AveryOS Privacy Policy

Name: AveryOS™
Author: Jason Lee Avery

Last updated: 2025-08-21
Controller: AveryOS, LLC (Utah, USA) ("AveryOS", "we", "us", "our")
Contact: truth@averyworld.com

Plain-English snapshot

We collect the minimum data needed to run and improve AveryOS.
We do not sell your personal information.
You can access, correct, delete, or export your data and opt-out where laws provide.
We use strong security and AveryAnchored™ cryptographic integrity for key legal docs.
Some rights vary by region (EU/UK, California, Brazil, Canada, Japan). See Regional Rights.

1) Scope

This policy covers personal data processed through AveryOS.com, its subdomains, and services that link to this policy (the "Services"). It does not cover third-party sites or services we don't control.

2) Data We Collect

You provide: account/contact details (name, email, org, role), support messages, content you submit.
We collect automatically: usage logs, device/browser info, approximate location (from IP), telemetry, diagnostics.
Payments: handled by PCI-compliant processors; we store minimal billing meta (e.g., last 4 digits, token, transaction IDs).
Sensitive data: we don't seek it. If you send it to us, you authorize us to process it only to provide the Services. Please avoid sending unless necessary.

3) Why We Process (Legal Bases)

Provide the Services (contract). Account creation, features, support, billing.
Security & integrity (legitimate interests / legal duty). Abuse/fraud prevention, IP/license enforcement, integrity anchoring.
Improve & research (legitimate interests / consent where required). Analytics, quality, performance.
Marketing & communications (consent/opt-out). Service updates and announcements.
Compliance (legal obligation). Taxes, accounting, legal requests.

We may use de-identified/aggregated data for analytics. We do not sell personal information.

4) Cookies & Similar Tech

We use essential cookies (security, session) and, with consent where required, analytics cookies. You can adjust preferences via our cookie banner and browser settings.

5) Data Sharing & Transfers

We share data with: service providers (hosting, CDN, email, analytics, payments); legal recipients when required; and during corporate events.
International transfers occur. We use SCCs/UK Addendum or equivalent safeguards when required.

Infrastructure note: We use global networking/CDN providers. AveryOS does not intentionally operate servers or data storage in China, Russia, or Türkiye. Traffic may transit global networks operated by third parties, but AveryOS does not establish or maintain servers in those jurisdictions.

6) Retention

We retain personal data only as long as needed to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. On request or account closure, we delete or de-identify data unless retention is legally required.

7) Your Rights

Global baseline rights include access, correction, deletion (with exceptions), restriction/objection, portability, and consent withdrawal.
How to exercise: truth@averyworld.com (or in-product controls). Identity verification may be required. No discrimination for exercising rights.

8) Children

Our Services are not directed to children under 13 (or local age). Contact us to request deletion if a child provided data.

9) Security

We use administrative, technical, and physical safeguards (encryption in transit, least privilege, environment hardening, AveryAnchored™ integrity). No system is 100% secure; please use strong passwords and report incidents.

10) Changes

We may update this policy and will post the new date. Where required, we will seek consent.

11) Contact

AveryOS Privacy Office — truth@averyworld.com

12) Regional Rights Addenda

EU/EEA & UK (GDPR/UK-GDPR)

Controller: AveryOS, LLC. Transfers via SCCs/UK Addendum. Lodge complaints with your local DPA. No solely automated decisions with legal/similar effects without required safeguards.

California (CCPA/CPRA)

Categories: identifiers, internet activity, commercial info, approx. geolocation, limited inferences. We do not sell/share personal information. Rights include know/access, delete, correct, portability, limit sensitive PI, and non-discrimination.

Brazil (LGPD)

Bases: contract, legitimate interests, compliance, consent where required. Rights: confirmation, access, correction, anonymization, portability, deletion, info on sharing, revocation, and review of automated decisions when applicable.

Canada (PIPEDA)

Principles: accountability, consent, limiting collection/use/retention, accuracy, safeguards, openness, access, challenge compliance. Transfers under contractual safeguards.

Japan (APPI)

Purpose notice at collection; foreign transfer details disclosed; consent obtained where required.

13) Country Availability

Due to localization/regulatory constraints, we do not intentionally operate servers or data storage in China, Russia, or Türkiye, and we do not direct the Services to residents there. Access may be restricted.

14) AveryAnchored™ — Verification & Integrity

This Privacy Policy is AveryAnchored™ (anchored to the AveryOS Encrypted Deterministic Kernel).
User badge/link: AveryAnchored — Verify → `/verify?doc=privacy-policy`.
Machine embed (example): ```html

\`\`\`

15) Governing Law; Venue

Except where prohibited by law, Utah, USA law governs. Venue: courts in Utah County, Utah, USA.