VAURD PRIVACY POLICY

Effective date: July 6, 2026.

Last updated: July 6, 2026.

This Privacy Policy explains how Vaurd Labs Private Limited, referred to as Vaurd, we, us, or our, collects, uses, discloses, and protects information when you use the Vaurd platform, website, and related services, collectively the Services.

Vaurd is a business-to-business software platform. Our customers are organizations, and most individuals interact with Vaurd as employees or authorized users of a customer organization. This Policy also applies to visitors to our website. By using the Services, you agree to the practices described in this Policy.

If you have questions, contact us at support@vaurd.com.


1

A Note On How Vaurd Is Designed

Vaurd is built so that your operational and business data stays inside your own environment. Vaurd deploys lightweight agents directly within the customer's own cloud, network, or infrastructure, including the customer VPC. These agents connect to the customer's systems locally, run validation where the data already lives, and do not transmit that underlying business data to Vaurd.

Because of this design:

This Policy therefore focuses on the limited set of information that the Vaurd platform itself does collect and process in order to provide the Services.

1.1

The content of the databases, ERP systems, data warehouses, and other sources that a customer connects to Vaurd is not ingested, copied, or stored by Vaurd.

1.2

Detailed execution and analytics data produced by the agent, such as the inputs, outputs, and results of each flow and step, is stored in the customer's own storage, for example the customer's object storage or file system, and is not sent to Vaurd. Vaurd receives only limited operational telemetry about agent activity, such as counts of flows executed, actions triggered, and agent health and status, which it uses to monitor performance.

1.3

Source connection credentials are configured and held within the customer's own agent configuration. They are not collected or stored by the Vaurd platform.

2

Information We Collect

We collect only the information needed to operate the Services, administer customer accounts, maintain security, and support the platform.

2.1

Account and identity information: Authentication and user identity are managed through our identity provider, Auth0. When you sign up or log in, this may include your name, email address, and the authentication method you use, such as Google, Microsoft work account, GitHub, or email and password. Personal identifying information is managed by the identity provider. The Vaurd platform stores organization, user, workspace, and role records needed to operate the Services, and does not store your authentication passwords.

2.2

Email domain: During sign-up, we extract the domain from your email address, for example company.com from user@company.com, to help match you to an existing organization or create a new one. Common public or free email domains are ignored for this purpose.

2.3

Organization and configuration data: We collect and store metadata you or your organization create in the platform, such as organization details, workspaces, user roles and permissions, source definitions, meaning metadata only and without credentials, events, and validation flows.

2.4

Integration authorization data: If you connect third-party communication or ticketing tools so that Vaurd can send notifications, alerts, or create tickets on your behalf, we store the authorization tokens and related connection details, such as workspace or channel identifiers, needed to perform those actions.

2.5

Operational and analytics data: To monitor the health and performance of deployed agents, the platform receives operational and system analytics associated with an agent identifier, such as status, heartbeats, execution counts, and system metrics.

2.6

Billing information: If your organization is on a paid plan, we process billing and invoice information necessary to manage payments and your subscription.

2.7

Audit logs: We record certain sensitive actions for security and accountability, including user changes, workspace access changes, flow changes, approvals, and credential updates.

3

How We Use Information

3.1

Provide, operate, and maintain the Services.

3.2

Authenticate users and manage access through role-based and fine-grained authorization.

3.3

Create and manage organizations, workspaces, users, and permissions.

3.4

Deliver the notifications, alerts, tickets, and actions you configure.

3.5

Monitor agent health, reliability, and performance.

3.6

Process billing and manage subscriptions.

3.7

Maintain audit trails and enforce security.

3.8

Detect, prevent, and respond to fraud, abuse, and security incidents.

3.9

Comply with legal obligations.

3.10

We do not use the underlying business data validated by your agents to build profiles about you, and we do not sell personal information.

4

Controller And Processor Roles

Vaurd acts in two capacities. For information relating to our website visitors, prospects, and our own marketing and account administration, Vaurd is the data controller. For the data that a customer's agents process within the customer's environment, and for platform metadata processed on a customer's behalf, Vaurd acts as a data processor, and the customer organization is the controller. Where Vaurd acts as a processor, the customer's agreement and any Data Processing Addendum govern that processing, and this Policy is supplemental to them.

5

Legal Bases For Processing

Where required by applicable law, we process personal information on one or more of the following bases: performance of a contract with you or your organization; our legitimate interests in operating and securing the Services; your consent, for example when you authorize a third-party integration; and compliance with legal obligations.

6

Third-Party Services And Integrations

Vaurd relies on and integrates with third-party services. Depending on your configuration, these may include:

When you connect an integration, you authorize Vaurd to send information, such as message content or ticket details you configure, to that platform on your behalf, and that platform's own privacy policy will apply to its handling of that information. We ask only for the access needed to perform the actions you configure, and we never ask for your usernames, passwords, or multi-factor codes for these platforms.

A current list of subprocessors is available on request at support@vaurd.com.

6.1

Identity and authentication: Auth0.

6.2

Communication and email integrations: Slack, Microsoft Teams, Microsoft Outlook via Microsoft Graph, and Gmail via Google APIs.

6.3

Ticketing integrations: Jira, ClickUp, Azure DevOps, Zoho, and similar tools.

6.4

Cloud infrastructure and hosting providers used to run the platform.

7

How We Share Information

7.1

With subprocessors and service providers who process it on our behalf under appropriate contractual protections.

7.2

Within your organization, according to the roles and permissions your administrators configure.

7.3

When required by law, legal process, or to protect the rights, safety, and security of Vaurd, our customers, or others.

7.4

In connection with a merger, acquisition, financing, or sale of assets, in which case we will take steps to protect your information.

7.5

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

8

Data Processing Addendum

Where Vaurd processes personal information on your organization's behalf, we make a Data Processing Addendum, or DPA, available on request, incorporating the Standard Contractual Clauses where relevant. Enterprise customers may request a DPA at support@vaurd.com.

9

Data Storage And Location

Agent execution and analytics data is stored within the customer's own environment and storage systems. Platform metadata described in this Policy is hosted in Central Europe.

10

International Data Transfers

Vaurd hosts platform data in Germany in the European Union. Depending on your location and the subprocessors involved, your personal information may be transferred to, stored in, or accessed from countries other than your own, which may have different data-protection rules. Where we transfer personal information out of the EEA, the UK, or Switzerland to a country not deemed to provide an adequate level of protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable. You may request more information about these safeguards at support@vaurd.com.

11

Data Retention

We retain platform metadata, billing records, and audit logs for as long as your organization maintains an account with us, and thereafter as needed to comply with legal, tax, accounting, or security obligations, resolve disputes, and enforce our agreements. Analytics and execution data stored within the customer's environment is retained according to the customer's own settings and policies. When information is no longer needed, we delete or de-identify it.

12

Cookies, Website Visitors, And Analytics

This Policy also applies to visitors to our website. We use cookies and similar technologies that are strictly necessary to operate the site and, subject to your consent where required, analytics cookies to understand how the site is used. We may use third-party analytics providers, including Google Analytics, for aggregated, de-identified traffic analysis. You can manage or withdraw cookie consent at any time through our cookie settings, and control cookies through your browser. Login sessions are valid for a limited period before re-authentication is required.

13

Security

We use technical and organizational measures designed to protect information, including encrypted connections between agents and the platform, certificate-based authentication for registered agents, role-based access control, and fine-grained authorization. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14

Use Of Data And AI

Where you use AI-assisted features, the inputs you provide and related metadata may be processed by us and by third-party AI providers to deliver and improve those features. We do not send your underlying business data to these providers except as needed to provide the feature you requested. We do not use customer data to train models except as expressly described here.

15

Your Rights And Choices

Depending on where you are located, you may have rights regarding your personal information, including the right to access, correct, update, delete, or receive a copy of it, and to object to or restrict certain processing. You may also have the right to withdraw consent and to lodge a complaint with a supervisory authority.

Categories of personal information we process include identifiers, such as name and email address, professional information, such as employer, job title, and role, commercial information, such as billing records, and internet or network activity, such as usage and audit logs.

If you are in the EEA, the UK, or Switzerland, you have the rights to access, rectify, erase, restrict, and object to processing, to data portability, and to withdraw consent, as well as to lodge a complaint with your supervisory authority.

If you are a California or other U.S. state resident, you have the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of any sale or sharing of it. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information beyond the purposes permitted by law.

Because Vaurd is a business-to-business service, personal information is often controlled by the customer organization you belong to. If your organization is the controller of your information, we will refer your request to them or act on their instructions. To exercise any right, contact us at support@vaurd.com or your organization's administrator. We may need to verify your identity before acting on a request.

16

Marketing Communications And Your Choices

We may send you service-related messages, which you cannot opt out of while you hold an account, and, where permitted, marketing communications about Vaurd. You can opt out of marketing emails at any time using the unsubscribe link in the message or by contacting support@vaurd.com. Opting out of marketing does not affect service or transactional messages.

17

Changes To This Policy

We may update this Policy from time to time. When we make material changes, we will update the Last updated date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised Policy.

18

Governing Law

This Policy is governed by the laws of India, without regard to its conflict-of-laws principles.

19

Contact Us

Vaurd Labs Private Limited

Workflo Ranka Junction, Property No. 224, 3rd Floor, #80/3, Vijinapur Village, Old Madras Road, K R Puram Hobli, Bengaluru (Ksn), Bangalore-560016, Karnataka, India.

Looking for other company information? Visit our contact page.