Vokra

Privacy Policy

Last updated: February 2, 2026

Vokra ("we", "us", or "our") operates the Vokra AI Agent Platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Organization name (if applicable)
  • Password (encrypted)
  • Billing information (processed through secure third-party payment providers)

1.2 Agent Configuration Data

We collect and store:

  • Agent names and descriptions
  • System prompts and instructions
  • Tool and MCP server configurations
  • Workflow and job definitions
  • Agent execution logs and conversation history

1.3 API Keys and Credentials

We store your third-party credentials in encrypted form:

  • LLM provider API keys (Anthropic, OpenAI, Google, etc.)
  • MCP tool authentication tokens (GitHub, Slack, Notion, etc.)
  • OAuth tokens for connected services

Important: All API keys and sensitive credentials are encrypted at rest using industry-standard encryption.

1.4 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage metrics (agent executions, API calls, features used)
  • Performance data and error logs

1.5 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze usage patterns
  • Improve Service performance

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Execute your AI agents with configured LLM providers
  • Process your transactions and manage subscriptions
  • Send administrative communications (service updates, security alerts)
  • Respond to customer support requests
  • Analyze usage to improve the Service
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

3. Third-Party Data Sharing

3.1 LLM Providers

Important: When your agents execute, your prompts, instructions, and conversation data are sent to third-party LLM providers you configure (e.g., Anthropic, OpenAI, Google Gemini, Groq, Mistral, AWS Bedrock, Azure OpenAI).

Each provider has their own privacy policies and data handling practices. We recommend reviewing:

3.2 MCP Tools and Integrations

When you connect MCP tools (GitHub, Slack, Notion, etc.), your agents may send data to these services according to your configuration. You are responsible for understanding and complying with each tool's privacy policy.

3.3 Service Providers

We may share data with trusted service providers who assist us with:

  • Cloud hosting and infrastructure (AWS, Google Cloud, etc.)
  • Payment processing (Stripe, PayPal, etc.)
  • Email delivery
  • Analytics and monitoring
  • Customer support tools

These providers are contractually obligated to protect your data and use it only for specified purposes.

3.4 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

  • Comply with legal processes
  • Enforce our Terms and Conditions
  • Protect our rights, property, or safety
  • Prevent fraud or security threats

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: API keys and credentials are encrypted at rest using AES-256
  • Transport Security: All data transmitted over HTTPS/TLS
  • Access Controls: Role-based access control (RBAC) and multi-tenancy isolation
  • Authentication: JWT tokens with refresh token rotation
  • Monitoring: Continuous security monitoring and audit trails
  • Regular Updates: Security patches and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as:

  • Your account is active
  • Needed to provide the Service
  • Required by law or for legitimate business purposes

Agent execution logs are retained for 90 days by default, after which they are automatically deleted unless configured otherwise.

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

  • Access your personal data
  • Request a copy of your data in a portable format
  • Export agent configurations and execution logs

6.2 Correction and Deletion

You can:

  • Update your account information through your profile settings
  • Delete specific agents, executions, or configurations
  • Request complete account deletion (data removed within 30 days)

6.3 Opt-Out Rights

You can opt out of:

  • Marketing communications (via unsubscribe links)
  • Non-essential cookies (via browser settings)
  • Data analytics (by contacting us)

6.4 Do Not Track

We currently do not respond to Do Not Track (DNT) browser signals.

7. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising privacy rights

Note: We do not sell your personal information.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last updated" date
  • Sending email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@vokra.ai
Data Protection Officer: dpo@vokra.ai
Website: https://vokra.ai

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

By using the Vokra platform, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.