Back to home

Privacy Policy

Effective date: 13 May 2026 · Last updated: 26 May 2026

This legal text is provided in English. Translations are advisory only.

VerPacker ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we store and protect it, and what rights you have over your data. By using the Service, you agree to the practices described in this policy.

1. Data We Collect

We collect only the data necessary to provide the Service:

  • Account data: Your email address, full name (optional), and authentication method (email/password or Google OAuth).
  • Azure credentials: Your Azure Active Directory Tenant ID, Application (Client) ID, and Client Secret. The Client Secret is encrypted with AES-256 before being stored and is never accessible in plaintext after submission.
  • Application configuration: Winget Package IDs or download URLs for the apps you choose to monitor, Azure AD Group IDs for deployment targets, and your auto-update preferences.
  • Operational data: Job history (deployment logs, version numbers, timestamps, success/failure status) generated by the Service on your behalf.
  • Usage data: Standard web server logs, including IP address, browser type, and pages visited, for security monitoring and abuse prevention. This data is not used for advertising or sold to third parties.
  • Payment metadata: Your subscription plan, billing status, and billing email, as received from Dodo Payments. We never receive or store your full payment card details.

We do not collect payment card numbers. Payment processing is handled entirely by Dodo Payments — see Section 6 for details.

2. Purpose of Collection

Your data is collected and processed exclusively to:

  • Authenticate you and secure access to your account.
  • Execute Intune automation tasks: version detection, packaging, upload, and assignment on your behalf using the credentials you provide.
  • Display job history, deployment status, and log output in the dashboard.
  • Send transactional emails (account confirmation, password reset, billing receipts).
  • Investigate security incidents and prevent fraudulent use of the Service.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.

3. Data Storage and Security

Your data is stored in a managed PostgreSQL database provided by Supabase, hosted on infrastructure in the European Union. Row Level Security (RLS) policies are enforced at the database layer, ensuring each tenant’s data is completely isolated from other tenants.

Azure Client Secrets are encrypted with AES-256-CBC using a server-side master key that is stored separately from the database. The plaintext value of a Client Secret is never written to disk, logged, or transmitted beyond the encryption point.

All data in transit is protected by TLS 1.2 or higher. Database backups are encrypted at rest. Access to production infrastructure is restricted to authorised personnel only.

4. Third-Party Services

VerPacker integrates with the following third-party services to operate. Each service processes only the minimum data necessary for its function:

ServicePurposeData shared
Microsoft Graph APIIntune app managementAzure credentials, packaged app files
SupabaseDatabase and authenticationEmail, account data, job records
Upstash RedisJob queue processingJob identifiers and task metadata
Dodo PaymentsSubscription billingEmail, billing address, payment method
Google OAuthOptional sign-in methodEmail and public profile (if used)

We do not sell or share your data with any parties not listed above. We do not use data brokers or advertising networks.

5. Data Retention and Deletion

We retain your data for as long as your account is active. Specific retention periods:

  • Job logs: Retained for 90 days, then automatically deleted.
  • Account and configuration data: Retained until account deletion.
  • Billing records: Retained for 7 years as required by applicable financial regulations.
  • Server logs: Retained for 30 days for security purposes, then purged.

You may request deletion of your account and all associated personal data at any time by emailing privacy@verpacker.app. We will complete deletion within 30 days, except for data we are legally required to retain.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure: Request deletion of your personal data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to object: Object to processing of your data in certain circumstances.

To exercise any of these rights, contact privacy@verpacker.app. We will respond within 30 days.

7. GDPR and KVKK Compliance

VerPacker is operated by an Estonian e-Resident company registered in the Republic of Estonia, a member state of the European Union. As an EU-established entity, VerPacker is subject to the General Data Protection Regulation (GDPR) in its entirety — not merely as an obligation toward EEA users, but as the primary applicable data protection law.

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance (Article 6(1)(b)): Processing necessary to provide the Service you have contracted for.
  • Legitimate interests (Article 6(1)(f)): Security monitoring, fraud prevention, and service improvement.
  • Legal obligation (Article 6(1)(c)): Retention of billing records as required by law.

8. Cookies

VerPacker uses a minimal set of cookies. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The cookies we use are:

  • Session cookies: Set by Supabase Auth to maintain your login session. These expire when you close your browser or sign out.
  • Preference cookies: Store your cookie consent choice in localStorage.

You can manage your cookie preferences at any time on the Cookie Settings page.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related questions, data requests, or to exercise your rights, contact our privacy team:

VerPacker Privacy

Email: privacy@verpacker.app