Vardon

Legal

Privacy Policy

This policy explains what personal data Sefy Vardon Ltd collects when you use Vardon, why we use it, who we share it with, and the choices and rights available to you.

Operator
Sefy Vardon Ltd | 17157178
Last updated
14 June 2026
Contact
support@sefyvardon.com

1. Who is responsible for your data

Sefy Vardon Ltd, company number 17157178, is the controller for personal data processed through Vardon, the Vardon website, account services, billing, support, diagnostics, and related server features.

You can contact us through the support contact inside Vardon or by emailing support@sefyvardon.com.

2. Personal data we collect

Account data
Email address, account status, verification state, subscription state, security metadata, and support identifiers.
Billing data
Payment status, plan, invoice, renewal, cancellation, and provider references. Card details are handled by the payment provider.
Open banking data
Connection status, selected accounts, sync windows, fetched transaction data, balances, merchant details, and related banking metadata where you choose to connect a bank. We only access open banking data where you choose to connect an account, and the available data depends on the permissions, provider, and bank connection you approve.
Support data
Messages, screenshots or files you choose to send, issue descriptions, app version, device context, and diagnostic details.
Technical data
IP address, request metadata, device and operating system information, app version, crash or error information, security logs, and update checks.
Analytics data
Limited product usage telemetry where analytics are enabled, including screen usage, feature usage, product tour progress, notification interaction, user-visible errors, and website page information. This telemetry tracks product usage, not your financial life. We do not send transaction amounts, balances, merchant names, bank account names, budget names, report contents, or report scores as analytics.

3. Data stored locally in Vardon

Vardon is a desktop app. Some financial records, settings, imports, exports, cached views, and workspace data may be stored on your device or in app-controlled local storage.

Local data can still be sensitive. You are responsible for keeping your device, operating system account, backups, and exported files secure.

4. How and why we use personal data, including lawful bases

  • Contract: to provide account access, paid features, downloads, updates, subscription checks, billing, service messages, and support.
  • Legitimate interests: to keep Vardon secure, prevent fraud and abuse, diagnose issues, improve reliability, maintain records, and understand product usage in a limited and proportionate way.
  • Consent or user action: for optional bank connections, optional imports, support attachments, analytics where consent is required, and permission-led features.
  • Legal obligation: for accounting, tax, compliance, dispute handling, and responding to lawful requests.

5. Who we share data with

We share personal data only where needed to run Vardon, protect the service, meet legal duties, or provide features you request.

  • Payment providers, such as Stripe, for checkout, billing, invoices, and subscription management.
  • Open banking providers, such as GoCardless, when you choose to connect a bank account.
  • Hosting, storage, update, email, security, first-party analytics, and diagnostic infrastructure that help operate Vardon.
  • Professional advisers, regulators, law enforcement, courts, or public authorities where required or reasonably necessary.

Some providers may process data outside the UK, for example where a provider uses overseas infrastructure or support teams. Where that happens, we rely on appropriate safeguards or lawful transfer mechanisms.

6. Retention

We keep personal data only for as long as needed for the purposes described in this policy, including providing Vardon, maintaining security, meeting accounting and legal obligations, resolving disputes, and keeping necessary records.

Retention periods vary by data type. Account and billing records may need to be kept longer than support messages or diagnostic logs. Where data is no longer needed, we delete it, anonymise it, or restrict it.

Raw product usage telemetry can be removed or anonymised through Vardon's manual retention process. User-linked telemetry is removed or anonymised when an account is deleted, while aggregated product metrics may be kept longer where they no longer identify a user.

7. Security

We use technical and organisational measures designed to protect personal data, including access controls, validation, provider controls, restricted diagnostics, and security monitoring.

No system is perfectly secure. You should use a secure device, install updates, protect your email account, and contact us promptly if you suspect unauthorised access.

8. Your rights

Depending on your location and the circumstances, you may have rights to access, correct, erase, restrict, transfer, or object to the use of your personal data. You may also have the right to withdraw consent where processing is based on consent.

You can ask to exercise your rights by contacting us. We may need to verify your identity before responding.

If you are in the UK and are unhappy with how we handle your personal data, you can complain to the Information Commissioner's Office at ico.org.uk.

9. Cookies and local browser storage

Necessary cookies or local storage may be used where needed for security, authentication, session continuity, preferences, diagnostics, or service operation.

Website telemetry uses browser session storage to keep an anonymous session identifier for the current browser tab. It does not use analytics cookies, and it does not send financial account values from the Vardon app.

In the desktop app, privacy-safe telemetry may briefly queue locally before being sent in a batch.

Browser controls can limit or remove cookies, but some account and security features may not work correctly without necessary cookies or storage.

10. Children

Vardon is not intended for children. You must not create an account or use Vardon if you are not old enough to enter into these terms or to give any required privacy permissions in your location.

11. Changes to this policy

We may update this Privacy Policy when Vardon changes, when providers change, when legal requirements change, or when our data practices change. The latest version will be published on this page with the updated date.

If a material change affects active users, we will take reasonable steps to bring the change to your attention before or when it applies.