Privacy Notice — VaryPoint (Demo)

What this notice covers

This notice applies to the public demo at demo.varypoint.com — the marketing landing, the industry chooser, and the guided product tours that run against synthetic tenant data. It does not cover production VaryPoint deployments operated under signed customer contracts; those are governed by the customer-specific Data Processing Agreement.

Data we collect on this site

Anonymous product analytics via PostHog: page views, tour step progression, tour completion. We use a strict event/property allowlist that rejects any property key not on the list, so freeform input never reaches PostHog. Session recording and autocapture are disabled. Cookies for analytics are memory-only — they do not persist between visits.
Sandbox session cookies (httpOnly): a short-lived JWT (~1 hour) for the read-only sandbox tour user, and a non-sensitive marker cookie indicating which industry tour you chose.
Server access logs: standard HTTP request logs (IP, user-agent, path, status). IP addresses are truncated before being forwarded to operational alerts. Logs are retained ≤30 days.

Data we do not collect

No real Protected Health Information (PHI). The demo tenants are synthetic.
No real customer Personally Identifiable Information (PII).
No account creation, no login, no payment information.

Third-party processors

PostHog Cloud — anonymous product analytics
Slack — operational notification when the demo URL is loaded (referrer + country + truncated IP only)
DokPloy + cloud VPS provider — hosting
Let's Encrypt — TLS certificate issuance

Your choices

You can disable JavaScript or use a Do-Not-Track browser to opt out of all analytics. The marketing pages and tour content are fully readable without JavaScript.

Contact