Privacy Policy

Privacy Policy

This Privacy Policy explains how VendorMode collects, uses, discloses, and protects information when you visit our landing page or use our Service. This policy applies to visitors, trial users, and subscribers.

1. Information we collect

• Account information: name, email, company name, and login credentials (stored securely).
• Service content: data you enter into VendorMode, such as customers, contacts, vendors, products/services, quotes, contracts, and invoices.
• Usage data: logs and events (e.g., device/browser, timestamps, approximate location inferred from IP) for security and reliability.
• Billing: subscription billing is processed by Stripe. We do not store full payment card numbers on our servers.

2. How we use information

• Provide, operate, and maintain the Service.
• Generate and deliver quotes and invoices (including PDFs) per your actions.
• Detect, prevent, and address security incidents, fraud, and abuse.
• Enforce usage limits and rate limiting to maintain platform reliability.
• Improve product performance and user experience.

3. Sharing and disclosures

We do not sell your personal information. We may share information with service providers who help us operate the Service, such as hosting, storage, email delivery, payment processing, analytics (if consented), and support tooling. These providers are authorized to process data only as needed to provide services to us.

4. Data retention

We retain personal information and Service data as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. You may request deletion of your account and associated data, subject to legal and operational requirements.

5. Security

We implement reasonable technical and organizational measures to protect data. However, no method of transmission or storage is completely secure. You are responsible for safeguarding your login credentials.

6. International transfers

We may process and store data in countries outside your country of residence. Where required by law, we use appropriate safeguards for cross-border transfers.

7. Your rights (EEA/UK and Canada)

EEA/UK (GDPR / UK GDPR) rights

• Access, correct, delete, or restrict processing of your personal data (subject to legal limits).
• Object to processing and request portability where applicable.
• Withdraw consent at any time for consent-based processing (does not affect prior processing).
• Lodge a complaint with your supervisory authority.

Lawful bases may include contract performance, legitimate interests (security and reliability), and consent (analytics cookies on the landing page).

Canada (PIPEDA) rights

• Request access to personal information we hold about you, and request corrections.
• Withdraw consent for certain processing where consent is the basis, subject to legal and contractual restrictions.

8. Contact

Privacy questions can be sent to: [email protected]

This policy is a general template and does not constitute legal advice. You should consult counsel to tailor it for your specific business and jurisdiction.