Privacy Policy

Effective Date: 26/05/25
Last Updated: 26/05/25

Welcome to Vern! Your privacy is important to us, and this Privacy Policy explains how we collect, use, and protect your information when you use our generic web automation platform. Vern is operated by Vern, based in Australia, and this policy applies to our web application and API (collectively, the "Service").

IMPORTANT: This Privacy Policy should be read in conjunction with our Terms of Service, which contain important restrictions on the use of our automation platform.

If you have any questions about this Privacy Policy, please contact us at:

Vish Varma
Email: vish@vern.so

1. Information We Collect

We collect the following information to provide and secure our generic automation platform:

Personal Information

Account Information: Name, email address, and encrypted password when you register an account
Business Information: Company name and role (for legitimate business use verification)
Contact Information: Information provided when you contact us for support

Usage and Security Data

Platform Usage: Information about how you interact with our automation platform, including session logs and feature usage
Security Monitoring: IP addresses, device information, and access patterns for security and compliance monitoring
Automation Logs: Records of automation activities for security auditing and Terms of Service compliance
Payment Information: Stripe processes payment information for subscriptions; we do not store your credit card details

Compliance Monitoring Data

Third-Party Interaction Logs: Records of which external services you attempt to automate (for Terms compliance)
API Usage Tracking: Monitoring of API calls and automation patterns to ensure lawful use
Violation Reports: Information related to potential Terms of Service violations or third-party complaints

2. How We Use Your Information

We use your information for the following purposes:

To Provide the Service

Manage your account and provide generic web automation services
Enable authorized automation features through our platform
Process payments and manage subscriptions

For Security and Compliance

Monitor compliance with our Terms of Service and applicable laws
Detect unauthorized automation activities or violations of third-party terms of service
Investigate potential violations and respond to third-party complaints
Prevent circumvention of technical protection measures
Ensure API-first approach compliance

To Improve and Secure Vern

Analyze usage patterns to enhance platform security and performance
Debug and troubleshoot technical issues
Develop better compliance monitoring tools

For Legal and Regulatory Compliance

Respond to legal requests and law enforcement inquiries
Cooperate with third-party service providers regarding Terms of Service violations
Maintain audit trails for regulatory compliance
Report suspected illegal activity as required by law

To Communicate

Send important updates about Terms of Service changes, legal requirements, or security issues
Notify you of compliance violations or account restrictions
Provide support and respond to inquiries

3. Data Storage and Processing

Where Your Data Is Stored

User data is stored securely with Supabase servers in North America
Subscription payments are processed securely through Stripe
Compliance and security logs may be stored in multiple jurisdictions for legal compliance

Data Retention

Account data: Retained while your account is active and for legal compliance periods after termination
Compliance logs: Retained for extended periods as required for legal protection and regulatory compliance
Violation records: Retained indefinitely to prevent repeat violations and for legal defense

International Transfers

By using Vern, you acknowledge that your data may be transferred to, stored, and processed outside your country of residence, including in the United States. We ensure that all such transfers comply with applicable privacy laws, including the Australian Privacy Act 1988 and relevant international safeguards.

4. Data Sharing and Third-Party Services

Service Providers

We share data with trusted third parties to deliver and secure our Service:

Browserbase: For hosting browser automation sessions
Browser-Use / LangChain / OpenAI: For orchestrating automation workflows
Supabase: For data storage and backend services
Stripe: For payment processing (see Stripe's Privacy Policy for details)
Vercel: For hosting our web application and API

Legal and Compliance Sharing

We may share your information:

With law enforcement when required by law or to investigate suspected illegal activity
With third-party service providers when responding to Terms of Service violation complaints
In legal proceedings to defend against claims or enforce our Terms of Service
For regulatory compliance as required by applicable laws and regulations

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

Essential Functions: Authentication, security, and platform functionality
Security Monitoring: Detecting suspicious activity and potential violations
Compliance Tracking: Monitoring adherence to Terms of Service
Analytics: Understanding platform usage for security and improvement purposes

You can manage cookies in your browser settings, though disabling essential cookies may impact platform functionality and security features.

6. Your Rights and Limitations

Your Privacy Rights

Subject to legal and security limitations, you may:

Access personal information we hold about you
Request correction of inaccurate information
Request deletion of your account and associated data
Object to certain processing activities
Request data portability where technically feasible

Limitations on Rights

Your rights may be limited where:

Legal compliance requires data retention (e.g., compliance logs, violation records)
Security investigations are ongoing
Third-party complaints require evidence preservation
Regulatory requirements mandate data retention

Exercising Your Rights

To exercise your rights, contact us at vish@vern.so. We will respond within required timeframes, subject to verification of your identity and applicable legal limitations.

7. Data Security and Breach Response

Security Measures

We implement comprehensive security measures including:

Encryption for data transmission and storage
Multi-factor authentication and secure access controls
Regular security audits and vulnerability assessments
Compliance monitoring and anomaly detection
Incident response procedures

Breach Notification

In the event of a data breach that poses risks to your privacy or security, we will:

Notify affected users within required timeframes
Report to relevant authorities as required by law
Take immediate steps to contain and remediate the breach
Provide guidance on protective measures you can take

8. Age Restrictions and Business Use

Minimum Age

Vern is intended for business users aged 18 and older. We do not knowingly collect information from individuals under 18. If we become aware of such data collection, we will take immediate steps to delete it.

Business Use Only

Our platform is designed for legitimate business automation purposes only. Personal or non-business use may result in account termination and data retention for compliance purposes.

9. Compliance with Laws

Applicable Laws

This Privacy Policy and our data practices comply with:

Australian Privacy Act 1988
General Data Protection Regulation (GDPR) where applicable
California Consumer Privacy Act (CCPA) where applicable
Other applicable privacy and data protection laws

Regulatory Cooperation

We cooperate with privacy regulators and law enforcement agencies as required by law and may share information for regulatory investigations or legal proceedings.

10. Changes to This Privacy Policy

Policy Updates

We may update this Privacy Policy to reflect:

Changes in legal requirements or regulatory guidance
Updates to our security and compliance practices
Changes to our data processing activities
Court decisions or regulatory interpretations affecting automation platforms

Notification of Changes

We will notify you of material changes via:

Email notifications to your registered address
In-app notifications when you next access the platform
Prominent notices on our website

Continued use of Vern after changes constitutes acceptance of the updated Privacy Policy.

11. International Users

Cross-Border Data Transfers

If you access Vern from outside Australia, your information will be transferred to and processed in Australia and other countries where our service providers operate. These transfers are made under appropriate safeguards and legal frameworks.

Local Law Compliance

While we operate under Australian law, we respect local privacy laws where technically and legally feasible. However, our Terms of Service and this Privacy Policy are governed by Australian law.

12. Contact Information and Complaints

Contact Us

For privacy-related questions, requests, or concerns:

Vish Varma
Email: vish@vern.so

Privacy Complaints

If you believe we have not handled your personal information appropriately, you may:

Contact us directly to resolve the issue
Lodge a complaint with the Australian Privacy Commissioner
Contact your local privacy regulator if you reside outside Australia

Response Times

We aim to respond to privacy inquiries within 30 days, though complex requests may require additional time.

IMPORTANT NOTICE: This Privacy Policy is designed to work in conjunction with our Terms of Service to ensure lawful and authorized use of our automation platform. Violation of our Terms of Service may result in extended data retention for legal protection and compliance purposes.