Skip to main content
Skip to main content

Security at Votion

Last updated: June 5, 2026

Votion holds the documents your business runs on — capability statements, past performance, certifications, and contracts. Protecting them is the foundation of the product. This page describes the measures we have in place today and what we are building toward. For how we handle personal information, see our Privacy Policy.

You own your data, and we don't train AI on it

Your documents and AI conversations are not used to train AI models. This is our contractual commitment, and it is reinforced by our AI providers' API data policies: Anthropic does not train on API inputs or outputs, and content sent through the OpenAI API is excluded from training by default. We do not sell your data, and we do not use it for cross-context behavioral advertising.

Encryption

Data is encrypted in transit using TLS 1.2 or higher. Customer data is encrypted at rest with AES-256: our database (MongoDB Atlas) uses provider-native AES-256, and file uploads are stored in AWS S3 with server-side encryption.

US data residency

The Services are offered to United States users only. Your data is processed and stored in the United States, and our sub-processors process it in the US.

Access controls

Access to customer data is restricted to authorized personnel who need it to operate and support the Services. Workspaces use role-based access controls set by your administrators. Seat access uses email and password on the Starter and Pro tiers; SAML/OIDC single sign-on with SCIM provisioning (via WorkOS) is available on the Enterprise tier.

Sub-processors

We use a defined set of sub-processors to operate the Services, and we require them to protect data under terms no less protective than our own in material respects. A current list of sub-processors and a Data Processing Agreement are available on request.

Your privacy rights

We support data subject rights under the Colorado Privacy Act and CCPA, including access, correction, deletion, and portability. You can export or delete your data through in-product workflows or by request to security@votionplatform.com.

Incident response

If we become aware of a security incident affecting your data, we will notify you without undue delay and as required by law. You can report a security concern to security@votionplatform.com.

Roadmap
What we are building toward

We are building toward SOC 2. Our infrastructure is designed with SOC 2 controls in mind, and a formal audit is planned. We will update this page as that work progresses.

No system is completely secure. For more on how we handle personal information, see our Privacy Policy; a Data Processing Agreement is available on request at security@votionplatform.com.