Privacy Policy

Account information:When you sign up, we collect your name, email address, company name, and country. This is used to create your account and personalise the app (for example, to show "Variation Order" vs "Change Order" based on your location).

Project and variation data: We store the variation orders you create, including descriptions, amounts, photos, client names, and signatures. This data belongs to you and is only accessible to you and your clients via secure signing links.

Usage data: We collect basic usage information (pages visited, features used, browser type) to improve the product. We do not sell this data.

Payment information: Payments are processed by Paddle. We never see or store your full card details.

We use your information to:

• Provide and improve the VaryOrder service
• Send you variation signing requests and confirmations on your behalf
• Process payments and manage your subscription
• Send transactional emails (sign-off requests, PDF receipts, account alerts)
• Respond to support requests
• Meet our legal and compliance obligations

We do not use your data for advertising, and we do not sell or rent your data to third parties.

Your data is stored on Supabase, which uses enterprise-grade PostgreSQL hosted on AWS. All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

Signed PDFs are stored in Supabase Storage with row-level security (RLS) policies, meaning only authorised users can access each document.

Each variation sign-off is timestamped and IP-logged at the moment of signing. We retain this audit trail for the lifetime of your account to support any future disputes.

We work with the following trusted third-party providers:

• Supabase — database, authentication, and file storage
• Vercel — hosting and global CDN
• OpenAI — AI drafting and voice transcription (Pro/Team plans). Your variation descriptions are sent to OpenAI to generate professional wording. We do not use your data to train OpenAI models.
• Resend — transactional email delivery (sign-off requests, confirmations)
• Paddle — payment processing and global tax compliance

Each provider is bound by their own privacy policies and data processing agreements.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (right to erasure)
• Export your data in a portable format
• Object to certain types of processing

To exercise any of these rights, email us at privacy@varyorder.com. We will respond within 30 days.

You can delete your account at any time from your Settings page. Deletion is permanent and removes all your data within 30 days.

We use minimal cookies — primarily for authentication (to keep you logged in) and basic analytics. We do not use advertising cookies or track you across third-party websites.

If you have any questions about this privacy policy, please contact us:

• Email: privacy@varyorder.com
• Website: varyorder.com