Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account, placing orders, or contacting support. This includes name, email address, phone number, company name, billing address, and shipping address.

We also collect payment information processed through our third-party payment processor, Stripe. VendorX does not store full credit card numbers or bank account details on our servers.

• ✓Account registration data (name, email, company)
• ✓Order and transaction records
• ✓Usage analytics and platform interaction data
• ✓Device and browser information collected automatically
• ✓Cookies and similar tracking technologies

2. How We Use Information

We use collected information to operate, maintain, and improve the VendorX Platform. Specific uses include:

• ✓Processing orders and fulfilling transactions
• ✓Billing and platform licensing fees
• ✓Providing customer support and responding to inquiries
• ✓Sending transactional notifications (order confirmations, shipping updates)
• ✓Analyzing platform usage to improve features and performance
• ✓Enforcing our Terms of Service and preventing fraud
• ✓Complying with legal obligations

3. Data Isolation

VendorX is a multi-tenant platform. Each tenant operates in a fully isolated data environment enforced at the database level using PostgreSQL Row-Level Security (RLS). Tenant data is never commingled, shared across tenants, or accessible to other tenants.

All database queries are scoped to the authenticated tenant context. Cross-tenant data access is architecturally prevented, not merely restricted by application logic.

4. Third-Party Services

We share information with third-party service providers only as necessary to operate the platform. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

• ✓Stripe — payment processing and billing
• ✓ShipStation — shipping label generation and carrier rate shopping
• ✓Sentry — error tracking and application monitoring
• ✓Azure — cloud hosting and infrastructure

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you request account deletion, we remove personal data within 30 days, except where retention is required by law (e.g., tax records, transaction history).

Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and platform improvement purposes.

6. Cookies & Tracking Technologies

VendorX uses cookies and similar technologies on our public marketing site and within the platform application. We categorize these as follows:

• ✓Strictly Necessary — Required for platform operation, authentication, and security (e.g., session tokens, CSRF protection, tenant routing). These cannot be disabled.
• ✓Functional — Remember your preferences and settings (e.g., theme, language, last-used views). These enhance your experience but are not required for core functionality.
• ✓Analytics — Help us understand how the platform is used so we can improve features and performance (e.g., Sentry for error tracking and performance monitoring). These are anonymized and never used for advertising.

6.1. Cookies We Do Not Use

VendorX does not use advertising, retargeting, or third-party marketing cookies. We do not sell or share cookie data with advertisers. We do not participate in cross-site tracking networks.

7. Security

We implement industry-standard security measures to protect your data:

• ✓OAuth 2.0 / OpenID Connect authentication with JWT bearer tokens
• ✓TLS encryption for all data in transit
• ✓AES-256 encryption for data at rest
• ✓Role-based access control (RBAC) with five permission levels
• ✓Regular security audits and vulnerability assessments

8. Your Rights

Depending on your jurisdiction, you may have rights under applicable data protection laws, including the GDPR (EU) and CCPA (California). These rights may include:

• ✓Right to access your personal data
• ✓Right to correct inaccurate data
• ✓Right to delete your personal data
• ✓Right to data portability (export your data)
• ✓Right to opt out of data sales (we do not sell personal data)
• ✓Right to non-discrimination for exercising your rights

9. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

VendorX Platform, Inc. — privacy@vendorxpro.com