Privacy policy
Last updated June 1, 2026
This policy explains how Volano (“Volano,” “we,” “us,” or “our”) handles information when you use our websites, applications, and related services (together, the “Services”). We built Volano for marketing teams, and we keep this policy in plain English on purpose.
1. Scope and our two roles
Volano is a business product. When your organization signs up, it creates a workspace and invites its team. That distinction matters for privacy, because we act in two different roles:
- As a service provider / processor.When we handle the content your team puts into the Services — chats, prompts, artifacts, uploaded files, library assets — we do so on behalf of the organization that controls the workspace. The organization is the controller of that content and decides how it is used. If you are an end user, please direct requests about that content to your organization’s administrator; we will support them in responding.
- As a controller. When we handle account registration data, billing details, website-visitor information, and data we generate to operate, secure, and improve the Services, we determine the purposes and means of processing, and this policy governs.
Where an organization and Volano have signed a separate agreement or data processing addendum, that agreement controls for content processed on the organization’s behalf and prevails over this policy to the extent of any conflict.
2. Information we collect
Information you provide
- Account and organization data: name, work email, password or single-sign-on identifier, role, workspace and organization names, and team membership.
- Content: the messages, prompts, instructions, uploaded files, documents, images, library items, and other materials you submit to the Services, along with the outputs generated in response.
- Billing data: plan, seat count, and billing contact. Payment-card details are handled by our payment processor; we do not store full card numbers.
- Support and communications: messages you send us, feedback, and survey responses.
- Connector credentials: if an administrator connects a third-party tool, the related credentials, which we store encrypted.
Information we collect automatically
- Usage data: features used, models invoked, actions taken, and timestamps.
- Device and log data: IP address, browser and device type, operating system, language, referring pages, and diagnostic logs.
- Cookies and similar technologies:used to keep you signed in, remember preferences, and measure and improve the Services. See “Cookies” below.
Information from others
We may receive information from your organization’s administrators (for example, when they invite you), from single-sign-on and identity providers, and from service providers that help us operate, secure, and analyze the Services.
3. How we use information
We use information to:
- provide, maintain, and operate the Services;
- authenticate users, enforce roles and permissions, and apply your organization’s governance settings;
- route prompts and content to the AI models and tools your organization has enabled, and return the results;
- process transactions, manage seats, and send service-related messages;
- secure the Services, prevent fraud and abuse, debug, and maintain the integrity and reliability of our systems;
- analyze usage to understand, troubleshoot, and improve the Services;
- provide support and respond to your requests; and comply with law and enforce our terms.
We do not use your content to train our own foundation models, and we do not sell your content. Where we use data to improve the Services, we rely on aggregated or de-identified data wherever practical.
4. AI processing and model providers
When you use AI features, your prompts and the associated content are sent through our model-gateway infrastructure to the third-party model providers your organization has enabled, so they can generate a response. We pass only what is needed to fulfill the request.
We contract with our providers to process this data only to deliver the requested output and not to train their models on your content, except where you or your organization has explicitly opted in. AI outputs may be inaccurate or incomplete; you are responsible for reviewing them before relying on them. See our terms of use.
5. How we share information
We share information only as described here:
- Within your organization. Content in a workspace is visible to authorized members and administrators of that organization according to the roles and permissions it configures.
- Service providers and subprocessors. We share information with vendors that host our infrastructure, provide AI model access, process payments, send communications, and provide analytics and security — all bound by contract to protect it and use it only on our instructions.
- Legal and safety. We may disclose information to comply with law, respond to lawful requests, enforce our agreements, or protect the rights, property, and safety of Volano, our users, or the public.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this policy.
- With your direction. When you or your administrator connect a third-party tool or otherwise direct us to share.
6. We do not sell or “share” your personal information
We do not sell personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under California and other US state privacy laws. We do not use your content to serve you third-party ads.
7. Cookies and tracking
We use strictly necessary cookies to operate the Services (for example, to keep you signed in), plus a limited set of preference and analytics cookies to understand and improve usage. We do not use third-party advertising cookies. Most browsers let you control cookies; blocking strictly necessary cookies may break parts of the Services. Where required, we honor recognized opt-out preference signals such as Global Privacy Control.
8. Data retention
We keep account and content data for as long as your organization maintains its workspace, and afterward only as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Administrators can delete content and request deletion of their workspace; some residual copies may persist in backups for a limited period before being overwritten on our normal cycle.
9. Security
We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit, encryption of stored credentials, access controls, and tenant isolation between organizations. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security. Keep your credentials confidential and notify us promptly of any suspected unauthorized access.
10. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, or obtain a portable copy of your personal information, to opt out of certain processing, and to not be discriminated against for exercising these rights. Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have these rights under their respective statutes (including the CCPA/CPRA).
If your information is part of an organization’s workspace, we will route your request to that organization, which controls the content. For information we control, submit a request to privacy@volano.app. We will verify your request and respond within the time required by applicable law. You may use an authorized agent where the law allows, and you may appeal a decision by replying to our response.
11. Children
The Services are for business use and are not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
12. Where we operate
Volano is operated from the United States, and we store and process information in the United States and in other countries where our service providers operate. If you access the Services from outside the United States, you understand your information may be transferred to and processed in the United States, which may have different data protection rules than your home jurisdiction.
13. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.
14. Contact us
Questions about this policy or your information? Email us at privacy@volano.app. For matters governed by your organization’s workspace, please also contact your organization’s administrator.