Privacy Policy
Effective date: May 26, 2026 · Virobit LLC · Dallas, TX
Information We Collect
Account Information
When you create a Virobit account, we collect your name, email address, company name, phone number, and billing address. This is used to create and manage your account, communicate with you, and process payments.
Business Operational Data
Virobit is a business operations platform. To provide the service, we store the data you input — customer records, billing data, service orders, inventory, claims, subscriber records, and similar operational information depending on which Virobit product you use. This is your data. You own it. We process it only to deliver the service you've subscribed to.
Payment Information
Payments are processed by Stripe, Inc. We do not store your full credit card number, CVV, or banking credentials on our servers. We receive and store a payment token and the last four digits of your payment method for billing reference.
Usage Data
We collect information about how you interact with the Virobit platform: features accessed, pages visited, session duration, error events, and device/browser information. This helps us improve the product and diagnose issues.
Communications
If you contact our support team, we store the content of those communications to help resolve your issue and improve our service.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Virobit platform
- Process billing and send invoices and receipts
- Respond to support requests and communicate with you about your account
- Send product updates, security notices, and policy changes (these cannot be opted out of while you are a customer)
- Diagnose technical issues and monitor platform health
- Comply with legal obligations
We do not use your data for advertising, and we do not build advertising profiles from your usage.
Self-Hosted Deployments
If you are on an on-site self-hosted plan, Virobit software runs entirely on your own hardware or private cloud. In this configuration:
- Virobit does not receive, transmit, or process your operational business data
- Usage telemetry is opt-in only — by default, nothing is sent to Virobit servers
- Support access requires explicit, client-initiated session sharing (we cannot access your system without your action)
- Virobit only retains account-level data (license key, billing contact, subscription status) regardless of deployment mode
Information We Share
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
Service Providers
We use third-party vendors to operate the platform. These vendors process data on our behalf and are contractually bound to protect it:
- Amazon Web Services (AWS) — cloud infrastructure and data storage
- Stripe — payment processing
- Postmark — transactional email delivery
- Datadog — infrastructure monitoring and error logging
Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request — for example, a valid court order or subpoena. Where legally permitted, we will notify you of such requests.
Business Transfers
If Virobit is acquired, merges with another company, or undergoes a similar business transfer, your information may be transferred as part of that transaction. We will notify you via email and/or a notice on our website before your information becomes subject to a different privacy policy.
Data Retention
We retain your account information for the duration of your subscription. After cancellation, we retain your account data for 90 days to allow for reactivation or data export. After 90 days, personal account data is deleted from our systems.
Your business operational data (customer records, billing history, etc.) is retained for the same period. Upon request at or before cancellation, we can export all of your data in standard formats (CSV, JSON) before deletion.
Anonymized, aggregated usage statistics may be retained indefinitely as they cannot be linked to any individual.
Self-Hosted Deployments — Data Retention
For customers on an on-site self-hosted plan, all business operational data resides exclusively on your own hardware:
- Virobit retains no copies of your business data — customer records, billing history, claims, subscriber data, or any other operational content
- Your retention policy is entirely at your discretion and governed by your own IT and compliance requirements
- You are responsible for backup, archival, and deletion of data stored on your infrastructure
- Account-level data (license key, billing contact, subscription status) still follows the standard 90-day post-cancellation retention window
- Upon cancellation, your license key is deactivated and Virobit software can no longer authenticate — your data remains on your hardware and is never deleted by Virobit
Cookies and Tracking
We use cookies and similar technologies to operate the platform. We do not use advertising or tracking cookies.
- Session cookies — required to keep you logged in. These expire when your browser session ends.
- Authentication tokens — stored in browser local storage to maintain your session across visits. Cleared on logout.
- Analytics — we use first-party analytics to understand product usage. No third-party analytics networks (Google Analytics, Meta Pixel, etc.) are loaded on the platform.
Our marketing website (virobit.com) may use minimal analytics to understand traffic sources. These do not follow you across other websites.
Security
We take security seriously. Our platform uses:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls — your team members only see what their role permits
- Two-factor authentication available on all accounts
- Regular third-party security assessments
- SOC 2 Type II compliant data centers (AWS us-east-1)
In the event of a security incident affecting your data, we will notify affected customers within 72 hours of discovery as required by applicable law. Full details on our security practices are at virobit.com/security.
Your Rights
Depending on where you are located, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — request that we delete your personal data, subject to our legal retention obligations
- Export — receive your data in a portable, machine-readable format (CSV or JSON)
- Opt-out of sale — we do not sell personal data, so this right is automatically satisfied
California residents (CCPA): You have the right to know what personal information we collect and how it is used, to delete your personal information, and to opt out of the sale of personal information (we do not sell personal information). To exercise these rights, contact us at hello@virobit.com.
EEA/UK residents (GDPR): Our legal basis for processing your data is the performance of a contract (your subscription) and our legitimate interest in operating a secure, functional service. You have the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, email hello@virobit.com with the subject line "Privacy Request." We will respond within 30 days.
Children's Privacy
Virobit is a B2B platform intended for use by businesses and professionals. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.
Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will notify you by email and post the updated policy on this page with a new effective date. Continued use of Virobit after the effective date constitutes acceptance of the revised policy.
Contact Us
For privacy questions, requests, or concerns, contact us at: