Privacy Policy

1. Scope

This Privacy Policy applies solely to information collected through the Site and related authentication services. It does not apply to data generated within customer-controlled installations of the Avera software application, which operates independently within customer environments.

2. Information Collected

2.1 Authentication Information

When a user signs in using Google authentication through Supabase, the following information may be collected and processed:

• Email address
• Display name
• Google account identifier
• Authentication-related metadata
• IP address and associated technical log data

Authentication services are provided by Supabase. Supabase may process authentication data in accordance with its own privacy practices and infrastructure policies.

2.2 Early Access Submissions

When a user submits an Early Access request, we collect:

• Email address
• Device count information
• Free-text message content

Early Access submissions are transmitted via email to Avera (including through Google Workspace email services).

Users are instructed not to submit sensitive personal information or Protected Health Information (“PHI”) through Early Access forms or website communications.

2.3 Automatically Collected Technical Information

Our hosting providers (including infrastructure providers such as Cloudflare) may automatically collect limited technical information, including:

• IP address
• Browser type
• Access timestamps
• Basic server log data

This information is used for operational integrity, security monitoring, and service reliability.

3. Information Not Collected

Avera does not:

• Collect or process Protected Health Information through the Site
• Collect device inventory data from customer networks through the Site
• Sell personal information
• Engage in advertising-based behavioral tracking

4. Use of Information

Information collected through the Site is used to:

• Authenticate users
• Evaluate Early Access requests
• Communicate with prospective customers
• Maintain website security
• Improve service functionality

5. Local-First Software Architecture

The Avera software application is designed to operate within customer-controlled network environments. Device discovery data, compliance records, and audit information generated within customer installations remain under customer control and are not automatically transmitted to Avera.

6. Data Retention

Authentication information is retained while an account remains active.

Early Access communications are retained as part of business correspondence unless deletion is requested.

Users may request deletion of their account information by contacting Avera at the email address below.

7. Third-Party Service Providers

Avera utilizes third-party service providers for infrastructure and authentication, including:

• Supabase (authentication services)
• Google (OAuth authentication and email infrastructure)
• Hosting and infrastructure providers

These third parties may process information in accordance with their own privacy policies.

8. Data Security

Avera implements reasonable administrative and technical safeguards appropriate to the limited personal information collected through the Site. However, no method of internet transmission or electronic storage can be guaranteed to be fully secure.

9. Requests and Contact Information

Requests regarding account information, data access, or deletion may be directed to: jmylsg@averasystems.com

10. Changes to This Privacy Policy

Avera may update this Privacy Policy from time to time. Updates will be reflected by a revised Effective Date posted on this page.

11. Governing Law

This Privacy Policy is governed by the laws of the State of Arizona, United States.