Privacy Policy for Vendorapp

Introduction

Welcome to Vendorapp! This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website www.vendorapp.co (the "Site") and use our web application (the "App"). By accessing or using the Site and App, you agree to this Privacy Policy. If you do not agree with any terms of this Privacy Policy, please do not use the Site and App.

This Privacy Policy complies with applicable data protection regulations, including the General Data Protection Regulation (GDPR) for users in the EU/UK and the California Consumer Privacy Act (CCPA) for users in California, USA.

1. Information We Collect

   1.1 Personal Information: We collect personal information directly from you when you create an account or register with our Site and App. This information includes:

   • Name
   • Phone numbers
   • Email addresses
   • Job titles
   • Usernames
   • Contact details for authentication

   1.2 Billing Information: If you sign up for a paid plan, we collect additional billing information, including:

   • Billing addresses
   • Payment details (processed securely by Stripe; Vendorapp does not store financial information)

   1.3 Derivative Data: We collect derivative data for tracking and analytics purposes, including:

   • Log and usage data
   • Device data
   • Location data

   1.4 Payment Processing Details: Payments made through Vendorapp are securely processed via Stripe. While Vendorapp does not store financial details, we maintain basic transaction records in compliance with financial and tax regulations.

   1.5 Support Ticket Data: We use Microsoft 365 for managing support tickets. If you contact us for support, your email address and name may be stored in our ticketing system.

   1.6 Cookies and Tracking Technologies: Our Site and App use cookies and similar tracking technologies to improve user experience, analyze usage patterns, and provide relevant advertising. You can adjust cookie preferences through your browser settings.

2. Use of Your Information

   2.1 We use the information we collect to provide and improve our services and to fulfill contractual obligations, including:

   • Enabling user-to-user communications
   • Identifying usage trends
   • Requesting feedback
   • Sending marketing and promotional communications

   2.2 You can unsubscribe from marketing and promotional communications by clicking the unsubscribe link at the bottom of our marketing emails.

3. Subprocessors

   To provide the best service, we work with the following subprocessors:

   • Microsoft Azure (Hosting & AI services)
   • Microsoft 365 (Support Ticketing)
   • Brandfetch (Public Vendor Data Lookup)
   • Kinde (Authentication)
   • Stripe (Payment Processing)

   Subprocessor	Purpose	Data Processed
   Microsoft Azure	Hosting and data storage	Customer data stored in dedicated tenant spaces
   Azure Open AI	Workspace intelligence (AI)	Query data stored within each customer's name
   Microsoft 365	Support ticketing	Names and email addresses (PII)
   Brandfetch	Fetching vendor names & logos	Publicly available data only
   Kinde	Fetching vendor names & logos	Publicly available data only
   Stripe	Payment processing	Secure handling of customer payment details

   We ensure that all subprocessors handle data in compliance with GDPR, CCPA, and other applicable laws.

4. Data Security & Retention

   4.1 Encryption: We use encryption to protect data at rest and in transit, ensuring that customer data remains secure.

   4.2 Retention:

   • Customer data is stored as long as the account remains active
   • Upon termination of the account, data is deleted within 90 days, unless retention is required for legal, tax, or compliance reasons
   • Payment processing records handled by Stripe may be retained for up to 7 years in accordance with financial regulations

   4.3 Data Deletion Requests: Users may request deletion of their data at any time by contacting us at support@vendorapp.co. We will process such requests in compliance with legal and regulatory obligations.

5. GDPR & CCPA Compliance & User Rights

   If you are an EU/UK user, you have the right to:

   • Access your personal data
   • Rectify incorrect or incomplete data
   • Request deletion of your data
   • Object to processing under certain circumstances
   • Request data portability to another service provider

   If you are a California resident (CCPA-compliant), you have the right to:

   • Request disclosure of the categories of personal data collected and processed
   • Request deletion of your personal data (subject to legal exceptions)
   • Opt-out of the sale of personal data (Vendorapp does not sell user data)

   You may also object to our use of subprocessors under GDPR by contacting us at support@vendorapp.co. If objecting, we will work with you to evaluate alternative processing options, though refusal of essential subprocessors may limit service functionality.

6. Changes to This Privacy Policy

   We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. By continuing to use the Site and App after any changes are made, you agree to the revised Privacy Policy.

   Users will be notified of significant changes via email or through the Vendorapp platform.

7. Governing Law

   This Privacy Policy shall be governed and construed in accordance with the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

8. Contact Us

   If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

   Email: support@vendorapp.co

   Address: Vendorapp Limited, 1 Park Road, Hampton Wick, Kingston Upon Thames, Surrey, KT1 4AS, United Kingdom