Effective Date: February 22, 2026
VendoWorks ("VendoWorks," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.vendoworks.com and use our cloud-based procurement optimization platform (collectively, the "Service").
Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.
We collect information you voluntarily provide when you register for an account, subscribe to a plan, use the Service, or communicate with us. This may include:
Account Information: Name, email address, company name, job title, phone number, and login credentials.
Billing Information: Payment card details, billing address, and transaction history. Note that payment processing is handled by our third-party processors (Stripe and Square), and we do not store full payment card numbers on our servers.
Business Data: Procurement data, vendor information, pricing details, order histories, and other business content you submit to the Service.
Communications: Messages, support requests, feedback, and any other content you send to us.
When you access the Service, we automatically collect certain information, including:
Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
Usage Data: Pages viewed, features used, click patterns, session duration, referring URLs, and access timestamps.
Location Data: Approximate geographic location derived from your IP address.
We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity. These technologies help us analyze usage patterns, personalize your experience, and serve relevant content. The types of cookies we use include:
Essential Cookies: Required for the Service to function properly, including authentication and security.
Analytics Cookies: Help us understand how visitors interact with our website using services such as Google Analytics.
Functional Cookies: Remember your preferences and settings to enhance your experience.
Marketing/Tracking Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.
You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service. For more information about the cookies we use, please refer to our Cookie Banner accessible on our website.
We use the information we collect for the following purposes:
(a) To provide, maintain, and improve the Service;
(b) To process transactions and send related information, including purchase confirmations and invoices;
(c) To authenticate your identity and manage your account;
(d) To communicate with you, including responding to inquiries, sending service updates, and providing technical support;
(e) To analyze usage trends and improve our platform's features and functionality;
(f) To detect, prevent, and address security incidents, fraud, and technical issues;
(g) To comply with legal obligations and enforce our Terms and Conditions; and
(h) To send marketing communications, where permitted by law, with the ability to opt out at any time.
We do not sell your personal information. We may share your information with the following categories of recipients:
We engage trusted third-party service providers who process data on our behalf to operate the Service. These providers are contractually obligated to protect your information and use it only for the purposes we specify. Our current processors include:
Auth0 (Okta, Inc.) — Authentication and identity management. Processes login credentials, session tokens, and identity verification data.
Stripe, Inc. — Payment processing for subscription billing. Processes payment card information, billing addresses, and transaction data.
Square, Inc. (Block, Inc.) — Additional payment processing capabilities. Processes payment and transaction data.
Amazon Web Services (AWS) — Cloud infrastructure, hosting, data storage, and computing services. All data stored on AWS is encrypted at rest and in transit.
Google Analytics (Google LLC) — Website and application analytics. Collects anonymized usage data, session information, and browsing behavior.
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or use of your personal information.
We may share your information with other third parties when we have your explicit consent to do so.
We retain your personal information for as long as your account is active or as needed to provide the Service. After account termination, we retain your data for a period of thirty (30) days to allow for data export, after which it is deleted from our active systems. Residual copies may persist in encrypted backups for up to ninety (90) days.
We may retain certain information for longer periods as required by law, to resolve disputes, enforce agreements, or for legitimate business purposes such as fraud prevention and financial record-keeping.
We implement industry-standard security measures to protect your information, including:
(a) Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
(b) Role-based access controls and multi-factor authentication for internal systems;
(c) Regular security assessments, vulnerability scanning, and penetration testing;
(d) Incident response procedures and data breach notification protocols; and
(e) Employee security training and confidentiality agreements.
While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
Depending on your location, you may have the following rights regarding your personal information:
Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information, subject to certain exceptions.
Portability: Request your data in a structured, machine-readable format.
Opt-Out of Marketing: Unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any marketing email or contacting us directly.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:
Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we shared it.
Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions provided by law.
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information, we do so only as necessary to provide the Service and do not use it for purposes beyond what is authorized under the CCPA/CPRA.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise your California privacy rights, please contact us at [email protected] or submit a request through our website. We will verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.
Categories of Personal Information Collected: In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA: identifiers (name, email, IP address); commercial information (transaction history, subscription details); internet or electronic network activity (browsing history, usage data); and professional or employment-related information (company name, job title).
Some browsers transmit "Do Not Track" (DNT) signals. At this time, we do not respond to DNT signals. However, you can manage your tracking preferences through our cookie settings and your browser controls.
The Service may contain links to third-party websites or services that are not owned or controlled by VendoWorks. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
Your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from your jurisdiction. By using the Service, you consent to the transfer of your information to these jurisdictions. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised effective date and, where appropriate, by email notification. We encourage you to review this Privacy Policy periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
Address: 9450 Scranton Road, Suite #108, San Diego, CA 92121
Website: www.vendoworks.com
For California residents, you may also submit a privacy rights request by emailing [email protected].
© VendoWorks. All rights reserved.