1. Who is responsible for your data
Sefy Vardon Ltd, company number 17157178, is the controller for personal data processed through Vardon, the Vardon website, account services, billing, support, diagnostics, and related server features.
You can contact us through the support contact inside Vardon or by emailing support@sefyvardon.com.
2. Personal data we collect
- Account data
- Email address, account status, verification state, subscription state, security metadata, and support identifiers.
- Billing data
- Payment status, plan, invoice, renewal, cancellation, and provider references. Card details are handled by the payment provider.
- Open banking data
- Connection status, selected accounts, sync windows, fetched transaction data, balances, merchant details, and related banking metadata where you choose to connect a bank. We only access open banking data where you choose to connect an account, and the available data depends on the permissions, provider, and bank connection you approve.
- Support data
- Messages, screenshots or files you choose to send, issue descriptions, app version, device context, and diagnostic details.
- Technical data
- IP address, request metadata, device and operating system information, app version, crash or error information, security logs, and update checks.
- Analytics data
- Limited product usage telemetry where analytics are enabled, including screen usage, feature usage, product tour progress, notification interaction, user-visible errors, and website page information. This telemetry tracks product usage, not your financial life. We do not send transaction amounts, balances, merchant names, bank account names, budget names, report contents, or report scores as analytics.
3. Data stored locally in Vardon
Vardon is a desktop app. Some financial records, settings, imports, exports, cached views, and workspace data may be stored on your device or in app-controlled local storage.
Local data can still be sensitive. You are responsible for keeping your device, operating system account, backups, and exported files secure.
4. How and why we use personal data, including lawful bases
- Contract: to provide account access, paid features, downloads, updates, subscription checks, billing, service messages, and support.
- Legitimate interests: to keep Vardon secure, prevent fraud and abuse, diagnose issues, improve reliability, maintain records, and understand product usage in a limited and proportionate way.
- Consent or user action: for optional bank connections, optional imports, support attachments, analytics where consent is required, and permission-led features.
- Legal obligation: for accounting, tax, compliance, dispute handling, and responding to lawful requests.
6. Retention
We keep personal data only for as long as needed for the purposes described in this policy, including providing Vardon, maintaining security, meeting accounting and legal obligations, resolving disputes, and keeping necessary records.
Retention periods vary by data type. Account and billing records may need to be kept longer than support messages or diagnostic logs. Where data is no longer needed, we delete it, anonymise it, or restrict it.
Raw product usage telemetry can be removed or anonymised through Vardon's manual retention process. User-linked telemetry is removed or anonymised when an account is deleted, while aggregated product metrics may be kept longer where they no longer identify a user.
7. Security
We use technical and organisational measures designed to protect personal data, including access controls, validation, provider controls, restricted diagnostics, and security monitoring.
No system is perfectly secure. You should use a secure device, install updates, protect your email account, and contact us promptly if you suspect unauthorised access.
8. Your rights
Depending on your location and the circumstances, you may have rights to access, correct, erase, restrict, transfer, or object to the use of your personal data. You may also have the right to withdraw consent where processing is based on consent.
You can ask to exercise your rights by contacting us. We may need to verify your identity before responding.
10. Children
Vardon is not intended for children. You must not create an account or use Vardon if you are not old enough to enter into these terms or to give any required privacy permissions in your location.
11. Changes to this policy
We may update this Privacy Policy when Vardon changes, when providers change, when legal requirements change, or when our data practices change. The latest version will be published on this page with the updated date.
If a material change affects active users, we will take reasonable steps to bring the change to your attention before or when it applies.