Privacy Policy

1. Introduction

Varity Platform Inc. ("Varity," "we," "us," or "our") operates the varity.so website and the Varity platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Our approach: Varity is a deployment platform. We collect only the information needed to build, deploy, and run your applications, we protect it with industry-standard security, and we never sell it or use it for advertising.

2. How We Protect Your Data

We use industry-standard security practices to protect your information:

• Encryption in transit: Data is encrypted with TLS/SSL as it moves between you, Varity, and your deployments.
• Encryption at rest: Stored data is encrypted at rest.
• Access controls: Access to systems and data is restricted on a least-privilege basis and logged.
• Account isolation: Each account's deployments and data are isolated from other accounts.

We do not sell your data, use it for advertising, or train AI models on it.

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address (if you choose email authentication), account identifier
• Profile Information: Name, company name, and other optional profile details
• Payment Information: Billing details processed through our payment processors (Stripe) - we do not store full payment card numbers
• Communications: Support requests, feedback, and correspondence with our team

3.2 Information Collected Automatically

• Usage Data: Anonymized and aggregated usage metrics (feature usage, performance data)
• Device Information: Browser type, operating system, device identifiers for security purposes
• Log Data: IP addresses, access times, pages viewed (retained for 30 days for security)
• Service Records: Anonymized access event identifiers logged for security purposes

3.3 Information We Do NOT Collect

• The contents of your deployed applications beyond what is needed to build and run them
• Your source code for any purpose other than building and deploying your app
• Your data for advertising, profiling, or sale to third parties
• Your data to train AI models

4. How We Use Your Information

We use the limited information we collect to:

• Provide, maintain, and improve our services
• Process payments and manage billing
• Send important service updates and security alerts
• Respond to support requests and communications
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Improve our platform based on anonymized usage patterns

We do NOT:

• Sell your personal information
• Use your data for advertising or profiling
• Share your data with third parties for their marketing purposes
• Train AI models on your data

5. Data Sharing and Disclosure

We may share limited information with:

• Service Providers: Payment processors (Stripe), email services, and analytics providers who are contractually bound to protect your information
• Legal Requirements: When required by law, subpoena, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with continued privacy protections
• With Your Consent: When you explicitly authorize sharing

6. International Data Transfers

Your data may be stored and processed on infrastructure that operates globally, including in the United States and other countries. We ensure appropriate safeguards are in place for any international transfers of personal data.

7. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion
• Deployment Data: Retained while your app is deployed and removed when you delete it
• Usage Logs: 30 days for security purposes
• Payment Records: 7 years as required by tax and financial regulations
• Security Logs: Retained for a limited period for security and compliance

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in standard formats at any time
• Objection: Object to certain processing of your data
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at hello@varity.so. We will respond within 30 days.

9. European Users (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland:

• We process your data based on: (a) contract performance, (b) legitimate interests, (c) legal obligations, or (d) your consent
• You have additional rights under GDPR including the right to lodge a complaint with a supervisory authority
• For data transfers outside the EEA, we use Standard Contractual Clauses

10. California Users (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at hello@varity.so.

12. Security

We implement robust security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Least-privilege access controls and logging
• Account isolation between customers
• Regular security reviews
• Multi-factor authentication options

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Effective Date." For significant changes, we will provide additional notice via email or in-app notification.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: hello@varity.so
• Data Protection Officer: hello@varity.so

Legal entity: Varity Platform Inc., a corporation incorporated in the State of Delaware, United States. Registered notices may be sent to our registered agent: