Privacy Policy

Last updated: 17 April 2026

VaernFlow ApS (“VaernFlow”, “we”) provides AI operations software for freight forwarders. This policy describes how we collect and process personal data under the GDPR (Regulation (EU) 2016/679).

1. Data we process

• Account data: name, email, company, password hash.
• Uploaded documents: BOLs, invoices, PODs, CMRs. Stored encrypted in the EU.
• Email content when you paste or sync via OAuth.
• Usage events: page views, feature use (via PostHog EU).

2. Sub-processors

• Supabase (EU region) — database, storage, auth.
• Anthropic — Claude API for extraction and classification.
• Stripe — payments (EU/US, GDPR-compliant).
• Resend — transactional email.
• PostHog EU — product analytics.
• Vercel — hosting.

3. Data retention

We retain customer data for the duration of your subscription plus 30 days, after which it is permanently deleted. You can request deletion sooner.

4. Your rights

You have the right to access, rectify, delete, or port your data. Contact privacy@vaernflow.com.

5. Security

All traffic is TLS 1.3. Data at rest is encrypted with AES-256. RLS is enforced on every table so your documents are never visible to other tenants.