Core Legal
Privacy Policy
How Allorc collects, uses, shares, retains, and protects personal data.
Privacy Policy
This Privacy Policy explains how Allorc collects, uses, discloses, stores, and protects personal data when you use the Allorc website, applications, and related services.
Who this policy applies to
This policy applies to visitors, trial users, customers, administrators, and other individuals whose personal data is processed in connection with Allorc.
If an organization uses Allorc and makes the service available to its personnel, that organization may separately control some data submitted to the service.
Categories of personal data we collect
We may collect the following categories of personal data:
Account and identity data
- name, email address, username, and organization name;
- authentication and security-related records;
- account preferences and subscription details.
Product usage data
- prompts, instructions, messages, and interaction history;
- uploaded files, metadata, and user-configured workflow settings;
- logs relating to feature use, errors, and diagnostics.
Integration data
- information from connected email, calendar, storage, and other third-party services that you authorize us to access;
- connection metadata, scopes, tokens, and sync activity records.
Device and technical data
- IP address, browser type, device identifiers, operating system, and approximate location inferred from network signals;
- cookie, session, and telemetry data.
Support and communications data
- support requests, feedback, survey responses, and communications with us.
Sources of personal data
We collect personal data:
- directly from you;
- from your organization or account administrator;
- from third-party services you connect;
- automatically through your use of the service.
How we use personal data
We use personal data to:
- create and manage accounts;
- authenticate users and secure the service;
- provide AI responses, automation, and workflow execution;
- operate integrations and synchronize connected data;
- troubleshoot issues, prevent abuse, and monitor performance;
- communicate with you about service updates, support, and transactional notices;
- comply with legal obligations and enforce our terms.
Communications preferences and consent
Allorc sends different categories of communications for different reasons.
Required service communications
We send operational, transactional, security, billing, legal, and service-impact communications when necessary to operate your account and the service. These may include:
- email verification, password resets, sign-in alerts, and security notices;
- invoices, receipts, payment failures, renewals, subscription changes, and account-access warnings;
- outage notices, incident updates, maintenance alerts, or deprecation notices;
- changes to features, permissions, pricing, or workflows that materially affect your use of the service;
- legal notices, terms updates, privacy updates, and responses to support or data-rights requests.
These communications are not marketing emails, and you cannot opt out of them while you continue to use the service.
Optional marketing communications
We may send optional marketing communications if you choose to receive them. These may include launch news, general feature roundups, product education, webinars, event invitations, surveys, promotions, and similar promotional updates that are not required to operate your account.
You can opt in or out of marketing communications at any time, and opting out of marketing does not affect required service communications.
Additional detail appears in the Marketing & Service Communications Policy.
Legal bases for processing
Depending on the context, we process personal data because:
- it is necessary to perform a contract with you or your organization;
- it is necessary for our legitimate interests in operating, securing, and improving the service;
- you have provided consent for specific processing;
- we need to comply with legal obligations.
AI model use and product improvement
Allorc uses AI systems to generate outputs and support autonomous workflows.
By default, Allorc does not use Customer Content to train third-party foundation models. We may use limited service data, including logs and samples, for security, abuse prevention, debugging, quality assurance, and service improvement subject to access controls and data minimization.
If we materially change our data-use practices, we will update this policy and, where required, provide additional notice or obtain consent.
Sharing of personal data
We may share personal data with:
- infrastructure, hosting, analytics, authentication, communications, and payment providers that help us operate the service;
- integration partners when you direct Allorc to connect with those services;
- professional advisers, auditors, insurers, and legal counsel where reasonably necessary;
- authorities or third parties where required by law or needed to protect rights, safety, or security.
We do not sell personal data for third-party advertising.
International data transfers
Allorc may process data in jurisdictions outside your home country. Where required, we use appropriate safeguards for cross-border transfers.
Data retention
We keep personal data for as long as reasonably necessary for the purposes described in this policy, including to provide the service, maintain security, resolve disputes, comply with law, and enforce agreements.
Additional detail is provided in the Data Retention & Deletion Policy.
Security
We apply administrative, technical, and organizational measures designed to protect personal data. No service can guarantee absolute security, and you should not use Allorc for data or workloads that require zero-risk handling.
Our current controls and present limitations are described in the Security & Trust Statement.
Your rights and choices
Subject to applicable law, you may have rights to:
- access personal data we hold about you;
- correct inaccurate information;
- request deletion;
- restrict or object to certain processing;
- receive a portable copy of certain data;
- withdraw consent where processing is based on consent.
To exercise rights, contact us using the contact details below. We may request additional information to verify identity before responding.
Cookies and similar technologies
We use cookies and similar technologies for authentication, preferences, analytics, and service operation. See the Cookie Policy for more information.
Children
Allorc is not intended for children under 18, and we do not knowingly collect personal data directly from children under 18 for independent consumer use.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date and provide additional notice where required by law.
Contact
For privacy questions or rights requests, contact samclastine.jesumuthu@allorc.com.