Legal

Privacy Policy

Last updated: 29 May 2026 · Version 1.0 · Owner: privacy@theorahq.com

This Privacy Policy explains how Theora ("Theora", "we", "us") collects, uses, and protects information when you use our website and platform (the "Service"). We are committed to handling personal data lawfully, transparently, and securely.

1. Information we collect

2. How we use information

3. Legal bases

Where applicable law (such as the GDPR) requires it, we process personal data on the bases of contract performance, our legitimate interests in operating a secure service, your consent, and compliance with legal obligations.

4. Data retention

We retain personal data only as long as necessary for the purposes described here or as required by law. Customer query data is subject to defined retention windows and is automatically deleted when those windows lapse.

5. Sub-processors

We rely on a small set of vetted infrastructure providers (for cloud hosting, authentication, and storage) to deliver the Service. Each is bound by contractual data-protection obligations. A current list is available on request to privacy@theorahq.com.

6. Security

We encrypt data in transit and at rest, enforce least-privilege access, and require multi-factor authentication for administrative access. See our Security page for details.

7. Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. To exercise these rights, contact privacy@theorahq.com.

8. International transfers

Where data is transferred across borders, we use appropriate safeguards such as standard contractual clauses.

9. Changes to this policy

We will update this policy as our practices evolve and will revise the "last updated" date above. Material changes will be communicated through the Service.

10. Contact

Questions about this policy or your data? Email privacy@theorahq.com.