← Back

Security

Last updated: 10.05.2026

Varox is designed as a cloud platform for demand planning, forecasting, delivery planning, and operational analytics. We understand that customers may upload business-critical operational data, and we take platform security seriously.

This page provides a high-level overview of the technical and organizational measures used to help protect the service and customer data. How we process personal information is described in our Privacy Policy.

Infrastructure and hosting

Varox is operated using modern cloud and server infrastructure with HTTPS/TLS encryption enabled for web traffic and API communication.

Access to infrastructure and operational systems is restricted to authorized administrators only.

We monitor platform stability, application errors, and operational health to maintain reliability and detect abnormal activity.

Authentication and account security

Varox uses authenticated accounts for access to the platform.

Security measures include:

  • password hashing
  • HTTP-only authentication cookies
  • secure session handling
  • tenant-scoped access controls
  • verification flows for account actions where applicable

Users are responsible for maintaining the security of their own credentials and devices.

Tenant isolation

Varox is designed as a multi-tenant platform with logical separation between customer workspaces.

Application-level access controls are used to ensure users can only access data associated with their own tenant or organization.

Data handling

Uploaded datasets and imported operational data remain under the control of the customer.

Varox processes uploaded data only to provide requested functionality such as:

  • forecasting
  • delivery planning
  • reporting
  • inventory analytics
  • integrations

We do not sell uploaded business data.

We do not use customer datasets to train unrelated public AI models.

Encryption and transport security

Connections to the platform are protected using HTTPS/TLS encryption.

Sensitive credentials and authentication-related information are stored using secure industry-standard practices where applicable.

Logging and monitoring

Varox maintains operational logs and monitoring systems to:

  • diagnose platform issues
  • detect abuse or unauthorized activity
  • improve reliability and performance
  • support incident investigation

Logs are retained only for reasonable operational and security purposes.

Integrations and external providers

Varox may use carefully selected third-party providers for infrastructure, billing, email delivery, monitoring, and optional AI functionality.

These providers process data only as necessary to operate the service.

Availability and backups

We aim to maintain reliable availability and operational continuity.

Infrastructure backups and recovery procedures may be used for operational resilience and disaster recovery purposes.

However, customers are responsible for maintaining their own exports and archival copies where required for business or regulatory purposes.

Responsible disclosure

If you believe you have discovered a security issue affecting Varox, please contact: [email protected]

Please provide sufficient detail to help us investigate responsibly.

Security limitations

No online platform can guarantee absolute security.

While we implement reasonable technical and organizational safeguards, customers should evaluate Varox based on their own operational, regulatory, and security requirements.