We hold only what we need to deliver your engagement.

When you sign in to the client portal we store your email, full name, company, and a hashed identifier issued by our auth provider. When you transact through our managed checkout, we store the resulting purchase record, ledger entries, and the Stripe session identifier. We do not store card numbers or CVCs — those remain in Stripe's PCI-scoped environment.

To operate your account, reconcile your ledger, and let our support engineers respond to operational tickets. We do not sell client data, and we do not run third-party advertising trackers on this site.

Profile + ledger data is retained for the duration of the engagement plus seven years (statutory bookkeeping minimum). You may request export or deletion at any time by writing to avarextech.help@gmail.com. Webhook payloads are retained for 90 days for replay / forensic purposes and then truncated.

We rely on a deliberately small set of sub-processors: Cloudflare (edge + TLS termination), Stripe (payment processing), Supabase (Postgres + auth), Resend (transactional email). Each is reviewed annually for SOC 2 / ISO 27001 evidence.

Privacy questions: avarextech.help@gmail.com
Security disclosures: avarextech.help@gmail.com