VendorMode
Home Support Login Get started
Home Support Login Get started
Legal

Privacy Policy

This policy explains how VendorMode collects and uses information on the landing page and within the Service.

Back to home Terms of Service
Effective date: February 19, 2026 • VendorMode (“VendorMode”, “we”, “us”)

Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully. By using VendorMode, you consent to the practices described in this policy.

1. Information we collect

We collect information you provide directly, information automatically through your use, and information from third parties.

  • Account information: When you sign up, we collect your name, email address, organization name, and password. If you add team members, we collect their names and email addresses.
  • Profile and billing information: You may provide additional profile details. Payment information (e.g., credit card details) is collected and processed by Stripe; we do not store full card numbers.
  • Customer content: This includes quotes, invoices, contracts, customer and vendor details, product/service information, and any files you upload (attachments, documents).
  • Usage data: We automatically collect information about how you interact with the Service, such as IP address, browser type, pages viewed, features used, and timestamps. We use cookies and similar technologies – see our Cookie Notice for details.
  • Communications and feedback: When you contact support, submit a support ticket, or provide optional cancellation feedback, we collect your name, email address, and any information you include. This data is transmitted to us via Web3Forms and stored in our email system; it is not retained in our application database.

2. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Service (e.g., generate PDFs, send transactional emails, enforce upload limits).
  • Process transactions and manage your subscription (billing, cancellations, grace periods).
  • Communicate with you about updates, security alerts, and support.
  • Monitor and analyze usage patterns to enhance performance and reliability.
  • Detect, prevent, and address fraud, abuse, or violations of our Terms.
  • Respond to your support requests and feedback.
  • Comply with legal obligations.

3. How we share your information

We do not sell your personal information. We share information only as described below:

  • Service providers: We engage trusted third parties to perform functions on our behalf, subject to confidentiality obligations:
    • Stripe – payment processing
    • ZeptoMail (Zoho) – transactional email delivery
    • DigitalOcean – hosting, database, object storage (Spaces), and Redis/Valkey
    • ApexCharts – dashboard visualizations (no data sent to them)
    • Web3Forms – used for optional cancellation feedback, contact forms, and support ticket submissions. Data you submit via these forms is transmitted to us via email; we do not store it in our application database.
  • Legal requirements: We may disclose information if required by law, subpoena, or other legal process, or to protect the rights, property, or safety of VendorMode, our users, or others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with notice to you.
  • With your consent: We may share information for other purposes if you give us explicit consent.

4. Data retention and deletion

We retain your information for as long as your account is active or as needed to provide the Service. You have control over your data:

  • Manual deletion: You may permanently delete your account and all associated data at any time from your account settings. For paid accounts with an active subscription, you must first cancel your subscription (which schedules cancellation at the end of the billing cycle) before the delete option becomes available. Once you confirm deletion, your data is immediately and irreversibly removed from our active systems. Trial accounts can delete immediately without prior cancellation.
  • Automatic deletion after cancellation: If you cancel your subscription but do not manually delete your account, your account remains active until the end of the current billing cycle, then enters a 60‑day read‑only grace period (30 days for trial accounts after trial expiration). During grace, you may view data but cannot create, edit, send, or generate PDFs/emails. On the final day of grace, the account and all associated data are permanently deleted.

After deletion, residual copies may remain in our backups for a limited period (typically up to 30 days) before being overwritten. Backups are securely stored and used only for disaster recovery; they are not accessible for regular operations.

You may also request earlier deletion by contacting us, subject to our legal obligations.

5. Security

We implement technical and organizational measures to protect your information, including encryption in transit (TLS), access controls, and regular security assessments. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your rights and choices

Depending on your location, you may have rights regarding your personal information:

  • Access and portability: Request a copy of your data.
  • Correction: Update inaccurate information.
  • Deletion: Request deletion (subject to our retention schedule).
  • Object or restrict: Object to certain processing.

To exercise your rights, contact us at [email protected]. We will respond as required by law. You may also update account information directly in the Service.

7. International data transfers

VendorMode is based in the United States and uses service providers in various countries (including the United States). Your information may be transferred to, stored, and processed in countries outside your own. We ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place where required by law.

8. Children’s privacy

The Service is not directed to individuals under the age of majority where they reside. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will delete it.

9. Changes to this Privacy Policy

We may update this policy from time to time. Material changes will be notified via the Service or email. Your continued use after changes constitutes acceptance.

10. Contact us

If you have questions about this policy, please contact us at:
[email protected]
VendorMode, [Address – optional].

Region‑specific disclosures

Depending on where you live, additional terms may apply as described below.

EEA/UK Addendum (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies:

  • Lawful basis: We process your personal data based on (i) performance of a contract (e.g., providing the Service), (ii) our legitimate interests (e.g., improving security, preventing fraud), (iii) compliance with legal obligations, and (iv) consent where required.
  • Your rights: In addition to those above, you have the right to lodge a complaint with your local data protection authority.
  • Data Processor: For customer content you upload, you are the controller and we are the processor. Our Data Processing Agreement, including Standard Contractual Clauses, is available upon request.
  • Transfer: Data may be transferred outside the EEA/UK; we use SCCs or other approved mechanisms to protect it.
Canada Addendum (PIPEDA / CASL)
  • Consent: By providing personal information, you consent to its collection, use, and disclosure as described. You may withdraw consent subject to legal or contractual restrictions.
  • Anti‑spam: We send transactional emails only; you must obtain consent from your own contacts as required by CASL.
  • Access: You may request access to your information and challenge its accuracy.
Australia Addendum (Privacy Act / Australian Privacy Principles)
  • Notifiable Data Breaches: We will notify you and the OAIC if a data breach is likely to result in serious harm.
  • Cross‑border disclosure: Your information may be disclosed to recipients outside Australia; we take steps to ensure they do not breach Australian Privacy Principles.
  • Access: You may request access to your information; we may charge a reasonable fee.
California Addendum (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you additional rights:

  • Right to know: Request details about the personal information we collect, use, and disclose.
  • Right to delete: Request deletion, subject to exceptions (e.g., to complete a transaction).
  • Right to correct: Request correction of inaccurate information.
  • Right to opt‑out of sale/share: We do not sell or share personal information for cross‑context behavioral advertising.
  • Right to limit use of sensitive information: We only use sensitive information as necessary to provide the Service.
  • Non‑discrimination: We will not discriminate against you for exercising your rights.

To exercise your rights, contact [email protected]. We will verify your request.

This document is provided for informational purposes and does not constitute legal advice. You should consult counsel to tailor these terms for your specific business and jurisdiction.