Privacy Policy

Volto ("Company", "we", "our", or "us") operates the Volto CRM platform (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

Effective Date: December 8, 2025

1. Information Collection and Use

Volto is a communication management platform that helps businesses communicate with their clients through multiple channels including email (Gmail, Outlook), WhatsApp, Instagram, and other messaging platforms. We collect and process information necessary to provide these services.

Personal Data We Collect:

  • Account Information: Name, email address, phone number, company name, and account credentials
  • Communication Data: Messages, attachments, and metadata from integrated communication channels (Gmail, Outlook, WhatsApp, Instagram)
  • Client Data: Information about your customers that you choose to store in our system
  • Usage Data: Information about how you use our Service, including login times, features accessed, and system performance metrics
  • Device Information: IP address, browser type, operating system, and other technical information
  • Cookies and Tracking: We use cookies to maintain your session and improve user experience

Purposes of Data Collection:

  • Providing and improving our Service
  • Authenticating users and preventing fraud
  • Communicating with you about your account and service updates
  • Responding to your inquiries and providing customer support
  • Complying with legal obligations
  • Analyzing usage patterns and improving user experience

2. Data Processing and Third-Party Integrations

To provide our Service, we integrate with and share data with the following third-party platforms:

Google Services (Gmail, Google Analytics)

How We Access and Use Google User Data:

  • OAuth Authentication: We use Google OAuth to authenticate users and verify their identity. We request access to your Gmail account only to enable email communication management within our Service.
  • Gmail Integration: With your explicit consent, we access your Gmail inbox to help you manage and organize customer communications. We retrieve email messages, metadata (sender, recipient, timestamps), and attachments solely to display them in our CRM interface.
  • Data Storage: Email data accessed from your Gmail account is stored securely on our servers and is used exclusively to provide CRM functionality. We do not retain copies of emails after you delete them from our Service.
  • Data Sharing: We do not share your Gmail data with third parties, except as required by law or with your explicit consent.
  • Limited Use Commitment: We use Google user data only for the purposes disclosed in this Privacy Policy and do not use it for advertising, profiling, or other purposes unrelated to our CRM Service.
  • Google Analytics: We use Google Analytics to understand how users interact with our Service and improve user experience. Google Analytics data is aggregated and does not identify individual users.
  • Google Privacy Policy: https://policies.google.com/privacy
  • Google API Consent Screen Documentation: https://support.google.com/cloud/answer/6158841

Microsoft Services (Outlook, Azure AD)

How We Access and Use Microsoft User Data:

  • OAuth Authentication: We use Microsoft OAuth through Azure Active Directory to authenticate users and verify their identity. This allows secure access to Microsoft services.
  • Outlook Integration: With your explicit consent, we access your Outlook inbox to help you manage and organize customer communications. We retrieve email messages, metadata, and calendar information solely to provide CRM functionality.
  • Data Access and Storage: We access only the data necessary to provide our Service. Data is stored securely and used exclusively for email communication management within our CRM platform.
  • Data Sharing: We do not share your Outlook/Microsoft data with unauthorized third parties. Data is shared only as required by law or with your explicit consent.
  • Limited Use Commitment: We use Microsoft user data only for the stated purposes and do not use it for advertising, profiling, or other secondary purposes.
  • Microsoft Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
  • Microsoft App Registration and Verification: https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview

Meta Services (Instagram, WhatsApp)

How We Access and Use Meta User Data:

  • OAuth Authentication and Authorization: We use Meta OAuth to authenticate users and obtain authorization to access their Instagram and WhatsApp accounts for business communication management.
  • Instagram Direct Messages: With your explicit consent, we access your Instagram Direct Messages to help you manage customer conversations. We retrieve messages, metadata, and contact information to provide CRM functionality.
  • WhatsApp Business Integration: We integrate with WhatsApp Business API to help you manage customer conversations on WhatsApp. We access messages and contact information only to provide communication management features.
  • Data Storage and Usage: All data accessed from Meta services is stored securely on our servers. We use this data exclusively to provide CRM functionality and never for marketing, advertising, or profiling purposes.
  • Data Sharing: We do not share your Meta data with third parties except as required by law or with your explicit consent.
  • Limited Use Commitment: We strictly adhere to Meta's Platform Policies and Limited Use requirements. Your data is used only for the stated purposes and in accordance with Meta's data usage guidelines.
  • Data Retention: We retain data only as long as necessary to provide the Service. You can request deletion of your data at any time.
  • Meta Privacy Policy: https://www.facebook.com/privacy/explanation
  • Meta Platform Policies: https://developers.facebook.com/docs/apps/review
  • Meta Limited Use Requirements: https://developers.facebook.com/docs/apps/review/login-permissions#limited-use

3. Limited Use of Third-Party User Data

Commitment to Limited Use Requirements:

Volto is committed to complying with all platform-specific limited use requirements and data usage policies. Specifically:

  • Google Limited Use: We use Google user data only to provide our CRM Service and to improve user experience. We do not use Google data for advertising, marketing profiling, or any other purpose unrelated to our stated functionality.
  • Microsoft Compliance: We use Microsoft user data solely for email communication management and authentication. We do not use this data to create advertising profiles or sell to data brokers.
  • Meta Limited Use: We strictly adhere to Meta's Limited Use Policy. Your Instagram and WhatsApp data is used exclusively for communication management. We do not use this data for advertising, marketing, or profiling purposes.
  • No Data Monetization: We never sell, rent, or share user data with third parties for their marketing, advertising, or profiling purposes.
  • No Secondary Uses: We do not use data obtained from any platform for purposes other than the primary intended functionality of our Service.

3A. In-Product Privacy Notifications

Privacy Transparency in Our Service:

When you use Volto, we display clear privacy notices and disclosures in the product interface:

  • During account setup, we clearly disclose what data we access and how we use it
  • When requesting OAuth permissions, we explain why we need access to each service
  • In the settings section, users can review and manage their data sharing preferences
  • We provide easy access to this Privacy Policy from within the app
  • Users can view what data we have access to and request deletion at any time

3B. Data Sharing and Disclosure

We do not sell your personal data. However, we share data in the following circumstances:

  • Service Providers: We share data with third parties that help us operate our Service (hosting providers, payment processors, analytics services)
  • Channel Integrations: Data is shared with Google, Microsoft, and Meta as necessary to provide communication features
  • Legal Requirements: We may disclose data when required by law or to protect our rights and the safety of our users
  • Business Transfers: In case of merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

4. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us. We may retain certain information for legal compliance, fraud prevention, and legitimate business purposes.

6. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: You can request access to the personal data we hold about you
  • Correction: You can request correction of inaccurate or incomplete data
  • Deletion: You can request deletion of your data (right to be forgotten)
  • Restriction: You can request restriction of processing of your data
  • Portability: You can request a copy of your data in a portable format
  • Withdraw Consent: You can withdraw your consent to data processing at any time

To exercise any of these rights, please contact us at privacy@volto.dev.

7. GDPR Compliance

If you are a resident of the European Union, United Kingdom, or other jurisdiction with similar data protection laws, we ensure compliance with the General Data Protection Regulation (GDPR) and similar laws. We process your data based on one of the following lawful bases:

  • Your explicit consent
  • Contract performance (providing the Service)
  • Legal obligations
  • Protection of vital interests
  • Legitimate business interests
  • Public task performance

For EU residents, you have the right to lodge a complaint with your local data protection authority.

8. CCPA Compliance

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). You can:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information (with limited exceptions)
  • Opt-out of the sale or sharing of personal information
  • Not be discriminated against for exercising your rights

To submit a CCPA request, contact us at privacy@volto.dev.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. You can control cookies through your browser settings. Disabling cookies may affect some functionality of our Service.

10. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it immediately.

11. International Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country. By using our Service, you consent to such transfers.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@volto.dev

Mail:
Volto
Cardenal Fasolino 120
S3000FEQ
Santa Fe, Argentina

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. Your continued use of our Service after such modifications constitutes your acceptance of the updated Privacy Policy.