Variabl
Variabl

Privacy Policy

Last updated on 12th May, 2026

At Variabl Financial Technologies Private Limited, which we'll refer to as "Variabl" for brevity, we hold a strong commitment to safeguarding personal information that pertains to our clients and other individuals. Our dedication extends to full compliance with the Information Technology Act, 2000, and any associated amendments, as well as all other pertinent laws in effect within India. Our highest priority is nurturing the trust and relationships we have with our clients.

This privacy policy serves as a comprehensive document delineating Variabl's procedures for collecting and sharing personal information. It specifically pertains to the data we gather and employ for the management of various income tax policies and for providing services to our clients. These services encompass, but are not restricted to, tasks such as tax preparation, tax planning, tax scrutiny, addressing tax queries, and delivering financial planning advisory services within the Indian context.

To Whom This Privacy Policy Applies:

This privacy policy is relevant to a range of individuals and entities, including but not limited to the following:

  • Clients: These are the individuals who have engaged with our services and entrusted us with their personal information.
  • Advisers: This category includes professionals and experts who collaborate with us or provide guidance to our clients.
  • Visitors: Anyone who accesses our website or app, whether they are casual visitors or registered users, falls under this classification.
  • Service Providers: This pertains to entities and individuals who offer services to us or act on our behalf.
  • Enquirers: People who inquire about our services, policies, or other related matters.
  • Direct and/or Indirect Beneficiaries: Those who directly benefit from our services or individuals who indirectly gain advantages from our offerings.

For the sake of brevity, we'll collectively refer to all of these categories as "you." This policy applies to all aspects of our website, app, and the various products and services we provide.

Functionality of This Privacy Policy:

This privacy policy serves the purpose of elucidating our privacy-related protocols and encompasses the following key facets:

  • Information We May Collect About You: This section delineates the types of personal information that we may gather from you.
  • Why We Collect Information About You: Here, we expound on the rationale behind the collection of your personal data.
  • How We May Use Your Personal Information: This segment elucidates the various ways in which we might utilize your personal information.
  • Consent: We discuss the role of consent in the processing of your personal data, in compliance with applicable laws.
  • Sharing Your Personal Information: This section clarifies the circumstances under which we might share your personal information, ensuring adherence to confidentiality norms.
  • Transmission, Storage, and Security of Your Personal Information: We outline our commitment to safeguarding your data and the measures we employ for this purpose.
  • Retention of Your Personal Information: This part explains the duration for which we retain your personal information and the reasons for doing so.
  • Your Rights: Here, you'll find information about your rights regarding your personal data in accordance with relevant legal provisions.
  • Contacting Us: You are provided with details on how to get in touch with our designated Grievance Officer for privacy-related matters.
  • Changes to Our Privacy Policy: We acknowledge that our website and services may evolve over time, and we undertake to keep you informed about any modifications to this privacy policy.
  • Cookies Statement: This section pertains to the use of cookies on our website and how they may impact your browsing experience.
  • Miscellaneous: This is a catch-all section covering any additional information that may be pertinent to our privacy practices.

Information We May Collect About You:

We may gather and process the subsequent personal information about you:

  • Newsletter Subscription: When you subscribe to our newsletter, we collect your email address.
  • Provided Information: Information you willingly provide by completing forms or uploading data.
  • Registration Details: To register, you are required to furnish personal identification details, including your name, address, contact information, PAN, GSTIN, email address, mobile numbers and a password. These are essential to enable you to prepare appropriate tax invoices and other services on the platform. We collect mobile numbers, e-mail addresses that you provide us on the Platform and use the same for sending various communications to you.
  • Advisory Services: If you utilize our advisory services, this may encompass information regarding your instructions for such services, as well as the management and administration of those services. Additionally, it may include information related to any claims or complaints, including details provided by third parties.
  • Tax-Related Information: To access tax-related services, you must provide a range of data, including (but not limited to) your name, address, email address, phone number, Permanent Account Number ("PAN"), bank account details, MICR Code, income and deductions data, Director Identification Number (DIN), expense data, asset and liability particulars, vouchers, bank statements, FORM 15CA, FORM 16, FORM 26AS, tax payment challans, debit and credit account numbers, along with their expiration details, and any other information necessary for the preparation of your tax return.
  • We may retrieve your information and records available with third party provider including but not limited to credit score and liabilities information or information from the KYC Registration Agency, Goods and Services Tax Network ("GSTN") and National Informatics Centre such as name, KYC details, KYC status, father's name, occupation, address details and related documents You hereby authorise the Company to download and retrieve any information from governmental and other statutory bodies including but not limited to GSTN and NIC.
  • Tax Scrutiny/Tax Notice Services: If you wish to avail of our Tax Scrutiny/Tax Notice services, we collect relevant information from you, including copies of notices or correspondence sent to you by the relevant department. This data is required for the preparation and submission of appropriate responses to such notices on your behalf.
  • Communication Records: In the event of your contact with us, we may retain records of correspondence, emails, voicemails, or details of conversations conducted with you.
  • Website Interaction: We collect details pertaining to your visits to our website. This includes information obtained through cookies and various tracking technologies, encompassing your IP address, domain name, browser version, operating system, traffic data, location data, web logs, and other communication data. We also monitor the resources you access on our website.
  • Publicly Available Information: We may gather data available in the public domain or from publicly accessible sources, which may include information from social media websites.
  • We may collect Aadhaar details in accordance with Section 139AA of Income Tax Act. In case you are required to provide your Aadhaar details to us during account creation, you acknowledge and agree that the act of providing your Aadhaar details to us is voluntary. We require Aadhaar details solely for the purpose of carrying out KYC and for filing of ITRs & GST Returns.

Why We Collect Information About You:

We may process your personal information for specific legitimate or lawful purposes, including but not limited to the following:

  • Enhancing Network and Information Security: We collect data to bolster the security of our network and information systems, safeguarding them from potential threats and vulnerabilities.
  • Preventing Online Fraud and Cybercrime: Your information is used to identify and prevent online fraud and incidents of cybercrime, ensuring the safety and integrity of our services.
  • Maintaining Accounts and Records: We utilize personal information for the maintenance of our accounts and records, ensuring accurate and up-to-date financial and operational information.
  • Customizing and Enhancing Services and Communications: Personal data is employed to tailor and enhance our services and communications, providing you with a more personalized and efficient experience.
  • Compliance with Applicable Laws: We collect and process information to adhere to the laws currently in force in India, as well as guidelines, orders issued by law enforcement agencies, court requirements, and regulatory obligations.
  • Claims and Legal Defense: Your data may be utilized in the context of defending or asserting legal claims, safeguarding our rights and interests, and ensuring compliance with legal obligations.
  • Facilitating Tax Planning and Advisory Services: Information is used to correspond with clients, beneficiaries, and claimants, facilitating the provision of tax planning and advisory services.
  • Meeting Legal Obligations: We process personal information to fulfill our legal obligations as mandated by the relevant authorities.
  • Protection of Vital Interests: Personal data may be processed to protect your vital interests or those of another individual, particularly in circumstances where such protection is paramount.
  • Training and Quality Assurance: Information is used for training and quality assurance purposes, ensuring that our services meet high standards of excellence.
  • Know Your Client/Customer (KYC) Compliance: We may collect and process data to fulfill KYC compliance requirements as per prevailing regulations.
  • Performance of Contract: Personal information may be processed for the performance of a contract with you or to undertake necessary steps to enter into a contractual agreement.
  • Performance of Public Interest Tasks: In certain instances, personal data may be processed in the performance of tasks carried out in the public interest or in the exercise of official authority, as mandated by relevant laws and regulations.

How We May Utilize Your Personal Information:

We do not sell or share your personal or financial information to anyone. However, notwithstanding anything contained in this Policy, you expressly acknowledge, consent and agree to the following terms on information use and further authorise us to access and use your information in the manner set out below:

  • to use your information to manage your account, to contact you and to operate, improve, and deliver our Platform and Services. We use your information to give you a customized, interactive experience as you use our Platform and avail the Services.
  • to use your information for maintaining a record of such information and your transactions in a secure and confidential manner, and as required under the applicable laws.
  • to use services of third parties to provide the Platform and Services for you, who are bound to keep such information confidential.
  • to troubleshoot software bugs and operational issues, to conduct data analysis, testing and research and to monitor and analyse usage and activity trends. Information collected may also be used to share communications to you about our products & services, provide additional features through cookies and to detect and/or prevent any fraudulent/criminal/prohibited activity as per applicable laws.
  • to use the data in an aggregated/compiled form to produce statistical/demographic analyses for marketing, strategy and other business purposes. However, these will be used in ways that will not be able to identify you or link any specific information to an individual. Such aggregated information and results/analyses shall be our property and you will not be entitled to any compensation for the use thereof.
  • to share your information with judicial, administrative and regulatory entities to comply with any legal and regulatory requirements.
  • to summarize information about your usage and combine it with that of others to learn about the use of the Platform and Services and further to help us develop new products and services.
  • to retain copies of your completed and filed ITRs, including retrieving information from governmental and other statutory bodies including but not limited to GSTN and NIC. This information may also be used to perform analysis or to provide you with a copy of your returns for your convenience.
  • to use your information to manage your account, to contact you and to operate, improve, and deliver our products and services, including the Platform. You further acknowledge, agree and authorise us to use your information for market research, project planning, product development, troubleshoot problems, analyse user behaviour, marketing purposes, and promotions.
  • to use your information to compute the charges for the products and services you purchase.
  • to use the contact information to communicate with you. You further expressly consent and authorise us to send you messages on your mobile number, call you on your mobile number, send you messages and communicate with you in any other manner including for the purpose of providing you Platform and Services and for marketing and promotional purposes.
  • to (by using your Tax Return Information) prepare and file your IT return, and provide related assistance and services.
  • to use third-party advertising companies to display advertisements. Such companies may use information about your visits to the Platform and Third-Party Platforms in order to provide advertisements about goods and services of interest to you.
  • to share your information with identified Strategic Partners, our third party service providers and our affiliates to host, use, copy, transmit, process, store, share, analyse, display, make derivations, and back up all data you submit to us through the Services and as required by us, including but not limited to personal data and any other data relating to financial information of yourself and others, for the purposes of (a) providing the Services requested by you, as set out in this Policy and enable you to use the Platform and avail the Services (including the services provided by our Strategic Partners, third parties and affiliates; (b) allow us to improve, develop and protect the Services; (c) create, market or provide new services through the Company or its Strategic Partners, group companies and affiliates; (d) communicate with you about our Platform and the Services; and (e) send you information we think may be of interest to you. You agree, represent and warrant that you have, and you will maintain, all rights to allow the Company, our Strategic Partners and/ or any third-party service providers, and our affiliates, to host, use, compile, copy, transmit, process, store, share, analyse, display, make derivations, and back up all your data and retain aggregated customer data, including without limitation in combination with data of other users.
  • to conduct audit of your records without any notice in case of apprehension of fraud;
  • to retain/ store your data and confidential information, of any nature (either wholly or partially), in the Company's servers or cloud or otherwise in any other medium as may be transmitted/ processed/ passed through the Platform. Your data is stored on servers located in India. We may use cloud service providers whose servers may be located outside India. In such cases, we ensure appropriate safeguards are in place.

Consent:

Your consent to the processing of your personal information for specific purposes may be obligatory to comply with the Information Technology Act 2000, along with all its amendments, and other relevant laws in effect in India. In cases where your consent is required in accordance with these laws, we will request your consent. You retain the right to withdraw your consent for such processing at any time.

From the moment you visit our website and engage with its content, it will be considered that you have granted your consent to abide by the privacy policies of Variabl.

Identity Theft

There may be instances when you receive a seemingly legitimate looking e-mail asking your personal information from you such as your credit card details, bank account details, one-time passwords, contact information, etc. The Company will never ask for such information from you via e-mail.

Such activities are usually carried on by unauthorized individuals and are illegal in nature. They are called phishing or identity theft. In case of any suspicion of such activity or on receiving such an e-mail you are certain it was not sent by us. We advise you to not respond to such mail and to take whatever action you see fit.

Sharing Your Personal Information:

We are dedicated to upholding non-disclosure standards and all related agreements. We are committed to ensuring the safety and security of websites linked to us. However, it is important to note that we do not exercise control over third-party websites. Consequently, Variabl may access and/or share your personal information with:

Our Affiliates:

Variabl Financial Technologies Private Limited. may share information with its affiliated entities, including but not limited to Variabl Investment Advisers Private Limited and associated affiliate offices as permitted by law. We may provide your personal data to our group companies, but solely for the purposes delineated in this privacy policy. Access to personal information within Variabl Financial Technologies Private Limited. and our affiliates is restricted to individuals who require access for our business operations. Your personal information will not be sold or shared with unauthorized third parties for their own commercial use without your explicit consent.

Chartered Accountants and Financial Professionals (Consent-Based):

Our platform enables you to share your financial information with Chartered Accountants, tax professionals, and other authorized financial advisors for the purposes of income tax filing, GST return preparation, tax advisory, audit support, and related compliance services.

Explicit consent: No financial data is shared with any Chartered Accountant or financial professional without your explicit consent. When you choose to grant access, you are clearly shown what data will be shared and for what purpose. Consent is obtained before access is enabled.

Full transparency: You can view at any time the complete list of Chartered Accountants and financial professionals who currently have access to your data, along with the scope of their access and the date access was granted. This information is available within your account dashboard.

Right to revoke: You retain full control and can revoke access for any Chartered Accountant or financial professional at any time, directly from your account dashboard. Once revoked, the professional will no longer be able to access your data going forward.

All Chartered Accountants and financial professionals who access your data through our platform are bound by their own professional confidentiality obligations and applicable laws governing their practice. We recommend you only grant access to professionals you trust and with whom you have a legitimate working relationship.

Service Providers: Know Your Customer (KYC) Validation Agencies and Other Related Entities:

In compliance with applicable laws, Variabl may disclose your personal information to service providers, including but not limited to KYC validating agencies and other related entities. This disclosure may encompass your KYC details, such as KYC status validation, KYC documentation status, Aadhaar authentication, PAN validity checks, and retrieval of your KYC details, among others. Additionally, your information may be shared with your bank for the creation of an automated financial profile and with various tax departments for accessing your Form 26AS. This sharing is done to automate various data elements that you would otherwise need to manually input.

Where permissible under applicable law, Variabl may reveal your personal information to service providers who perform business functions on our behalf, regardless of their location within or outside India. These third-party service providers may utilize information about your website visits, excluding personally identifiable information such as your name, address, email, or telephone number, to display advertisements for goods and services that may interest you. They may also gather anonymous data regarding your interactions with our products and services and use this data to tailor advertisements. This process employs industry-standard technology such as pixel tags, which is commonly used by major websites, ensuring that no personally identifiable information is collected or used. These service providers are contractually bound to use your personal information appropriately and lawfully, with measures in place to safeguard your data.

Persons Who Acquire Our Assets or Business:

If Variabl Financial Technologies Private Limited. transfers its rights, interests, or claims in any part of its business or assets, certain client information may be included in such transfers. In such cases, Variabl Financial Technologies Private Limited. will provide notification.

Other Third Parties: Governmental Authorities and Third Parties in Legal Proceedings:

Variabl Financial Technologies Private Limited. may disclose your personal information to third parties, including but not limited to courts of law and law enforcement agencies, in connection with investigations, proceedings, or inquiries by these parties, regardless of their location. This disclosure may also be made to facilitate compliance with regulatory requirements or dialogues with law enforcement agencies for the prevention, detection, investigation, prosecution, and punishment of cybercrime incidents or offenses. Variabl Financial Technologies Private Limited. will only proceed with such disclosures if government agencies ensure that the information obtained will not be published or shared with other parties. Additionally, aggregate information compiled from your personal data, which does not reveal individual identities, may be disclosed. Such information could include, for example, the total number of website visitors from a particular state or the average age of website users.

Our Third-Party Service Providers and Processors:

To deliver our services, we work with a limited number of trusted third-party processors. All of them are bound by data processing agreements and handle data in accordance with industry security standards and applicable data protection laws:

Purpose Data Shared Location
Cloud hosting, database, and file storage infrastructure All customer data (encrypted at rest) India
AI-powered invoice extraction and document processing Invoice document content, client names, and GSTIN for matching purposes. We do not share PAN, bank account details, or personal identification documents. Our AI provider does not use this data to train its models. India
User authentication and account management Email, name, authentication tokens United States
Transactional email delivery Recipient email addresses and email content India
SMS and OTP delivery Phone numbers and OTP codes India
Product analytics and usage monitoring Usage data, page views, feature interactions, and limited account identifiers (such as email and name) used to understand user behaviour and improve the platform European Union

We do not sell, rent, or trade your personal information to any third party for marketing purposes. All processors above are bound by data processing agreements that comply with the Digital Personal Data Protection Act, 2023.

Transmission, Storage, and Security of Your Personal Information:

Variabl Financial Technologies Private Limited. is dedicated to safeguarding your personal data with the utmost care, diligence, and the latest technological advancements to prevent unauthorized access. We maintain physical, electronic, and procedural safeguards that are commercially reasonable to protect your personal information in accordance with the Information Technology Act, 2000, along with its amendments and other pertinent laws in force in India.

All customer data is stored on servers located in India (Mumbai region) on Google Cloud Platform. Access to this data is subject to our established security policies and standards. We implement the following technical and operational security measures to protect your personal information from loss, misuse, alteration, or destruction:

  • Encryption in transit: All data transmitted between your browser and our servers uses TLS/SSL encryption.
  • Encryption at rest: Sensitive personal information, including PAN numbers and bank account details, is encrypted at the application level using industry-standard AES-256 encryption before being stored in our database.
  • Access controls: Only authenticated users can access their own data. All access is logged and audited.
  • Rate limiting: Our API endpoints are rate-limited to prevent abuse and brute-force attacks.
  • Secure authentication: We use industry-standard JWT authentication with short-lived tokens.
  • Security best practices: We follow the OWASP Top 10 security guidelines and conduct regular security reviews of our platform.

We require third parties to whom we disclose your personal data to have appropriate technical and organizational measures in place to safeguard your personal information.

If we have provided you with a password or if you have chosen one to access specific parts of our website or any other portal we operate, it is your responsibility to keep this password confidential and adhere to any other security procedures that we communicate to you. As a responsible service provider, we kindly request that you do not share your password with anyone.

Data Residency:

Your primary data — including your account information, client records, invoices, uploaded documents, and AI-processed content — is stored and processed on servers located in India.

A limited set of ancillary data is processed by service providers outside India: authentication services are hosted in the United States, and product analytics are hosted in the European Union. All cross-border data transfers are governed by data processing agreements and comply with the Digital Personal Data Protection Act, 2023.

AI and Automated Processing:

We use an enterprise AI service, hosted in India, to provide automated features that help you work more efficiently. These features include:

  • Extracting invoice data from uploaded PDF documents
  • Suggesting client matches based on invoice content
  • Assisting with tax and GST-related queries

What we share with AI services: Invoice document content (when you upload a PDF), client names, and GSTIN for matching purposes.

What we never share with AI services: PAN numbers, bank account details, Aadhaar details, and personal identification documents. These remain encrypted within our systems at all times and are never transmitted to any AI provider.

Our AI provider operates under a data processing agreement that ensures your data is not used to train AI models and is processed within India. You may opt out of AI-powered features at any time by contacting our Grievance Officer.

Retention of Your Personal Information:

We will retain your personal information for a duration that is reasonably necessary for the purposes outlined in section 2 of this privacy policy. This retention period may entail keeping your personal information for an extended period when there's a potential need related to reviews conducted by agencies or for advisory services. Additionally, we may be obligated to retain your information to comply with tax, accounting, regulatory, or legal requirements.

To govern our data retention practices, we maintain a comprehensive data retention policy that is applied to all the data within our care. When your personal information is no longer necessary, we will ensure its secure deletion.

Your Rights:

The Information Technology Act of 2000, along with its subsequent amendments, bestows upon you certain rights concerning the personal information we hold about you. These rights encompass:

  • Requesting further details regarding the use of your personal information.
  • Obtaining a copy of the personal information we have on record for you.
  • Correcting any inaccuracies in your personal information that we maintain.
  • Requesting the deletion of any of your personal information that no longer has a lawful basis for usage.
  • Stopping specific processing activities by withdrawing your consent, where applicable.
  • Objecting to any processing based on our legitimate interests, unless our reasons for conducting such processing override any detriment to your data protection rights.
  • Transferring your personal information to a third party in a standardized machine-readable format.

In specific situations, we may need to restrict your rights to uphold the public interest, for example, in the prevention or detection of crime.

How to exercise your rights: To make any of the above requests, please use the forms below or contact our Grievance Officer directly:

We will respond to all such requests within 30 days. Please note that certain financial records may be retained for up to 8 years as required by the Income Tax Act, 1961, even after account closure. Such retained data is anonymized where possible.

Disclaimer

We make no representation as to providing or storing back-up copies of any information submitted to us. You shall be solely responsible to ensure that you maintain back-up copies of such information and in the event of any malfunctioning or failing of the Platform for any reason whatsoever (including on account of maintenance), you may be required to resubmit such information.

We take our responsibility to protect your personal information seriously. In the unlikely event of a data breach affecting your personal information, we will:

  • Notify you within 72 hours of discovery
  • Notify the Data Protection Board of India as required by applicable law
  • Provide details of what data was affected and the steps we are taking to mitigate the impact
  • Offer guidance on any protective actions you may take

We maintain an internal incident response plan and conduct regular security reviews to minimize the risk of data breaches.

When payment information is being transmitted on or through the Platform, it will be protected by encryption technology of a third-party payment services providers, including payment gateways. You agree, acknowledge and consent to such sharing of your information with third party service providers to process payments and manage your payment-related information. The Company does not guarantee that the transmissions of your payment-related information or other information will always be secure.

GSTN shall have the sole right and discretion, without any liability of any nature of the Company, by all means (whether manual or automates) to accept/ reject or any User's data from being transmitted to the GST system from our Platform, including but not limited to, in case of security breach, data traffic beyond prescribed by GSTN, suspected payload (having virus and/ or malware) or transfer of corrupt data or due to any other reasons as mandated by GSTN.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

Contacting Us:

We have appointed a Grievance Officer to oversee the handling of personal information. You can reach out to our Grievance Officer for privacy-related matters using the following contact information:

  • Name: Mr. Pranay Gupta
  • Designation: Grievance Officer
  • Contact:
    • Email: grievances@variabl.in

Changes to Our Privacy Policy:

Please be aware that we may alter the content of our website or services without prior notice, which might lead to changes in our privacy policy. Therefore, we encourage you to periodically review it to stay informed about how we are utilizing personal information.

Cookies Statement:

Our website employs cookies. These internet cookies enable us to tailor our website for you by depositing small files on your computer as you explore various segments of https://www.variabl.in/

Through the use of cookies, we can display content that aligns with your interests on specific pages or facilitate your access to your account information.

Like many standard website servers, Variabl utilizes log files. These files might contain internet protocol (IP) addresses, browser types, internet service providers (ISPs), referring/exiting pages, platform types, and more.

At Variabl, we offer calculators and other tools that do not require registration. Casual visitors to the website are bound by the present Privacy Policy. We may gather non-identifiable data from such tools to collect information, such as the number of people using a particular tool.

We employ cookies and other technologies, like pixel tags and clear gifs, to store certain types of information each time you visit a page on our website. Cookies enable this website to recognize the information you have willingly provided and help us determine the website segments most relevant to your professional needs. We may also use cookies to serve advertising banners. These banners may be served by us or a third party acting on our behalf. Rest assured, these cookies do not contain personal information. To confirm that robots or Artificial Intelligence (AI) are not visiting the website, we may utilize Captcha or pictures.

Whether your web browser should accept cookies is at your discretion. If you haven't adjusted your computer's settings, your browser likely already accepts cookies. Opting to decline cookies may limit your ability to fully access all of the website's features. You can also delete or entirely disable your browser's cookies, although this may significantly impact your website experience, rendering certain sections non-functional or inaccessible.

Product Analytics: We use a third-party product analytics service, hosted in the European Union, to understand how users interact with our platform and to continuously improve it. This service sets cookies and uses local storage to track page views and feature usage. It may also receive limited account identifiers such as your name and email to help us understand user behaviour across sessions. This service is bound by a data processing agreement and does not use your data for any purpose other than providing analytics to us. You can opt out of analytics tracking at any time by contacting our Grievance Officer.

Miscellaneous:

It is essential to carefully read and understand this privacy policy. It offers insights into the usage of personal information and your rights under the Information Technology Act of 2000, along with all its subsequent amendments.

This website may feature links to other third-party websites. Should you decide to follow a link to any of these third-party websites, please be aware that they maintain their own distinct privacy policies. Consequently, we cannot accept any responsibility or liability for their policies or the handling of your personal information.

Our primary aim is to keep you well-informed about the information we collect and how we employ it to provide you with our services, enhance your financial well-being, manage our operations, and make our services more useful. We remain committed to not selling or sharing your personal information with unauthorized third parties for their own commercial purposes without your explicit consent.

Our Compliance Framework:

Variabl operates in accordance with the following standards and regulations:

  • Digital Personal Data Protection Act, 2023 (DPDP Act) — India
  • Information Technology Act, 2000 — India
  • OWASP Top 10 security best practices
  • Infrastructure hosted on cloud providers that maintain ISO 27001 and SOC 2 certifications
  • Data processing agreements signed with all major service providers

Variabl does not currently hold SOC 2 or ISO 27001 certification in its own name, but we build on infrastructure and processes that meet these standards. We are committed to strengthening our compliance posture as we grow.

Governing Law

This Policy is governed by all laws applicable within the territory of India. By using the Platform and Services, you are agreeing to the terms of the Policy thereby consenting to the exclusive jurisdiction and venue of courts in Bangalore, India, in all disputes arising out of or relating to the use of the Platform or this Policy.