1. Introduction

VaraOS ("we," "our," or "us") operates the website https://varaos.com and provides AI-powered automation services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Services.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Personal Data

When you register for an account or use our Services, we may collect:

• Full name and display name
• Email address
• Account credentials (securely hashed)
• Billing information and payment details (processed by our payment provider)
• Profile information you choose to provide
• Communications you send to us (support requests, feedback)

2.2 Usage Data

We automatically collect certain information when you use our Services:

• IP address and approximate geographic location
• Browser type, version, and language preferences
• Device type, operating system, and screen resolution
• Pages visited, features used, and actions taken within the platform
• Date and time of access, session duration
• Referring URL and exit pages
• Workflow execution logs and automation performance metrics

2.3 Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience, analyze usage patterns, and deliver personalized content. You can manage cookie preferences through your browser settings. Essential cookies required for core functionality cannot be disabled.

2.4 Third-Party Data

When you connect third-party services (e.g., Slack, Gmail, Jira) through our integrations, we may receive limited information from those services as authorized by you. We only access the data necessary to perform the automation workflows you configure.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our Services
• To authenticate users and manage account access
• To process transactions and send billing-related communications
• To improve, personalize, and expand our Services
• To analyze usage patterns and optimize platform performance
• To communicate with you about updates, features, and support
• To detect, prevent, and address security threats and fraud
• To comply with legal obligations and enforce our terms
• To provide customer support and respond to inquiries

4. Data Sharing & Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating our Services (hosting, analytics, payment processing, email delivery), under strict data protection agreements.
• Legal Requirements: When required by law, subpoena, or government request, or to protect our rights, privacy, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
• With Your Consent: When you explicitly opt in to sharing data with specific third-party integrations or partners.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and principle of least privilege
• Regular security audits and vulnerability assessments
• Secure credential storage using industry-standard hashing algorithms
• Automated threat monitoring and incident response procedures

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our Services. After account deletion, we may retain certain data for up to 90 days for backup and disaster recovery purposes, and indefinitely in anonymized or aggregated form for analytics. We retain billing records as required by applicable tax and accounting laws.

7. Your Rights

7.1 General Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request limitation of processing of your data
• Objection: Object to processing based on legitimate interests

7.2 GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.

7.3 CCPA Rights (California Residents)

If you are a California resident, you have the right to: know what personal information is collected, request deletion of your data, opt out of the sale of personal information (we do not sell personal data), and not be discriminated against for exercising your rights.

8. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for cross-border transfers, including Standard Contractual Clauses approved by the European Commission where applicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send you a notification via email. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your request within 30 days, or sooner as required by applicable law.