its principal address at 30 N Gould St, Ste R, Sheridan, WY 82801, collects, the sources we collect it from, why we use it, who we share it with, how long we keep it, how we protect it, and the privacy rights you may have. It applies to all Vorvano applications, websites, and related services (the “Service”), whether now existing or hereafter developed and whether obtained through an app store or by direct download. What we actually collect and process depends on which application you use, the features you enable, and the settings you choose, all of which are described in that application's in-app notices, settings, or app-store privacy label and are incorporated into this Policy by reference. The Service is intended for users in the United States only; see the “Where your information is processed” section.

1. Categories of personal information we collect

Depending on the application and how you use it, we may collect the following categories of personal information. Not every category is collected by or applicable to every application.

  • Identifiers and account data: your name, email address, optional phone number, an account identifier, your password (stored only as a salted, memory-hard hash — never in plain text), and the IP address from which you create your account.
  • Consent and verification records: the fact, date, time, and version of the agreements and consents you accepted; your email-verification status; and records of privacy choices you make.
  • User-provided content and inputs: materials and content you submit to or generate through an application and any associated outputs. For AI-enabled applications, this can include text you provide such as document or résumé text, prompts, your spoken answers and their transcripts, and resulting notes, scores, and feedback, which are processed by us and by third-party AI providers to generate outputs.
  • Audio and speech data: for applications with voice features, your microphone input and the resulting transcript. Depending on the feature and your settings, speech recognition may run on your device, or your audio may be transmitted to a third-party speech-to-text provider to produce the transcript. Where session recording is offered, we also create and store on our servers an audio recording of the practice session (a mixed file of your spoken answers and the AI interviewer's synthesized voice), retained and deleted as described in the “Audio, voice & biometrics” and “Retention” sections, which describe this in detail.
  • Usage analytics and inferences: product-usage and interaction analytics, feature and performance metrics, and inferences derived from your use of the Service (for example, practice scores or other AI-generated assessments).
  • Diagnostics and error logs: crash reports, error logs, and technical event data, collected to keep the Service operating and secure.
  • Device and technical profile: non-identifying hardware, operating-system, configuration, and network attributes (such as device type, OS version, app version, and general capability indicators) used to assess compatibility and deliver and secure the Service.
  • Communications: information you provide when you contact us for support, respond to surveys, or otherwise communicate with us, including the contents of those communications.

Data minimization. We seek to collect and process only what is reasonably necessary and proportionate to provide the application and features you request and the purposes described in this Policy. We may de-identify, aggregate, or derive statistics and other non-personal information from any of the above and use and retain it without restriction.

2. Sources of personal information

We collect personal information: (a) directly from you when you create an account, submit content, configure settings, or communicate with us; (b) automatically from your device and software as you install, use, and interact with the Service; and (c) from service providers and partners that help us operate, secure, analyze, or deliver the Service (for example, hosting, analytics, AI, speech, and email-delivery providers, and, where applicable, app-store and payment platforms).

3. How we use personal information; legal bases

We may use personal information for any lawful business or commercial purpose disclosed at or before collection, including to:

  • create, authenticate, maintain, and secure your account;
  • provide, operate, maintain, personalize, and deliver the Service and its features, including transcribing your speech, synthesizing the interviewer's voice, and generating AI Outputs from content you submit;
  • verify identity and eligibility and prevent, detect, and respond to bots, fraud, abuse, security incidents, and prohibited or illegal activity;
  • monitor, record, and review usage, submissions, and content as described in the Terms, for security, safety, compliance, enforcement, and quality;
  • monitor, analyze, debug, and improve the Service and develop new products, features, and offerings;
  • develop, train, fine-tune, evaluate, and improve our and our providers' artificial-intelligence and machine-learning models, algorithms, prompts, and systems, as described in the “Use of your content to improve and train AI” section below;
  • conduct analytics, research, and measurement;
  • communicate with you about your account, transactions, security, updates, and changes to the Service or our terms, and — where permitted — about features and offers;
  • exercise, establish, or defend legal claims, enforce our agreements, and protect our rights, property, and safety and those of our users and others; and
  • comply with applicable law, legal process, and regulatory obligations.

Where data-protection law requires a legal basis, we rely, as applicable, on: performance of our contract with you; your consent (for example, for optional communications and any processing for which we ask for it); our legitimate interests in operating, securing, analyzing, improving, and developing the Service and our business (including model development) where not overridden by your interests and rights; and compliance with legal obligations. We do not use the personal information of minors to train AI models.

4. Use of your content to improve and train AI

By creating an account, accessing, or using the Service, you agree that Vorvano and its providers may use the content you submit and generate — including your document and résumé text, prompts, spoken answers and their transcripts, interview and practice content, and the resulting outputs, together with your usage, interaction, and feedback data — to operate, evaluate, develop, secure, and improve the Service, and to develop, train, fine-tune, and improve our and our providers' artificial-intelligence and machine-learning models, systems, and prompts. We may do this as part of providing and improving the Service and without separate notice to you each time.

Where reasonably feasible, we de-identify, aggregate, or minimize content used for model development, and we apply the following limits: we do not use the personal information of minors for model training; we do not sell sensitive personal information, even with consent; we do not use your content to make automated, consequential, or legally significant decisions about you or to furnish a score or determination about you to any third party (your scores and feedback are presented to you, for your own use); and we apply the data-rights and deletion mechanisms described in the “Your privacy rights” and “Retention” sections. De-identified, aggregated, and derived data is not personal information and may be used and retained for any lawful purpose without restriction. Some of our AI providers may also process content under their own terms to provide and, in some cases, improve their services; see the “Service providers” section. If we introduce a dedicated control to opt out of model-training use, your choice through that control will govern going forward.

5. Audio, voice & biometrics

How speech is processed. Some applications and features transcribe your speech so the AI can respond to what you say, and synthesize a spoken voice for the interviewer. Depending on the feature and your settings, speech recognition may run on your device, or, where cloud transcription is enabled, your microphone audio may be securely transmitted (including in real time) to a third-party speech-to-text provider to produce the transcript, and the text of the interviewer's lines may be sent to a third-party text-to-speech provider to produce the synthesized voice. This is a change from earlier desktop-only versions, which performed all speech recognition on your device; the current Service may transmit your audio to a cloud provider for transcription when that option is in use. Interview-session recordings. For interview-practice sessions, we record the session audio — both your spoken answers and the interviewer's synthesized voice — and store that recording on our servers so that you can review your performance and so our authorized team can review sessions to evaluate, debug, and improve the Service (including the AI, as described in this Policy). A recording indicator is shown during capture. These recordings are encrypted at rest, access is limited to authorized personnel, and they are retained while your account is active and deleted when you delete your account (subject to short-lived encrypted backups that age out) or sooner on request. Outside interview-practice recording, we use audio only to produce the transcript and deliver the feature you requested, and where speech recognition runs on your device that audio is processed locally. The resulting transcript is handled as User-provided content under this Policy. See the “Service providers” section.

No biometric identifiers; no voiceprints. Except as a specific application expressly discloses in-app (in which case that application's disclosure and consent govern), we do not collect, capture, purchase, receive through trade, store, or otherwise obtain biometric identifiers or biometric information as those terms are defined under the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the Washington biometric-privacy law (RCW 19.375), or the Washington My Health My Data Act (RCW 19.373). We do not create, extract, or store voiceprints, retina or iris scans, fingerprints, scans of hand or face geometry, vein patterns, or any biometric template from which an identifier can be extracted, and we do not perform speaker recognition, face recognition, or voice- or face-based identity verification. Any audio the Service processes is used to deliver the requested features (such as transcription, feedback, or rendering an animated avatar) and, for interview-practice sessions, is recorded and stored so the session can be reviewed and the Service improved as described in the “Audio, voice & biometrics” section above; in all cases it is not converted into a biometric template, and is not used to identify you. We contractually require any speech-to-text, text-to-speech, or AI provider that processes audio to refrain from creating biometric identifiers or voiceprints from it and from using it to train biometric or identification models. We treat any biometric, genetic, or health data as sensitive and obtain opt-in consent where applicable law requires it.

6. Service providers

To operate, secure, and deliver the Service, we use trusted third-party service providers — including artificial-intelligence and cloud-infrastructure providers — that process personal information on our behalf, only as needed to provide the features you use and under contractual confidentiality and security obligations. The specific providers we use are proprietary and may change as we develop the Service. We do not sell your personal information. Residents of states that provide the right may request a list of the specific third parties to which we have disclosed their personal data, as described in the “Your privacy rights” section.

7. How we share and disclose personal information

We may disclose personal information as follows:

  • Service providers and processors: to the third-party service providers described in the “Service providers” section and other vendors that process personal information on our behalf under contractual confidentiality and security obligations, including AI, speech, hosting, email-delivery, analytics, security, and support providers, and — where applicable — app-store, payment, and content-delivery platforms.
  • Legal, safety, and compliance: to comply with applicable law, regulation, legal process, or enforceable governmental or court request; to enforce our agreements and policies; to detect, prevent, or address fraud, security, or technical issues; and to protect the rights, property, safety, or security of Vorvano, our users, or others.
  • Business transfers: in connection with, or during negotiations of, any merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or other corporate transaction, in which case personal information may be among the assets transferred.
  • With your direction or consent: to other parties when you direct us to do so or otherwise consent.
  • Affiliates: to current and future Vorvano affiliates and related entities for the purposes described in this Policy.

Sale and sharing. We currently do not “sell” or “share” personal information, and do not use personal information for “targeted advertising” or for “profiling” in furtherance of decisions that produce legal or similarly significant effects, as those terms are defined under U.S. state privacy laws. Providing your content to AI and speech providers so they can generate the outputs you request is a service-provider relationship, not a “sale” or “share.” We do not sell sensitive or biometric personal information, and we will not sell sensitive personal information even with consent. If our practices ever change such that we sell or share personal information or conduct targeted advertising, we will update this Policy, provide the clear and conspicuous opt-out controls and notices the law requires, and honor recognized opt-out preference signals (such as the Global Privacy Control). We do not knowingly sell or share, and do not knowingly collect, the personal information of minors; if we learn we have collected such information, we will delete it.

8. Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Policy — including to provide the Service, maintain and secure your account, develop and improve our products and models, and satisfy our legal, accounting, dispute-resolution, and enforcement needs — after which we delete, de-identify, or aggregate it. Retention periods vary by data type, application, and context. As a general guide: account data is retained while your account is active and for a short period afterward; user-provided content, session recordings, and transcripts are retained as needed to provide the Service and are deleted from our active systems when you delete your account or upon a verified deletion request, subject to the deletion rights described in the “Your privacy rights” section; diagnostic, usage, and error logs are retained for roughly 30 days; and residual copies in routine encrypted backups are purged within roughly 30 to 90 days. You may delete your account and associated synced data at any time using the in-app control, which removes it from our active systems. We may retain limited information as necessary to comply with law, enforce our agreements, resolve disputes, and prevent fraud and abuse. Copies of content already incorporated into trained model weights, backups, or logs that cannot feasibly be extracted or reversed, and de-identified, aggregated, and derived data, may be retained indefinitely.

9. Data security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal information appropriate to its sensitivity, including: encryption in transit (HTTPS/TLS); passwords stored only as salted, memory-hard hashes; encryption at rest for stored account and contact information; signed, expiring, HttpOnly administrative sessions protected by two-factor authentication; rate limiting and abuse controls; input validation and request-size limits; least-privilege access controls; and vendor oversight. We design our security program to align with recognized frameworks such as the NIST Cybersecurity Framework and NIST Privacy Framework and to satisfy applicable data-security laws, including the reasonable-safeguards requirement of the New York SHIELD Act. No method of transmission or storage is completely secure, and we do not and cannot guarantee absolute or perfect security; you use the Service and transmit information at your own risk. If a security breach affecting your personal information occurs, we will notify affected individuals and applicable regulators as and to the extent, and within the timeframes, required by applicable law, including the breach-notification laws of your state of residence (such as the New York SHIELD Act and California Civil Code § 1798.82, among others).

10. Your privacy rights

Which rights you have, and how they apply, depend on your state of residence. To be protective, we generally extend the core rights below to all U.S. users. These rights arise under the laws listed here, as and where they are in effect and apply to us: the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), and the comprehensive consumer-privacy laws of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), Iowa, Nebraska, New Hampshire, New Jersey, Minnesota (MCDPA), Maryland (MODPA), Tennessee (TIPA), Indiana, Kentucky, and Rhode Island, together with any other comparable state law that is or becomes effective.

  • Right to know / access: to confirm whether we process your personal information and to request the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purposes for collecting, using, selling, or sharing it, and the categories of recipients (with a 12-month lookback under California law).
  • Right to delete: to request deletion of personal information, subject to legal exceptions.
  • Right to correct: to request correction of inaccurate personal information we maintain about you (this right is not available in every state, such as Utah and Iowa).
  • Right to data portability: to obtain a copy of certain personal information in a portable and, to the extent technically feasible, readily usable format.
  • Right to opt out of sale, sharing, targeted advertising, and profiling: as described in the “Sale and sharing” section, we do not currently sell or share personal information, conduct targeted advertising, or engage in such profiling, so there is presently nothing to opt out of; if that changes, we will provide the required opt-out controls and notices. We honor recognized opt-out preference and universal-opt-out signals (such as the Global Privacy Control) where required by law.
  • Right to limit use of sensitive personal information: to direct us to limit the use and disclosure of information treated as “sensitive” under applicable law to what the law permits. We process sensitive personal information only with opt-in consent where required, do not use it to infer characteristics about you, and do not sell it.
  • Right to question profiling (Minnesota): Minnesota residents may, in connection with profiling, be informed of the reason a decision was reached, the data used, the right to review and correct that data, and how to obtain a different outcome going forward.
  • Right to a list of third parties (Minnesota, Oregon, Delaware, and other states that provide this right): to request a list of the specific third parties to which we have disclosed personal data.
  • Right to non-discrimination: we will not discriminate or retaliate against you for exercising any of these rights.
  • Right to appeal: if we decline your request, residents of any state whose law provides an appeal right may appeal by replying to our response. We will respond to an appeal within the period the law requires (generally 60 days), and if we deny the appeal we will provide a method to contact the applicable state Attorney General.

How to exercise your rights. You may submit a request by emailing legal@vorvano.com (preferably from the email address associated with your account), or, where available, by using the in-app delete-account and privacy controls. To process certain requests we may need to verify your identity, typically by confirming control of your account email; we may decline or limit a request we cannot reasonably verify. We will acknowledge and respond within the timeframes required by applicable law — for example, under California law we acknowledge within 10 business days and respond within 45 days, extendable by an additional 45 days where permitted, with notice; most other state laws provide a 45-day response window, extendable as allowed. Your first request in a 12-month period is free; we may charge a reasonable fee or decline a request that is excessive, repetitive, or manifestly unfounded, as permitted by law. You may use an authorized agent where the law allows.

California & Nevada. This Policy serves as our California notice at collection. As stated above, we do not sell or share personal information or use it for targeted advertising; California residents may direct us to limit the use of their sensitive personal information and may exercise the other rights above, and we honor the Global Privacy Control. Under California's “Shine the Light” law (Cal. Civ. Code § 1798.83), we do not share personal information with third parties for those third parties' own direct-marketing purposes. California residents have a limited private right of action for certain data breaches under Cal. Civ. Code § 1798.150. Nevada residents may submit a verified request that we not sell certain “covered information” by emailing the address above.

11. Communications and text messages

If you provide a phone number, we may use it to help verify identity, secure your account, and send transactional or account-related messages. Where providing a phone number is optional, providing it constitutes your prior express consent to receive account, security, and transactional messages at that number. Marketing texts, if any, require your separate prior express written consent under the Telephone Consumer Protection Act (TCPA). Declining to provide an optional phone number does not impair your account or your ability to use the Service. Where you receive texts from us, message and data rates may apply, message frequency varies, and you can opt out by replying STOP (reply HELP for help).

12. Children

The Service is intended only for adults (at least 18, or the higher age of majority where you reside) and is not directed to or intended for minors — that is, anyone under 18, and in no event anyone under 13. We do not knowingly collect personal information from anyone under 18, and we never knowingly collect data from a child under 13 within the meaning of the Children's Online Privacy Protection Act (COPPA). We do not use any minor's data to train AI models, for targeted advertising, or for sale. If you are under the applicable minimum age, do not use the Service or provide us any information. If you believe a child under 13 has provided us personal information, or you are a parent or guardian who wishes to request deletion of a minor's information, contact legal@vorvano.com and we will promptly delete it.

13. Where your information is processed (United States)

Vorvano is based in the United States, and the Service is intended for U.S. users only. We and our service providers store and process your personal information in the United States and may process it in other countries where we or our providers operate, subject to appropriate safeguards. We do not undertake to comply with non-U.S. data-protection laws (such as the GDPR or UK GDPR). By using the Service, you understand that your information will be processed in the United States and, where applicable, such other jurisdictions.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by the effective date shown above, and we will take reasonable steps to provide additional notice where required by law. Your continued use of the Service after an update takes effect means you accept the updated Policy.

15. Contact

Questions, requests, privacy-rights requests, or concerns about this Privacy Policy may be directed to Vorvano LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, or by email to legal@vorvano.com.