Least data possible
We avoid collecting data we do not need. Our website does not use analytics or advertising trackers, and our client work is scoped around the minimum access required to deliver the project.
Trust
Security without theater.
Varcera builds operational software for real businesses. That means security has to be practical: restricted access, conservative vendor choices, clear ownership, and a bias toward simple systems that are easier to reason about.
Principles
We keep the posture disciplined and the claims modest.
Business-grade vendors
We rely on established providers for hosting, payments, scheduling, and email, and we prefer services that support encryption, access controls, and administrative auditability.
Human accountability
Security is handled as an operating discipline, not a badge. Access is restricted, credentials are managed deliberately, and production systems are reviewed by people who understand the risks.
Controls
Operational controls we rely on.
This is a practical summary of our current approach, not a promise of perfect security. Threats change. Systems change. We aim to keep the fundamentals strong and the surface area small.
01
Access Control
Access to business systems and project environments is limited to authorized personnel with a legitimate need. We aim to keep permissions narrow, remove stale access promptly, and use vendor-level authentication controls where available.
02
Encryption
We use service providers that support encryption in transit and encrypted storage. Sensitive information is not intentionally transmitted or stored in plain text when a secure alternative is available.
03
Vendor Selection
We keep our vendor footprint small. Public website delivery and security are handled through Cloudflare, scheduling through HubSpot, payments through Stripe, and business email through Google Workspace.
04
Development Practices
We favor simple architectures, explicit review, and small, understandable systems over unnecessary complexity. Fewer moving parts usually means fewer failure modes.
05
Monitoring & Response
We monitor for operational issues through our platform providers and investigate credible security concerns promptly. If we identify a material incident affecting your information, we will work to contain it and communicate appropriately.
06
Retention & Disposal
We retain information only as long as needed for business, legal, or operational purposes. When data is no longer needed, we aim to delete it or remove access to it in the ordinary course of operations.
Responsible Disclosure
If you find something, tell us directly.
If you believe you have identified a security issue involving our website or business systems, email security@varcera.com. Include enough detail for us to reproduce the issue. We ask that you avoid service disruption, social engineering, destructive testing, or access to data that is not your own.
What helps
- A short description of the issue and impacted URL or flow
- Steps to reproduce and expected versus actual behavior
- Screenshots or headers if they materially help
- A safe way for us to contact you for follow-up
FAQ
Straight answers to the common questions.
Do you use cookies or tracking scripts on the website?
We do not run analytics software, advertising pixels, or behavioral trackers on this website. Cloudflare may set strictly necessary cookies for security and performance.
Do you sell or share personal data for advertising?
No. We do not sell personal information, and we do not share it with third parties for advertising purposes.
Do you provide a SOC 2 report or security questionnaire responses?
Not by default. We are a small firm and do not present ourselves as a certification-heavy enterprise vendor. For serious engagements, we can discuss reasonable diligence requests directly.