Privacy policy

Welcome to Vern! Your privacy is important to us, and this Privacy Policy explains how we collect, use, and protect your information when you use our generic web automation platform. Vern is operated by Vern, based in Australia, and this policy applies to our web application and API (collectively, the "Service").

IMPORTANT: This Privacy Policy should be read in conjunction with our Terms of Service, which contain important restrictions on the use of our automation platform.

If you have any questions about this Privacy Policy, please contact us at:

Vish Varma
Email: vish@vern.so

1. Information We Collect

We collect the following information to provide and secure our generic automation platform:

Personal Information

• Account Information: Name, email address, and encrypted password when you register an account

• Business Information: Company name and role (for legitimate business use verification)

• Contact Information: Information provided when you contact us for support

Usage and Security Data

• Platform Usage: Information about how you interact with our automation platform, including session logs and feature usage

• Security Monitoring: IP addresses, device information, and access patterns for security and compliance monitoring

• Automation Logs: Records of automation activities for security auditing and Terms of Service compliance

• Payment Information: Stripe processes payment information for subscriptions; we do not store your credit card details

Compliance Monitoring Data

• Third-Party Interaction Logs: Records of which external services you attempt to automate (for Terms compliance)

• API Usage Tracking: Monitoring of API calls and automation patterns to ensure lawful use

• Violation Reports: Information related to potential Terms of Service violations or third-party complaints

2. How We Use Your Information

We use your information for the following purposes:

To Provide the Service

• Manage your account and provide generic web automation services

• Enable authorized automation features through our platform

• Process payments and manage subscriptions

For Security and Compliance

• Monitor compliance with our Terms of Service and applicable laws

• Detect unauthorized automation activities or violations of third-party terms of service

• Investigate potential violations and respond to third-party complaints

• Prevent circumvention of technical protection measures

• Ensure API-first approach compliance

To Improve and Secure Vern

• Analyze usage patterns to enhance platform security and performance

• Debug and troubleshoot technical issues

• Develop better compliance monitoring tools

For Legal and Regulatory Compliance

• Respond to legal requests and law enforcement inquiries

• Cooperate with third-party service providers regarding Terms of Service violations

• Maintain audit trails for regulatory compliance

• Report suspected illegal activity as required by law

To Communicate

• Send important updates about Terms of Service changes, legal requirements, or security issues

• Notify you of compliance violations or account restrictions

• Provide support and respond to inquiries

3. Data Storage and Processing

Where Your Data Is Stored

• User data is stored securely with Supabase servers in North America

• Subscription payments are processed securely through Stripe

• Compliance and security logs may be stored in multiple jurisdictions for legal compliance

Data Retention

• Account data: Retained while your account is active and for legal compliance periods after termination

• Compliance logs: Retained for extended periods as required for legal protection and regulatory compliance

• Violation records: Retained indefinitely to prevent repeat violations and for legal defense

International Transfers

By using Vern, you acknowledge that your data may be transferred to, stored, and processed outside your country of residence, including in the United States. We ensure that all such transfers comply with applicable privacy laws, including the Australian Privacy Act 1988 and relevant international safeguards.

4. Data Sharing and Third-Party Services

Service Providers

We share data with trusted third parties to deliver and secure our Service:

• Browserbase: For hosting browser automation sessions

• Browser-Use / LangChain / OpenAI: For orchestrating automation workflows

• Supabase: For data storage and backend services

• Stripe: For payment processing (see Stripe's Privacy Policy for details)

• Vercel: For hosting our web application and API

Legal and Compliance Sharing

We may share your information:

• With law enforcement when required by law or to investigate suspected illegal activity

• With third-party service providers when responding to Terms of Service violation complaints

• In legal proceedings to defend against claims or enforce our Terms of Service

• For regulatory compliance as required by applicable laws and regulations

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

• Essential Functions: Authentication, security, and platform functionality

• Security Monitoring: Detecting suspicious activity and potential violations

• Compliance Tracking: Monitoring adherence to Terms of Service

• Analytics: Understanding platform usage for security and improvement purposes

You can manage cookies in your browser settings, though disabling essential cookies may impact platform functionality and security features.

6. Your Rights and Limitations

Your Privacy Rights

Subject to legal and security limitations, you may:

• Access personal information we hold about you

• Request correction of inaccurate information

• Request deletion of your account and associated data

• Object to certain processing activities

• Request data portability where technically feasible

Limitations on Rights

Your rights may be limited where:

• Legal compliance requires data retention (e.g., compliance logs, violation records)

• Security investigations are ongoing

• Third-party complaints require evidence preservation

• Regulatory requirements mandate data retention

Exercising Your Rights

To exercise your rights, contact us at vish@vern.so. We will respond within required timeframes, subject to verification of your identity and applicable legal limitations.

7. Data Security and Breach Response

Security Measures

We implement comprehensive security measures including:

• Encryption for data transmission and storage

• Multi-factor authentication and secure access controls

• Regular security audits and vulnerability assessments

• Compliance monitoring and anomaly detection

• Incident response procedures

Breach Notification

In the event of a data breach that poses risks to your privacy or security, we will:

• Notify affected users within required timeframes

• Report to relevant authorities as required by law

• Take immediate steps to contain and remediate the breach

• Provide guidance on protective measures you can take

8. Age Restrictions and Business Use

Minimum Age

Vern is intended for business users aged 18 and older. We do not knowingly collect information from individuals under 18. If we become aware of such data collection, we will take immediate steps to delete it.

Business Use Only

Our platform is designed for legitimate business automation purposes only. Personal or non-business use may result in account termination and data retention for compliance purposes.

9. Compliance with Laws

Applicable Laws

This Privacy Policy and our data practices comply with:

• Australian Privacy Act 1988

• General Data Protection Regulation (GDPR) where applicable

• California Consumer Privacy Act (CCPA) where applicable

• Other applicable privacy and data protection laws

Regulatory Cooperation

We cooperate with privacy regulators and law enforcement agencies as required by law and may share information for regulatory investigations or legal proceedings.

10. Changes to This Privacy Policy

Policy Updates

We may update this Privacy Policy to reflect:

• Changes in legal requirements or regulatory guidance

• Updates to our security and compliance practices

• Changes to our data processing activities

• Court decisions or regulatory interpretations affecting automation platforms

Notification of Changes

We will notify you of material changes via:

• Email notifications to your registered address

• In-app notifications when you next access the platform

• Prominent notices on our website

Continued use of Vern after changes constitutes acceptance of the updated Privacy Policy.

11. International Users

Cross-Border Data Transfers

If you access Vern from outside Australia, your information will be transferred to and processed in Australia and other countries where our service providers operate. These transfers are made under appropriate safeguards and legal frameworks.

Local Law Compliance

While we operate under Australian law, we respect local privacy laws where technically and legally feasible. However, our Terms of Service and this Privacy Policy are governed by Australian law.

12. Contact Information and Complaints

Contact Us

For privacy-related questions, requests, or concerns:

Vish Varma
Email: vish@vern.so

Privacy Complaints

If you believe we have not handled your personal information appropriately, you may:

1. Contact us directly to resolve the issue

2. Lodge a complaint with the Australian Privacy Commissioner

3. Contact your local privacy regulator if you reside outside Australia

Response Times

We aim to respond to privacy inquiries within 30 days, though complex requests may require additional time.

IMPORTANT NOTICE: This Privacy Policy is designed to work in conjunction with our Terms of Service to ensure lawful and authorized use of our automation platform. Violation of our Terms of Service may result in extended data retention for legal protection and compliance purposes.