Back to Homepage

Privacy Notice

Effective Date: July 6, 2026

This Privacy Notice describes how VioraBridge (“we”, “us”, or “our”) processes personal data. VioraBridge provides an enterprise-grade survey operations middleware and redirect router that connects survey panel respondents to client-hosted survey campaigns (e.g., Decipher, Qualtrics).

1. Scope & Relationship (Data Processor vs. Data Controller)

To understand your privacy rights, it is critical to identify our legal role under global data protection laws (such as GDPR, UK GDPR, and CCPA):

  • Data Processor: VioraBridge acts primarily as a Data Processor on behalf of our corporate tenants (Data Controllers), who license our middleware to route, match, and distribute survey projects. We process respondent metadata solely in accordance with our tenants' instructions. Our tenants determine the legal basis, survey contents, and duration of processing.
  • Data Controller: We act as a Data Controller only for the account and telemetry data of our corporate tenants (e.g., administrator emails, API keys, organization settings, and payment details).

2. Data Processed through the Routing Middleware

When a respondent clicks a VioraBridge redirection link, our edge servers process temporary technical information to ensure campaign matching, IP verification, and quality enforcement:

  • Technical Telemetry: IP address, country code, browser User-Agent details, operating system, and ISP flags (to detect cellular routing or active VPN/proxy servers).
  • Tracking Parameters: System-generated session hashes and non-identifiable tracking keys (such as `rid`, `subid`, or `uid`) provided by upstream vendors (Cint, Lucid).

PII Protection & Scrubbing: VioraBridge contains active scrubbing filters. If an upstream vendor or client survey attempts to pass plain-text Personally Identifiable Information (such as email addresses, phone numbers, or physical names) through URL parameters, the middleware intercepts the traffic and redacts the value to protect participant privacy.

3. Tenant Administrator Information Collected

For registered corporate tenants, we collect and store:

  • Account credentials (names, email addresses, hashed passwords).
  • Custom domain setup specifications and CNAME configurations.
  • SMTP mailer configurations (host, port, credentials). **All custom SMTP passwords are encrypted symmetrically using AES-256-GCM** in our database to ensure credentials can never be leaked.
  • Billing profiles, complete-count tallies, and catalog invoice summaries.

4. Data Security & Storage Boundaries

We implement stringent technical and organizational measures to safeguard data:

  • Isolation: Each tenant is sandboxed using multi-tenant Row Level Security (RLS) and transaction wrappers to prevent cross-organization data leakage.
  • Hosting: Databases are hosted in secure serverless PostgreSQL structures (Neon) with active encryption at rest and in transit (SSL/TLS).
  • Sub-processors: We use Vercel (edge routing infrastructure) and Neon (database storage) to host the middleware. No data is shared with marketing brokers or ad networks.

5. Data Retention & Pruning

Respondent logs (IP addresses and browser parameters) are retained only as long as necessary to complete client projects, compile project statistics, and protect against routing fraud. Tenants can configure automated log pruning policies to permanently erase historical transaction tables on their dashboards.

6. Rights Under GDPR and CCPA

If you are a participant whose metadata was processed through a VioraBridge link, you have the right to request access, rectification, or deletion of your logs. Because VioraBridge operates as a Data Processor, you must submit your request to the respective research organization (the Data Controller) that distributed the link. Tenants can execute compliant anonymization procedures directly through the VioraBridge console.

For any inquiries regarding our data handling practices, please contact us at: privacy@viorabridge.com.