Privacy Policy

1. Scope & Who We Are

This Policy applies to information we process as a controller when you visit, create an account, purchase a subscription, or otherwise interact with the Service. It does not apply to third‑party websites, services, or platforms that we do not control (e.g., bank offer pages, affiliate links, or payment processors). Those parties' policies govern their practices.

We operate in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our vendors are located.

2. Information We Collect

We collect the following categories of information, depending on how you interact with the Service:

2.1 Information You Provide

• Account details: name/alias, email, password (hashed), plan type, preferences.
• Communications: messages to support, survey responses, feedback.
• Purchase information: subscription plan, status, and payment confirmations. We do not store full payment card numbers; payment processors handle those.

2.2 Information Collected Automatically

• Device/usage data: IP address, device identifiers, browser type, operating system, referring/exit pages, timestamps, page views, feature usage, session duration.
• Cookies and similar technologies: cookies, pixels, SDKs, and local storage to remember settings, maintain sessions, measure performance, and (where applicable) help tailor or measure advertising.
• Approximate location: derived from IP to detect fraud/abuse and for analytics.

2.3 Information from Third Parties

• Authentication & membership platforms (e.g., identity/login providers, membership gateways) provide us account and subscription signals.
• Payment processors provide transaction confirmations, fraud/chargeback signals, and partial billing data (no full card numbers).
• Analytics/advertising partners may provide aggregated or pseudonymous metrics, attribution data, or interest categories, subject to your settings and applicable law.

We do not intentionally collect sensitive information (e.g., government IDs, precise geolocation, health data). Please do not provide such data to us.

3. How We Use Information

We use information for the following purposes:

1. Provide and secure the Service (authentication, access control, fraud prevention, abuse detection, debugging, incident response).
2. Operate subscriptions and payments (account management, invoicing, receipts, license enforcement, renewals, support).
3. Improve and develop the Service (analytics, research, A/B tests, product decisions).
4. Communicate with you (transactional messages, service announcements, and—where permitted—marketing). You can opt out of marketing at any time.
5. Comply with law and enforce our Terms of Service, including investigating violations, responding to lawful requests, and asserting legal claims.
6. Advertising/attribution (optional): if enabled, to measure the effectiveness of campaigns and to reach audiences consistent with your permissions and applicable law.

Legal Bases (EEA/UK only)

Where GDPR/UK GDPR applies, our legal bases include: contract (to provide the Service), legitimate interests (e.g., security, improvement, attribution), consent (for certain cookies/ads), and legal obligation.

4. How We Share Information

We share information in the following limited circumstances:

• Service providers (processors): vendors that host, support, analyze, or process payments and communications on our behalf under contracts that restrict use to our instructions.
• Affiliates and business transfers: to our affiliates or as part of a merger, acquisition, financing, or sale of assets, subject to this Policy.
• Legal and safety: to comply with law, valid legal process, or to protect rights, property, or safety of us, users, or others.
• With your direction or consent: e.g., when you link a third‑party account or click an outbound affiliate link.

We do not sell personal information for money. Some analytics and advertising activities may be considered a "sale" or "share" of personal information or targeted advertising under certain U.S. state laws; where applicable, we provide mechanisms to opt out.

5. Cookies, Analytics, and Advertising Choices

We use cookies/pixels/SDKs to:

• Keep you logged in and remember preferences.
• Measure traffic and performance.
• (If enabled) support ads/attribution.

Your choices:

• Browser controls: you may block or delete cookies; the Service may not function properly without required cookies.
• Email marketing: unsubscribe via the link in our emails.
• Targeted ads: where used, opt‑out links may be provided in a "Your Privacy Choices" or similar footer; you can also use industry tools (e.g., DAA, NAI) and your device ad settings.
• Global Privacy Control (GPC): we process GPC signals where required by applicable law.

6. Data Retention

We retain information only as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements, resolve disputes, and enforce our agreements. We may de‑identify or aggregate data for analytics and retain non‑identifiable aggregates.

7. Security

We employ administrative, technical, and physical safeguards designed to protect information (e.g., TLS in transit, access controls, hashed passwords). No method of transmission or storage is 100% secure; we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and notifying us of any suspected compromise.

8. Children's Privacy

The Service is not directed to children under 13 (or under the age required by your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

9. Your Privacy Rights

Depending on where you live, you may have rights such as to access, correct, delete, port, opt out of targeted advertising or sale/share, and limit the use of sensitive information. We will not discriminate against you for exercising your rights.

How to Exercise Your Rights

• Email us at info@offervara.com with the subject "Privacy Request" and specify your request type.
• We may need to verify your identity (e.g., email verification, account login).
• If we deny your request (e.g., we cannot verify you or an exception applies), you may appeal by replying to our decision within 30 days with "Privacy Appeal" in the subject line. If you remain unsatisfied, you may contact your state Attorney General or data protection authority as applicable.

Authorized agents (CA): If you use an authorized agent, we may require proof of authorization and your verification.

10. International Users (EEA/UK/Switzerland)

When GDPR applies, we rely on lawful bases noted above. We transfer personal data to the U.S. and other countries using appropriate safeguards, which may include Standard Contractual Clauses and supplementary measures as needed. You may contact us for a copy of relevant transfer mechanisms.

11. Third‑Party Sites & Services

The Service may link to or integrate third‑party sites, offers, embeddeds, or tools. We do not control those services, and their privacy practices are governed by their own policies. Review those policies carefully—their collection and use are outside our control.

12. No Financial, Legal, or Tax Advice; Anti‑Fraud Stance

We provide informational content and do not provide personalized financial, legal, or tax advice. We do not encourage or condone fraud, misrepresentation, or violations of bank or third‑party terms. If you submit content or interact with external offers, you do so at your own risk and must comply with applicable terms and laws.

13. Changes to This Policy

We may update this Policy from time to time. The updated Policy will be posted with a new "Last Updated" date. Your continued use of the Service after an update signifies your acceptance of the revised Policy.

14. Contact Us

For questions or to exercise your rights, contact us at info@offervara.com.

Notices: We accept privacy notices and legal correspondence by email only unless we specify a postal address in the future. Notices are deemed received when we acknowledge by reply email.

State‑Specific Disclosures (U.S.)

California (CCPA/CPRA):

• Categories collected: identifiers (e.g., email, IP), internet/usage data, commercial information (subscription status), inferences (where applicable).
• Sources: you, your device, service providers, and (if enabled) analytics/ads partners.
• Business purposes: as listed in Section 3.
• "Sale"/"Share": we do not sell for money; if our use of analytics/ads is deemed a "sale" or "share," you may opt out through our "Your Privacy Choices" link (if provided) or by emailing us.
• Sensitive data: we do not use or disclose sensitive personal information for purposes requiring a right to limit under CPRA.
• Non‑discrimination: we will not discriminate for exercising rights.

Colorado/Connecticut/Virginia/Utah and similar laws:

You may have rights to confirm, access, correct, delete, data portability, and to opt out of targeted advertising or sale of personal data. Use the request process above. Appeals are handled as described in Section 9.

Nevada:

We do not sell covered information as defined under Nevada law, but you may submit a sale opt‑out request to info@offervara.com.

Additional Details

• Payment Processing: We use third‑party processors to handle payments; we receive only limited billing information and payment confirmations.
• Security & Anti‑Abuse: We may use IP‑based and device‑level signals to detect fraud/abuse and to protect accounts.
• De‑identified Data: If we maintain de‑identified data, we will not attempt to re‑identify it, and we will maintain it in a de‑identified form.