Last updated: June 24, 2026

Last updated: June 24, 2026

Privacy and Data Protection Policy

At VOTR, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services.

At VOTR, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services.

1. Introduction and Purpose

Votr Inc. (“VOTR,” “we,” “us,” or “our”) builds infrastructure that connects broker-dealers, transfer agents, public companies, and shareholders.

We respect the privacy of every individual and are committed to protecting personal data in accordance with applicable privacy, data protection, and financial regulations — including the General Data Protection Regulation (GDPR) and SEC/FINRA requirements governing communications and record retention.

This Privacy Policy explains how we collect, use, disclose, and protect information through our products, websites, and services.

Votr Inc. (“VOTR,” “we,” “us,” or “our”) builds infrastructure that connects broker-dealers, transfer agents, public companies, and shareholders.

We respect the privacy of every individual and are committed to protecting personal data in accordance with applicable privacy, data protection, and financial regulations — including the General Data Protection Regulation (GDPR) and SEC/FINRA requirements governing communications and record retention.

This Privacy Policy explains how we collect, use, disclose, and protect information through our products, websites, and services.

2. Scope and Roles

This policy applies to all users of VOTR’s products and services, including customers, partners, and authorized end users whose information is processed to enable shareholder communications, proxy events, and related regulatory services.

Depending on the integration:

  • VOTR acts as a Data Processor when handling information on behalf of a regulated entity such as a broker-dealer, transfer agent, or issuer.

  • VOTR acts as a Data Controller when collecting information directly from its own customers, website visitors, or business partners.

VOTR’s services are intended for regulated financial institutions and corporate issuers. They are not directed to individuals under 18 years of age, and we do not knowingly collect personal data from minors.

This policy applies to all users of VOTR’s products and services, including customers, partners, and authorized end users whose information is processed to enable shareholder communications, proxy events, and related regulatory services.

Depending on the integration:

  • VOTR acts as a Data Processor when handling information on behalf of a regulated entity such as a broker-dealer, transfer agent, or issuer.

  • VOTR acts as a Data Controller when collecting information directly from its own customers, website visitors, or business partners.

VOTR’s services are intended for regulated financial institutions and corporate issuers. They are not directed to individuals under 18 years of age, and we do not knowingly collect personal data from minors.

3. Information We Collect

VOTR processes only the data necessary to deliver our services and meet contractual, legal, and regulatory obligations.

This may include basic contact details, shareholder or account identifiers, and limited technical information related to platform security.

We do not sell, rent, or trade personal data to third parties.

VOTR processes only the data necessary to deliver our services and meet contractual, legal, and regulatory obligations.

This may include basic contact details, shareholder or account identifiers, and limited technical information related to platform security.

We do not sell, rent, or trade personal data to third parties.

4. Lawful Basis for Processing

VOTR processes personal data under one or more of the following legal bases:

  • Performance of a Contract – To deliver proxy and shareholder communication services.

  • Legitimate Interests – To ensure secure, efficient communications and analytics for regulated entities.

  • Legal Obligations – To comply with securities and privacy regulations.

  • Consent – When required for optional communications or data uses.

VOTR processes personal data under one or more of the following legal bases:

  • Performance of a Contract – To deliver proxy and shareholder communication services.

  • Legitimate Interests – To ensure secure, efficient communications and analytics for regulated entities.

  • Legal Obligations – To comply with securities and privacy regulations.

  • Consent – When required for optional communications or data uses.

5. Principles of Data Protection

All personal data processed by VOTR adheres to the following principles:
  • Lawfulness, Fairness, and Transparency – Data is processed lawfully and communicated clearly.

  • Purpose Limitation – Data is collected for explicit, legitimate purposes.

  • Data Minimization – Only data strictly necessary for the intended purpose is processed.

  • Accuracy – Data is kept accurate and up to date.

  • Storage Limitation – Data is retained only as long as needed for business or legal reasons.

  • Integrity and Confidentiality – Data is protected through encryption, access control, and monitoring.

  • Accountability – VOTR can demonstrate compliance through documented policies and audits.

All personal data processed by VOTR adheres to the following principles:
  • Lawfulness, Fairness, and Transparency – Data is processed lawfully and communicated clearly.

  • Purpose Limitation – Data is collected for explicit, legitimate purposes.

  • Data Minimization – Only data strictly necessary for the intended purpose is processed.

  • Accuracy – Data is kept accurate and up to date.

  • Storage Limitation – Data is retained only as long as needed for business or legal reasons.

  • Integrity and Confidentiality – Data is protected through encryption, access control, and monitoring.

  • Accountability – VOTR can demonstrate compliance through documented policies and audits.

6. Privacy by Design

VOTR incorporates Privacy by Design into all products and systems:

  • All new features and integrations undergo a Data Protection Impact Assessment (DPIA).

  • Personal data is hashed, pseudonymized, or anonymized wherever possible.

  • Access to production data is restricted and monitored.

  • All communications are encrypted in transit (TLS 1.2+) and at rest (AES-256).

VOTR incorporates Privacy by Design into all products and systems:

  • All new features and integrations undergo a Data Protection Impact Assessment (DPIA).

  • Personal data is hashed, pseudonymized, or anonymized wherever possible.

  • Access to production data is restricted and monitored.

  • All communications are encrypted in transit (TLS 1.2+) and at rest (AES-256).

7. Data Subject Rights

Individuals whose personal data we process have the following rights (subject to applicable law):

  • Access – Request a copy of your personal data held by VOTR.

  • Correction – Request correction of inaccurate or incomplete data.

  • Deletion – Request deletion when data is no longer needed.

  • Restriction – Limit how your data is processed in certain cases.

  • Portability – Request transfer of your data to another controller.

  • Objection / Withdrawal of Consent – Object to processing or withdraw consent where applicable.

To exercise these rights, please contact privacy@govotr.com, or contact your broker or issuer if VOTR processes your data on their behalf.

Individuals whose personal data we process have the following rights (subject to applicable law):

  • Access – Request a copy of your personal data held by VOTR.

  • Correction – Request correction of inaccurate or incomplete data.

  • Deletion – Request deletion when data is no longer needed.

  • Restriction – Limit how your data is processed in certain cases.

  • Portability – Request transfer of your data to another controller.

  • Objection / Withdrawal of Consent – Object to processing or withdraw consent where applicable.

To exercise these rights, please contact privacy@govotr.com, or contact your broker or issuer if VOTR processes your data on their behalf.

8. Data Retention

VOTR retains personal data only for as long as necessary to:

  • Deliver contracted services and meet recordkeeping obligations.

  • Comply with applicable regulations (e.g., SEC Rule 17a-4, FINRA Rule 4511).

  • Resolve disputes and enforce agreements.

Once retention periods expire, data is securely deleted or anonymized.

VOTR retains personal data only for as long as necessary to:

  • Deliver contracted services and meet recordkeeping obligations.

  • Comply with applicable regulations (e.g., SEC Rule 17a-4, FINRA Rule 4511).

  • Resolve disputes and enforce agreements.

Once retention periods expire, data is securely deleted or anonymized.

9. Subprocessors and Data Transfers

VOTR uses secure, industry-leading cloud providers and service vendors to support its infrastructure. All vendors are bound by confidentiality and data protection obligations consistent with this policy.

Data may be stored or processed in secure data centers within jurisdictions that maintain strong privacy and security standards. Where data is processed or accessed outside a user’s home jurisdiction, VOTR ensures appropriate safeguards are in place in accordance with applicable data protection laws.

For personal data transferred from the EU, UK, and Switzerland, VOTR relies on the EU-U.S. Data Privacy Framework and the UK Extension (see Section 10) and/or Standard Contractual Clauses as appropriate.

VOTR uses secure, industry-leading cloud providers and service vendors to support its infrastructure. All vendors are bound by confidentiality and data protection obligations consistent with this policy.

Data may be stored or processed in secure data centers within jurisdictions that maintain strong privacy and security standards. Where data is processed or accessed outside a user’s home jurisdiction, VOTR ensures appropriate safeguards are in place in accordance with applicable data protection laws.

For personal data transferred from the EU, UK, and Switzerland, VOTR relies on the EU-U.S. Data Privacy Framework and the UK Extension (see Section 10) and/or Standard Contractual Clauses as appropriate.

10. EU-U.S. Data Privacy Framework and UK Extension

Votr Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Votr Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the UK Extension to the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  • Scope – This section applies to personal data Votr receives in the United States from the European Union and the United Kingdom (and Gibraltar) in reliance on the EU-U.S. DPF and the UK Extension. The categories of personal data we process, and the purposes for which we use it, are described in Sections 3 and 4 above.

  • Onward transfers – Votr may transfer this personal data to third parties acting as agents on our behalf, as described in Section 9. Votr remains responsible and liable under the EU-U.S. DPF Principles if such agents process personal data in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.

  • Choice – Where we would use or disclose this personal data for a purpose materially different from the one for which it was collected or authorized, or disclose it to a third party other than our agents, we offer affected individuals the opportunity to opt out. For sensitive data, we obtain affirmative express consent (opt in) where required.

  • Your rights of access – Individuals in the EU and UK may access, correct, amend, or delete their personal data as described in Section 7. To exercise these rights, contact privacy@govotr.com, or contact your broker or issuer if Votr processes your data on their behalf.

  • Disclosure to public authorities – Votr may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

  • Independent recourse – In compliance with the EU-U.S. DPF and the UK Extension, Votr commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) regarding unresolved complaints about our handling of personal data received under the EU-U.S. DPF and the UK Extension. EU and UK individuals with inquiries or complaints should first contact Votr at privacy@govotr.com; if your complaint is not resolved, you may contact your local EU data protection authority or the UK ICO. Under certain conditions, you may also invoke binding arbitration under Annex I of the EU-U.S. DPF Principles.

  • Regulatory oversight – Votr is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Votr Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Votr Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the UK Extension to the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  • Scope – This section applies to personal data Votr receives in the United States from the European Union and the United Kingdom (and Gibraltar) in reliance on the EU-U.S. DPF and the UK Extension. The categories of personal data we process, and the purposes for which we use it, are described in Sections 3 and 4 above.

  • Onward transfers – Votr may transfer this personal data to third parties acting as agents on our behalf, as described in Section 9. Votr remains responsible and liable under the EU-U.S. DPF Principles if such agents process personal data in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.

  • Choice – Where we would use or disclose this personal data for a purpose materially different from the one for which it was collected or authorized, or disclose it to a third party other than our agents, we offer affected individuals the opportunity to opt out. For sensitive data, we obtain affirmative express consent (opt in) where required.

  • Your rights of access – Individuals in the EU and UK may access, correct, amend, or delete their personal data as described in Section 7. To exercise these rights, contact privacy@govotr.com, or contact your broker or issuer if Votr processes your data on their behalf.

  • Disclosure to public authorities – Votr may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

  • Independent recourse – In compliance with the EU-U.S. DPF and the UK Extension, Votr commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) regarding unresolved complaints about our handling of personal data received under the EU-U.S. DPF and the UK Extension. EU and UK individuals with inquiries or complaints should first contact Votr at privacy@govotr.com; if your complaint is not resolved, you may contact your local EU data protection authority or the UK ICO. Under certain conditions, you may also invoke binding arbitration under Annex I of the EU-U.S. DPF Principles.

  • Regulatory oversight – Votr is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

11. Security and Access Controls

We maintain administrative, technical, and organizational measures to protect personal data, including:

  • End-to-end encryption of data in transit and at rest.

  • Role-based access control and multi-factor authentication for internal systems.

  • Continuous monitoring, vulnerability testing, and logging.

  • Vendor risk management and annual security reviews.

We maintain administrative, technical, and organizational measures to protect personal data, including:

  • End-to-end encryption of data in transit and at rest.

  • Role-based access control and multi-factor authentication for internal systems.

  • Continuous monitoring, vulnerability testing, and logging.

  • Vendor risk management and annual security reviews.

12. Breach Notification

If a personal data breach occurs:

  • VOTR will notify affected customers and relevant authorities within 72 hours, as required by law.

  • We will cooperate with customers to fulfill their own notification obligations.

  • Affected individuals will be notified promptly when legally required.

If a personal data breach occurs:

  • VOTR will notify affected customers and relevant authorities within 72 hours, as required by law.

  • We will cooperate with customers to fulfill their own notification obligations.

  • Affected individuals will be notified promptly when legally required.

13. Updates to This Policy

We may update this policy periodically to reflect product enhancements, legal updates, or new regulatory guidance.

The “Last Updated” date at the top of this page indicates the most recent revision.

Material updates will be communicated through our website or customer channels.

We may update this policy periodically to reflect product enhancements, legal updates, or new regulatory guidance.

The “Last Updated” date at the top of this page indicates the most recent revision.

Material updates will be communicated through our website or customer channels.

Contact us

If you have questions or concerns, please email us at privacy@govotr.com

If you have questions or concerns, please email us at privacy@govotr.com

Unlock your Public Market
Potential with VOTR

Unlock your Public Market
Potential with VOTR

Unlock your Public Market
Potential with VOTR