Effective date: 13 May 2026 · Last updated: 26 May 2026
VerPacker ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we store and protect it, and what rights you have over your data. By using the Service, you agree to the practices described in this policy.
We collect only the data necessary to provide the Service:
We do not collect payment card numbers. Payment processing is handled entirely by Dodo Payments — see Section 6 for details.
Your data is collected and processed exclusively to:
We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.
Your data is stored in a managed PostgreSQL database provided by Supabase, hosted on infrastructure in the European Union. Row Level Security (RLS) policies are enforced at the database layer, ensuring each tenant’s data is completely isolated from other tenants.
Azure Client Secrets are encrypted with AES-256-CBC using a server-side master key that is stored separately from the database. The plaintext value of a Client Secret is never written to disk, logged, or transmitted beyond the encryption point.
All data in transit is protected by TLS 1.2 or higher. Database backups are encrypted at rest. Access to production infrastructure is restricted to authorised personnel only.
VerPacker integrates with the following third-party services to operate. Each service processes only the minimum data necessary for its function:
| Service | Purpose | Data shared |
|---|---|---|
| Microsoft Graph API | Intune app management | Azure credentials, packaged app files |
| Supabase | Database and authentication | Email, account data, job records |
| Upstash Redis | Job queue processing | Job identifiers and task metadata |
| Dodo Payments | Subscription billing | Email, billing address, payment method |
| Google OAuth | Optional sign-in method | Email and public profile (if used) |
We do not sell or share your data with any parties not listed above. We do not use data brokers or advertising networks.
We retain your data for as long as your account is active. Specific retention periods:
You may request deletion of your account and all associated personal data at any time by emailing privacy@verpacker.app. We will complete deletion within 30 days, except for data we are legally required to retain.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, contact privacy@verpacker.app. We will respond within 30 days.
VerPacker is operated by an Estonian e-Resident company registered in the Republic of Estonia, a member state of the European Union. As an EU-established entity, VerPacker is subject to the General Data Protection Regulation (GDPR) in its entirety — not merely as an obligation toward EEA users, but as the primary applicable data protection law.
If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
VerPacker uses a minimal set of cookies. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The cookies we use are:
localStorage.You can manage your cookie preferences at any time on the Cookie Settings page.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
For privacy-related questions, data requests, or to exercise your rights, contact our privacy team:
VerPacker Privacy
Email: privacy@verpacker.app