Privacy Policy

Last updated: June 3, 2026 · Contact: [email protected] · Privacy Policy · Terms of Service · Cookie Policy

This policy describes how Varnox collects and uses personal information when you use our website, contact us, or work with us as a client.

Introduction

This Privacy Policy explains how Varnox (“we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit https://varnox.io, use our contact forms, communicate with us by email or phone, or engage us for professional services.

We are committed to handling personal data lawfully, fairly, and transparently. This policy is designed to meet common expectations under the UK GDPR, EU GDPR, and similar privacy laws. It is not legal advice for your own organisation.

Who is responsible for your data

The data controller for this website and related enquiries is Varnox. For privacy questions or to exercise your rights, contact us at [email protected].

When we deliver paid work under a separate contract, that agreement may specify additional roles (for example, processor arrangements if we host systems on your behalf).

Information we collect

Depending on how you interact with us, we may process the following categories of information:

  • Identity & contact: name, email address, telephone number, company or trading name.
  • Enquiry content: messages you send via our contact form, email, or scheduling tools; service interests and budget indications you choose to provide.
  • Technical & usage: IP address, browser type, device identifiers, referring URLs, pages viewed, and approximate location derived from IP (via logs or analytics, where permitted).
  • Security: signals from spam-protection services (for example Cloudflare Turnstile) and server logs used to detect abuse.
  • Contract & billing: where you become a client, business contact details, project correspondence, invoices, and payment references (we do not intentionally collect full payment card numbers on this marketing site).

We do not knowingly collect information from children under 16. If you believe a child has provided data, contact us and we will delete it promptly.

Where information comes from

  • Directly from you when you submit forms, email us, book a call, or sign an agreement.
  • Automatically through cookies, similar technologies, and server logs — see our Cookie Policy.
  • From service providers that help us operate the site (hosting, email delivery, analytics when consented).
  • From public professional sources (for example, your company website) when relevant to a B2B enquiry.

How and why we use information

We use personal information for the following purposes:

  • Respond to enquiries and provide quotations, consultations, and contracted services.
  • Operate, secure, and improve our website (including debugging, abuse prevention, and performance measurement).
  • Send transactional messages such as enquiry confirmations via email.
  • Maintain business records, invoicing, and compliance with law.
  • Market our services to existing contacts where permitted — you may opt out at any time.

Legal bases (UK / EEA visitors)

Where UK or EU data protection law applies, we rely on one or more of the following legal bases:

  • Consent — for optional analytics/marketing cookies and similar technologies where required.
  • Contract — to take steps at your request before a contract or to perform our agreement with you.
  • Legitimate interests — to operate and improve our business, secure our systems, and respond to proportionate B2B outreach, balanced against your rights.
  • Legal obligation — where we must retain or disclose information to comply with law.

Cookies and similar technologies

We use essential cookies and local storage entries required for security, preferences (such as theme), and remembering your cookie choices. Optional analytics tags (for example Google Tag Manager) load only if you choose “Accept all” on our cookie banner.

For details, including how to change your choice, read our Cookie Policy at /cookies.

Sharing with service providers

We use trusted processors who handle data only on our instructions and for our purposes, including:

  • Website hosting and content delivery infrastructure.
  • Email delivery (for example Resend) for enquiry notifications and confirmations.
  • Cloudflare Turnstile for bot protection on forms.
  • Analytics providers loaded via Google Tag Manager when you consent.
  • Scheduling tools (for example Cal.com) when you book a meeting through linked flows.

We do not sell your personal information. We may disclose information if required by law, court order, or to protect rights, safety, and security.

International transfers

We and our providers may process data in countries outside your own (including the United States and Pakistan). Where required, we implement appropriate safeguards such as standard contractual clauses or equivalent mechanisms offered by our vendors.

How long we keep information

  • Sales enquiries: typically up to 24 months from last contact unless a longer period is needed for an active opportunity or legal claim.
  • Client project records: for the life of the engagement plus up to 7 years for tax, warranty, and dispute purposes where applicable.
  • Server and security logs: generally 30–90 days unless needed for incident investigation.
  • Analytics: according to the retention settings of the relevant tool, subject to your consent.

Security

We apply reasonable technical and organisational measures appropriate to a small professional services business, including TLS encryption in transit, access controls, and vendor due diligence. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

Your rights and choices

Depending on your location, you may have rights to access, rectify, erase, restrict, object to processing, data portability, and withdraw consent (where processing is consent-based). You may also lodge a complaint with your local supervisory authority.

To exercise rights, email [email protected]. We may need to verify your identity before responding. You can change cookie preferences by clearing site data or using the choices described in our Cookie Policy.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top shows when it was last revised. Material changes will be posted on this page.