Privacy Policy

Valarvom is operated by Sundaravadivel S, based in Coimbatore, India. We are the data controller for the personal information described below. Contact: hello@valarvom.com.

When you take the audit:

• Name, email, phone, business name
• Your audit responses and computed score
• IP address (for region detection and abuse prevention)

When you purchase:

• Billing information (payment processed by Stripe / Razorpay; we never see card numbers)
• GST identification number (for Indian customers, where applicable)
• Business address, contact details

When you onboard:

• Business description, products/services list, brand preferences
• Content, images, photos you upload
• Account credentials you share for existing platforms (encrypted at rest)

Automatically when you visit the site:

• Anonymous usage analytics via Plausible (no cookies, no personal identifiers)
• Server logs (IP, user agent, timestamp) — retained 30 days

• To deliver the services you purchased
• To communicate about your project (status, deliverables, reports)
• To process payments and issue invoices
• To improve our services through aggregated, anonymized analytics
• To send transactional emails (you cannot opt out — these are required)
• To send marketing emails (you can opt out anytime)
• To comply with legal obligations (tax records, audits)

We share data only with the vendors required to deliver your service:

• Stripe (global payments) and Razorpay (India payments)
• AiSensy (WhatsApp messaging)
• MSG91 (SMS, India)
• Resend (transactional email)
• DigitalOcean (hosting and storage)
• Cloudinary (image hosting)
• Plausible (anonymous analytics)
• Vercel (frontend hosting)
• Sentry (error monitoring)

We never sell, rent, or trade your personal information to third parties for marketing purposes.

We use minimal cookies, all essential or first-party:

• valarvom-country — your detected country, used to show regional pricing (30-day expiry)
• __Host-authjs.session-token — authentication session for logged-in users (essential)

We do not use third-party advertising cookies or tracking pixels for our marketing. Analytics is via Plausible, which is cookieless.

Regardless of where you live, you have these rights:

• Access — request a copy of all data we hold about you
• Correct — request corrections to inaccurate data
• Delete — request deletion of your data (subject to legal retention requirements)
• Export — receive your data in a portable format
• Object — opt out of marketing communications
• Restrict — limit how we process your data

To exercise any right, email hello@valarvom.com. We respond within 30 days (typically within 3 business days).

• Active customer data — kept while account is active and 7 years after for tax/audit compliance
• Lead data (audit takers who didn't purchase) — kept 24 months, then deleted
• Server logs — kept 30 days, then automatically deleted
• Backups — kept 90 days on rolling schedule

• All data in transit is encrypted via TLS 1.3
• All data at rest is encrypted via AES-256
• Account passwords are hashed with bcrypt (never stored in plaintext)
• Payment card details are never stored by us — handled by Stripe/Razorpay
• 2FA is required on all administrative accounts
• Regular security audits and dependency updates

Our primary database is in Singapore (DigitalOcean SGP1). Some vendors process data in the EU and the US. Where data leaves the EU/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

Our services are intended for businesses and adults. We do not knowingly collect data from children under 16. If you believe we have, contact us and we will delete it.

We may update this policy. The “Last updated” date at the top reflects the most recent version. Material changes will be notified by email to active customers.

Privacy questions, complaints, or rights requests: hello@valarvom.com