Privacy Policy

Last updated: March 5, 2026

Vol4 ("we", "us", "our") operates the vol4.ai platform. This policy explains how we collect, use, and protect your information.

1. Information We Collect

We collect the following data when you use Vol4:

• Account information: email address, agency name, and hashed password
• Usage metrics: AI request logs including provider, model, token counts, costs, latency, and status codes
• Client data: client names, contact emails, and billing information you enter
• Payment data: processed securely by Stripe; we never store your full card number
• Technical data: IP address, browser type, and access timestamps for security purposes

2. How We Use Your Data

• Provide and improve the Vol4 platform
• Generate cost analytics, dashboards, and invoices
• Send transactional emails (password resets, alerts, invoices)
• Process payments and manage subscriptions
• Detect and prevent fraud or abuse

3. Data Storage

Your data is stored on Railway infrastructure in the EU. Database backups are encrypted at rest. We retain your data for the duration specified by your plan's data retention period (30-365 days for request logs, indefinitely for account data).

4. Data Sharing

We do not sell your data. We share data only with:

• Stripe: for payment processing
• Brevo: for transactional email delivery
• Railway: for infrastructure hosting

We may disclose data if required by law or to protect our legal rights.

5. Cookies

We use session cookies only for authentication. We do not use third-party tracking cookies or advertising pixels.

6. GDPR Compliance

If you are in the EU/EEA, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a machine-readable format
• Object to processing of your data

To exercise any of these rights, email support@vol4.ai. We will respond within 30 days.

7. Data Security

We protect your data with:

• TLS encryption for all data in transit
• Bcrypt hashing for passwords
• SHA-256 hashing for API keys
• JWT tokens with expiration for authentication
• Rate limiting and account lockout for brute-force protection

8. Data Retention

Request logs are retained according to your plan's retention period. Account data is retained until you delete your account. You can request full account deletion by emailing support@vol4.ai.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email. Continued use of Vol4 after changes constitutes acceptance.

10. Contact

Vol4 / vol4.ai
Madrid, Spain
support@vol4.ai