Vareon
Get Started

Privacy Policy

Last updated: October 16, 2025

We build tools for professionals, so we take the protection of your data seriously. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Who we are

Vareon (“we”, “us”, “our”) develops WordPress plugins and related services. We act as the data controller for information collected through vareon.dev, our documentation portal, support channels, and in-product experiences. We are registered in Norway.

Personal data we collect

Information you provide directly

  • Account & licensing. Name, email, organization, and WordPress site details provided when purchasing, activating, or managing licenses.
  • Support communications. Messages and attachments sent via our contact form, support email, or help desk.
  • Marketing sign-ups. Email and preferences for newsletters or waitlists (optional).
  • Billing. Payments are processed by our commerce/payment partners (e.g., Freemius, Stripe). We do not store complete card details on Vareon servers.

Information we collect automatically

  • Site & device diagnostics. With your consent (where required): WP/PHP versions, plugin version, site URL, license key hash, anonymized IP, locale, and error logs to deliver updates and improve stability.
  • License checks. Periodic requests from your site to verify license status and fetch updates.
  • Usage analytics. Pages visited, referrers, device type, and approximate region via consented analytics tools on our websites.
  • Cookies. See our Cookie Policy for details and choices.

What we do not collect

  • Content from your WordPress site (posts, users, orders, etc.) is not transmitted to us by our plugins, unless you deliberately share it in a support ticket.

How we use personal data

  • Provide downloads, updates, licensing, and support you request.
  • Authenticate license ownership and prevent fraud or abuse.
  • Respond to support inquiries and troubleshoot issues.
  • Send transactional messages (e.g., receipts, critical/security notices).
  • Send marketing communications when you opt in (unsubscribe anytime).
  • Improve performance, usability, accessibility, and security.
  • Comply with legal obligations and enforce agreements.

Legal bases for processing (EEA/Norway)

  • Contract – to deliver products/services you purchased.
  • Legitimate interests – product improvement, security, and anti-abuse, balanced against your rights.
  • Consent – analytics cookies, marketing emails, and any optional telemetry where required. You can withdraw consent at any time.
  • Legal obligation – tax/audit/accounting record-keeping.

How we share information

We do not sell personal data. We share data only with:

  • Service providers (hosting, analytics, payments, licensing, support) under contracts that limit processing to our instructions.
  • Professional advisors (accountants, lawyers) when necessary.
  • Authorities where required by law or to protect our rights, users, or the public.
  • Business transfers (merger, acquisition, or asset sale); we will notify you before material changes take effect.

International data transfers

We are based in Norway (EEA) and use providers located in various countries. When data is transferred outside the EEA, we implement appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or other approved mechanisms.

Data retention

  • Account, license, and support records: kept while your account is active and as needed to provide services.
  • Billing/transaction records: retained as required by accounting and tax law (typically 5–7 years).
  • Telemetry/analytics (if enabled): retained only as long as necessary for the stated purposes, then deleted or anonymized.

Your rights

Subject to EEA/Norwegian law, you may:

  • Request access to the personal data we hold about you.
  • Request correction, deletion, or restriction of processing.
  • Object to processing based on legitimate interests.
  • Receive your data in a portable format.
  • Withdraw consent where processing relies on consent.
  • Lodge a complaint with a supervisory authority. In Norway: Datatilsynet (Norwegian Data Protection Authority).

To exercise your rights, contact us using the details below. We will respond within one month (or the timeframe required by law).

Security

We use industry-standard safeguards (encryption in transit, access controls, least-privilege, and regular reviews). No system is 100% secure—please use strong, unique passwords and notify us promptly of suspected unauthorized activity.

Children

Our services are not directed to individuals under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us so we can delete it.

WordPress-specific details

  • License/updates. Our plugins may contact our licensing/update servers to validate your key and deliver updates.
  • Telemetry. Any in-plugin telemetry is optional and can be disabled in the plugin settings. It never includes site content.
  • “Powered by” links. Our plugins will not add external links on your public site without your explicit consent (opt-in).

Data Processing Agreement (DPA)

If you require a DPA for your organization, contact us and we will provide one for signature.

Changes to this policy

We will update this policy as our practices or legal requirements change. We will post the revised policy with an updated “Last updated” date and, when appropriate, notify you in-app or via email.

Contact us

Questions or privacy requests? Reach our team at:

Email: legal@vareon.dev

Registered location: Norway

Supervisory authority (Norway): Datatilsynet