VOÏA Privacy Notice

Effective date: 1st February 2026

Last updated: 1st February 2026

This notice explains how Rivvalue Inc. handles personal information in connection with the VOÏA platform(voia.rivvalue.com). It complements our main Privacy Policy, which covers rivvalue.com and our consulting services.

Questions? Contact our Privacy Officer at privacy@rivvalue.com.

1. About VOÏA

VOÏA is a B2B SaaS platform that helps companies understand their clients through three instruments:

  • FullRead Survey — quantitative feedback (CSAT, CES, NPS, and other indicators)

  • Conversational Campaign — AI-powered conversations with a client's participants about product experience

  • QBR Transcript Intelligence — automated analysis of Quarterly Business Review transcripts

VOÏA is licensed to business customers. If you are a participant in a campaign (for example, a client or employee of a company using VOÏA), please read Section 3 carefully — it explains your rights and how to exercise them.

2. Our role: controller or processor

Our responsibilities depend on how you interact with VOÏA.

  • When we act as a controller

For admin users — people who log in to VOÏA on behalf of a Rivvalue business customer — we act as the controller of account data: your name, work email, role, authentication credentials, and platform activity logs. This notice governs that processing.

  • When we act as a processor

For participant data — information collected through campaigns, surveys, or QBR analysis — our business customer is the controller. They decide what data to collect, from whom, and for what purpose. We process that data on their behalf, under a Data Processing Agreement (DPA) that commits us to confidentiality, security, and Loi 25 / GDPR compliance.

This distinction matters for your rights (see Section 10).

3. Personal information we process

  • Admin users (we are the controller)

    Name, work email, job title, employer

    Authentication credentials (passwords are stored hashed)

    Platform activity logs, feature usage, IP address

    Support and communication history

  • Participants (we are the processor)

When our customer runs a campaign, we process the data they provide or that you provide by participating:

  • Identifiers — name, email, role profile (end user, manager, executive), language preference

  • Survey responses — ratings, scores, and free-text comments you submit in a FullRead Survey

  • Conversational content — messages exchanged with the AI agent in a Campagne Conversationnelle

  • QBR content — statements, opinions, and identifying details contained in transcripts uploaded by our customer

  • AI-generated analysis — themes, sentiment indicators, and insights derived from the above

  • Technical telemetry — session and log data tied to your participation

We process participant data only to deliver the VOÏA service to our customer.

We do not use it for our own marketing, research, or other purposes.

4. How we use personal information

  • For admin users:

    • Provide, secure, and maintain the platform

    • Support, billing, and account administration

    • Product improvement (in aggregated or anonymized form)

    • Legal and compliance obligations

  • For participant data (on behalf of our customer):

    • Run the campaign instruments the customer has configured

    • Generate AI-based insights and reports for the customer

    • Platform security, abuse prevention, and troubleshooting

We do not sell personal information.

We do not use participant data to train AI models (see Section 6).

5. Sub-processors

We rely on a small number of carefully selected sub-processors to operate VOÏA. Each is contractually bound to standards equivalent to those in our DPA, including confidentiality, security, and restrictions on use of data.

A current sub-processor list is available on request at privacy@rivvalue.com and is included as an annex to our DPA. We notify business customers of material changes to this list before they take effect.

We may also disclose personal information when required by law, court order, or to protect our legal rights or the safety of others.

We do not sell personal information to anyone.

6. AI processing

VOÏA uses large language models provided by various frontier LLM providers to:

  • Generate AI agent responses during a conversational campaign

  • Analyze QBR transcripts and produce structured insights

  • Summarize and categorize free-text feedback

  • Personal information submitted to VOÏA may be transmitted to LLM frontier’s API for processing.

  • Under our agreement with the providers, they do not use your data to train their models.

  • Data is processed only to return a response to our request.

  • These providers act as our sub-processor and are bound by equivalent confidentiality and security obligations.

  • No automated decisions with legal effect. 

  • VOÏA generates insights and summaries for our customers to read and act on. It does not make decisions about individuals — such as employment, credit, or service eligibility — based solely on automated processing.

7. How long we keep data

  • Admin user data: for the duration of your account, plus a limited period after deactivation for security, audit, and legal purposes.

  • Participant data: for the duration of the customer's subscription, and for up to [30/60/90] days after the subscription ends, at which point the data is deleted or anonymized — unless the customer requests earlier deletion or a longer period is required by law. Customers can also request export of their data at any time during the subscription.

8. Security

We apply technical and organizational measures proportionate to the sensitivity of the data we handle, including:

  • Encryption in transit (TLS 1.2+)

  • Encryption at rest for stored data across our cloud infrastructure

  • Role-based access controls and least-privilege principles

  • Authentication and session management

  • Logging, monitoring, and incident response procedures

  • Regular review of sub-processors and their security posture

  • No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify affected customers and, where required, regulators and individuals, in accordance with applicable law.

9. Your rights

  • If you are an admin user

You can exercise the rights described in our main Privacy Policy directly with us at privacy@rivvalue.com: access, correction, deletion, portability, withdrawal of consent, and the right to lodge a complaint with your data protection authority.

  • If you are a participant

Because our customer is the controller of your data, your rights requests should generally be directed to that customer first. They decide what data to collect and how long to retain it.If the customer is unresponsive or if you are unsure who to contact, write to us at privacy@rivvalue.com. We will help route your request and will support our customer in responding, consistent with our DPA obligations. You also have the right to lodge a complaint with:

  • Quebec: Commission d'accès à l'information du Québec

  • Europe/UK: your national supervisory authority

  • Other jurisdictions: your applicable data protection regulator

10. Children

VOÏA is a B2B platform and is not directed to individuals under 18. We do not knowingly collect their information. If you believe a minor's data has been submitted to VOÏA, contact privacy@rivvalue.com and we will work with our customer to address it.

11. Changes to this notice

We may update this notice as VOÏA evolves. The "Last updated" date above will always reflect the current version. For material changes — including changes to sub-processors or data residency — we will notify business customers in advance through the platform or by email. A changelog is maintained at the bottom of this page.

12. Contact

Privacy Officer Rivvalue Inc. privacy@rivvalue.com

For a copy of our Data Processing Agreement or current sub-processor list, write to the same address.

13. Changelog

1st february 2026 — Initial version.