Privacy Policy
Effective: March 29, 2026
Controller
Veran Software LLC, a Delaware limited liability company, is the data controller for personal information collected through veransoftware.com and demo.veransoftware.com. All inquiries regarding this policy should be directed to privacy@veransoftware.com.
What We Collect
Information you provide. When you request a discovery call, subscribe to updates, or contact us through a form, we collect your name, business email, company name, and any details you include in your message.
Automatically collected data. Our web server logs record IP addresses, browser identifiers, referring URLs, and geographic region (country-level, derived from IP address for access control). The demo platform also maintains access audit logs that record login attempts, token usage, and request metadata for security monitoring. We use privacy-focused analytics (no advertising trackers) to understand aggregate traffic patterns. We do not fingerprint devices or build cross-site profiles.
Cookies. We use essential cookies for site functionality and authentication. On the demo platform, we also use error monitoring (Sentry) that requires your consent. For a complete list of cookies, see our Cookie Policy.
Business contact data. We may collect professional contact information (name, work email, job title, company) from publicly available sources such as LinkedIn, company websites, and industry directories for business development purposes. See “Legal Bases” below.
Legal Bases for Processing
We process personal data on the following legal bases under GDPR:
- Contract performance — to respond to your inquiry, provide requested information, or fulfill obligations under a service agreement
- Legitimate interest — for B2B business development outreach, site security, fraud prevention, and service improvement (GDPR Article 6(1)(f); see also Recital 47). A Legitimate Interest Assessment is available on request.
- Consent — for non-essential cookies (error monitoring), marketing communications, and any processing where consent is explicitly requested. You can withdraw consent at any time.
- Legal obligation — to comply with applicable law, regulation, or court order
Sharing and Sub-Processors
We do not sell, rent, or trade personal information. We share data only with service providers (“sub-processors”) that perform functions on our behalf. Each provider is contractually required to protect your data and use it solely for the service they provide.
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare Inc. | Website and platform hosting, CDN, security | USA (global edge) |
| Sentry (Functional Software Inc.) | Error monitoring (consent required) | USA |
| jsDelivr / Prospect One Sp. z o.o. | Open-source CDN for loading application libraries | Poland (global edge) |
| Calendly LLC | Meeting scheduling | USA |
We may disclose information if required by law, subpoena, or court order, or to protect our rights or the safety of others.
Platform Client Data
This policy covers the veransoftware.com marketing website and the demo.veransoftware.com demo platform. If you are a platform client, your data processing is governed by the Data Processing Addendum in your client agreement. In that context, Veran acts as a data processor on your behalf. Each client receives a dedicated, isolated database instance. Client data is never combined across organizations.
Retention
| Data Category | Retention Period |
|---|---|
| Contact form submissions | 24 months |
| Business contact / CRM data | 3 years from last meaningful interaction |
| Server logs | 90 days |
| Analytics data | Aggregated and anonymized within 90 days |
| Cookie consent preferences | 1 year |
If you become a client, retention is governed by your client agreement.
Security
All connections to veransoftware.com and demo.veransoftware.com use TLS 1.2 or higher. Form data is encrypted in transit and at rest. Access to personal data is restricted to authorized personnel on a need-to-know basis. The demo platform enforces HSTS, strict Content Security Policy, and rate limiting.
Your Rights (EEA / UK)
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data (“right to be forgotten”)
- Restriction of processing — request that we limit how we use your data
- Data portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest, including direct marketing
- Withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing
You also have the right to lodge a complaint with your local supervisory authority (e.g., UODO in Poland, ICO in the UK).
To exercise any right, email privacy@veransoftware.com. We will respond within 30 days.
Your Rights (California)
If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- Right to know — what personal information we collect, use, disclose, and sell
- Right to delete — request deletion of personal information we hold
- Right to correct — request correction of inaccurate personal information
- Right to opt out — of the sale or sharing of personal information
- Non-discrimination — we will not discriminate against you for exercising your rights
We do not sell personal information and do not use it for cross-context behavioral advertising. To exercise your rights, email privacy@veransoftware.com.
International Transfers
Veran Software LLC is based in the United States. If you access this website from outside the US, your information will be transferred to and processed in the US. For transfers from the EEA/UK, we rely on the EU-U.S. Data Privacy Framework (where applicable) and Standard Contractual Clauses (SCCs) as approved by the European Commission.
EU Representative
As a US-based company that processes personal data of individuals in the EEA, we are in the process of appointing an EU representative in accordance with GDPR Article 27. In the meantime, you may direct any data protection inquiries to privacy@veransoftware.com.
Children's Data
Our services are designed for business professionals and are not directed at children under the age of 16 (or under 13 in jurisdictions where COPPA applies). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@veransoftware.com and we will promptly delete it.
Do Not Track & Global Privacy Control
We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request under applicable privacy laws, including the CCPA/CPRA. We do not currently respond differently to generic “Do Not Track” (DNT) browser headers, as there is no industry standard for how to interpret them. However, because we do not engage in cross-site tracking or behavioral advertising, the practical effect is the same.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals, as described in GDPR Article 22. Our platform may use automated rules for security purposes (e.g., rate limiting, geo-based access control), but these do not constitute profiling under data protection law.
Updates
We will revise this policy when our practices change. The effective date at the top of the page indicates the most recent version. Material changes will be noted prominently on the website.
Governing Law
This policy is governed by the laws of the State of Delaware, United States.
Contact
Veran Software LLC
privacy@veransoftware.com
See also: Terms of Service | Cookie Policy