Vokrae collects zero personal data from reporters by design. This isn't a legal promise — it's a technical constraint. Here's exactly how it works.
Contents
Vokrae is designed so we cannot identify reporters even if we wanted to. No database column for personal data exists. No IP logs are stored. This is structural, not just policy.
Vokrae does not collect any personal data from people who send messages. This is not a privacy policy — it's a technical impossibility. The platform is architecturally incapable of storing:
Why this matters
When someone reports harassment or misconduct, their safety depends on there being nothing to trace. Vokrae's database has no column for "reporter email" or "reporter IP." Even if compelled by law, we cannot produce what we never stored.
When someone starts a chat, they receive a human-readable ID like HOPE-2847-STAR. This ID is:
The anonymous ID is the only credential a reporter has. There is no password, no email reset, no account recovery. If they lose it, the conversation cannot be retrieved — by anyone.
Vokrae has no message deletion functionality. This is a deliberate architectural choice, not a missing feature.
No deletion API
Once sent, a message exists permanently. Not even Vokrae engineers can delete it.
No editing
Messages cannot be edited after sending. The record is protected from tampering — what was reported is exactly what the record shows.
This protects both parties. A reporter has proof their message was sent. An organization has a permanent record of every report and response. In legal, HR, or compliance contexts, this matters enormously.
For organization staff who log in to the admin portal, we collect:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Login, notifications, verification | Until account deletion |
| Password hash | Authentication | Until account deletion |
| Name (optional) | Display in admin portal | Until account deletion |
| Admin activity log | Audit trail | Permanent |
We never sell admin data. We never use it for marketing. It exists solely to operate the platform.
Reporter messages are protected from tampering by design. They cannot be altered, quietly deleted, or buried — by any admin, management, or us. This is not a limitation. It is the feature that makes Vokrae trustworthy: what you submitted is on record exactly as you sent it.
Organizations may request account deletion by contacting support@vokrae.com. The process:
Note: There is no self-service account deletion button. This is intentional — it prevents accidental deletion and ensures the request is verified by the organization owner.
Because Vokrae stores no personal data about reporters, there is no data to access, correct, or delete. You are anonymous by architecture. The only credential is your anonymous ID — if lost, the conversation cannot be recovered.
You may:
For GDPR, NDPR, or other data protection requests, contact legal@vokrae.com.
NDPR Alignment (Nigeria)
Vokrae is designed around Nigeria Data Protection Regulation (NDPR) principles. The core requirement — collect only what you need, for a specific purpose — is built into the architecture. Reporters provide zero personal data. There is nothing to misuse, leak, or over-retain. NDPR compliance for reporters is structural, not policy-dependent.
| Measure | Implementation |
|---|---|
| Password hashing | bcrypt with 12 rounds |
| Authentication | JWT tokens with 7-day expiry |
| Data isolation | Multi-tenant with organization_id on every query |
| Transport | HTTPS enforced on all connections |
Vokrae is used by schools and organizations that may serve children. The platform itself does not collect age information or verify user age — because it collects no personal data at all.
Organizations deploying Vokrae are responsible for complying with applicable child protection laws (such as COPPA in the US) and for ensuring appropriate safeguarding protocols are in place.
If you believe a child has shared information that creates risk, contact the organization directly — they control the admin portal and can respond appropriately.
If we make material changes to this privacy policy, we will notify organizations via email and post the updated policy on this page with a new "Last updated" date.
Material changes will never include retroactively claiming ownership of reporter messages or introducing personal data collection. The core promise of anonymity is structural and cannot be changed without rebuilding the platform.
If you have any questions about this privacy policy or Vokrae's data practices, contact us: