Legal
Privacy Policy
Last updated: 29 May 2026 · Version 1.0 · Owner: privacy@theorahq.com
This Privacy Policy explains how Theora ("Theora", "we", "us") collects, uses, and protects information when you use our website and platform (the "Service"). We are committed to handling personal data lawfully, transparently, and securely.
1. Information we collect
- Account information — name, work email, and organisation, provided when an account is created.
- Usage data — log data such as IP address, browser type, pages viewed, and timestamps, collected automatically to operate and secure the Service.
- Content you submit — queries, prompts, and files you upload to run analyses.
2. How we use information
- To provide, maintain, and improve the Service.
- To authenticate users and secure accounts.
- To respond to support requests and communicate service updates.
- To meet legal, regulatory, and audit obligations.
3. Legal bases
Where applicable law (such as the GDPR) requires it, we process personal data on the bases of contract performance, our legitimate interests in operating a secure service, your consent, and compliance with legal obligations.
4. Data retention
We retain personal data only as long as necessary for the purposes described here or as required by law. Customer query data is subject to defined retention windows and is automatically deleted when those windows lapse.
5. Sub-processors
We rely on a small set of vetted infrastructure providers (for cloud hosting, authentication, and storage) to deliver the Service. Each is bound by contractual data-protection obligations. A current list is available on request to privacy@theorahq.com.
6. Security
We encrypt data in transit and at rest, enforce least-privilege access, and require multi-factor authentication for administrative access. See our Security page for details.
7. Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. To exercise these rights, contact privacy@theorahq.com.
8. International transfers
Where data is transferred across borders, we use appropriate safeguards such as standard contractual clauses.
9. Changes to this policy
We will update this policy as our practices evolve and will revise the "last updated" date above. Material changes will be communicated through the Service.
10. Contact
Questions about this policy or your data? Email privacy@theorahq.com.