VENDORIUM.IO

Vendorium Privacy Policy

Last updated: May 2, 2026 Effective date: May 2, 2026

This Privacy Policy explains how Vendorium (“Vendorium”, “we”, “us”, or “our”) collects, uses, shares, and protects information about you when you use the Vendorium mobile app (the “App”) and related services at vendorium.io (together, the “Service”).

If you do not agree with this Policy, please do not use the Service.

1. Who we are

Vendorium Global LLC operates the Service. You can contact us at:

  • Email: privacy@vendorium.io
  • Mailing address: 27233 Lana Ln. Conroe Tx 77385

For purposes of the EU GDPR and the UK GDPR, Vendorium Global LLC is the data controller for the personal information we collect through the Service.

2. Information we collect

We only collect information needed to operate the Service. We group it as follows:

2.1 Account information

When you create a buyer or vendor account, we collect:

  • Name
  • Email address
  • Password (stored hashed; we never see your plaintext password)
  • For vendors: store name, store description, store logo, business contact details, and any other profile information you choose to provide

2.2 Order and transaction information

When you place or fulfill an order we process:

  • Items purchased, quantities, and prices
  • Shipping address and billing address you provide at checkout
  • Order status and history

2.3 Payment information

Payments are processed by Stripe, Inc. Your full card number, CVC, and bank details are sent directly from your device to Stripe and are not stored on Vendorium servers. We receive only:

  • A Stripe customer or payment-method token
  • The last four digits of the card and card brand (for display)
  • Whether the payment succeeded or failed

Stripe’s privacy practices are described at https://stripe.com/privacy.

2.4 Messages and attachments

When you send a message to a vendor or buyer through in-app chat, we store:

  • The message text
  • Any image you attach
  • The sender, recipient, and timestamps

Images you attach to messages are uploaded to our object storage so the other party can view them.

2.5 Push notification tokens

If you grant push permission, we store the device push token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM), routed through Expo’s push service. We use this token only to send you notifications about orders, messages, and account activity.

2.6 Photos and camera content

If you grant photo library or camera permission, the App accesses photos only when you explicitly select or capture them — for example, when a vendor uploads a product photo or either party attaches an image to a chat. We do not scan or upload photos in the background.

2.7 Crypto wallet (optional Vendorium Pass feature)

If you choose to connect a Phantom wallet to activate a Vendorium Pass NFT membership, we receive and store only your wallet’s public address. We never receive, request, or have access to your private keys or seed phrase.

2.8 Device and usage information

We automatically collect limited technical information:

  • Device model, operating system, and app version
  • Crash logs and error reports
  • IP address (used for security and rate-limiting; not retained beyond log rotation)
  • Approximate timestamps of API requests

We do not use advertising identifiers (IDFA / Android Advertising ID) and do not track you across other apps or websites.

2.9 Information stored on your device

The App stores some data locally on your device using secure storage (iOS Keychain / Android Keystore) and standard app storage:

  • Authentication session tokens
  • Cached product, vendor, and order data for offline browsing
  • Your wishlist and recently viewed items
  • Wallet metadata (public key only)

This information stays on your device and is removed when you log out or uninstall the App.

3. How we use your information

We use the information described above to:

  • Create and maintain your account
  • Process orders, payments, refunds, and shipping
  • Enable buyer-to-vendor and vendor-to-buyer messaging
  • Send order, message, and account push notifications
  • Provide customer support and respond to inquiries
  • Detect, prevent, and investigate fraud, abuse, and security incidents
  • Comply with legal obligations (including tax reporting and lawful requests)
  • Improve the Service through aggregated, non-identifying analytics

We do not sell your personal information, and we do not use it for cross-context behavioral advertising.

4. Who we share information with

We share personal information only with the following categories of recipients, and only as needed:

RecipientPurposeData shared
Stripe, Inc.Payment processingPayment details, billing address, order amount
Apple (APNs) / Google (FCM) / ExpoPush notification deliveryPush token, notification payload
Cloud infrastructure providers (hosting, object storage)Operate the ServiceAll Service data, encrypted in transit and at rest where applicable
The other party in a transactionEnable purchases and fulfillmentFor buyers: name and shipping address shared with the vendor whose product you purchase. For vendors: store name and contact information shared with buyers.
Law enforcement or regulatorsWhen legally requiredOnly what is responsive to a valid legal request
A successor entityMerger, acquisition, or sale of assetsSubject to a successor entity honoring this Policy

We do not share data with advertising networks or data brokers.

5. International transfers

Vendorium operates in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws than your country. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

6. How long we keep your information

  • Account data: kept for the life of your account and for up to 24 months after deletion, to allow account recovery and to meet tax/accounting obligations.
  • Order and payment records: kept for at least 7 years to comply with tax and financial recordkeeping requirements.
  • Messages and attachments: kept while your account is active. Deleting your account deletes your messages within 30 days, except where retention is required to resolve a dispute or comply with law.
  • Push tokens: deleted when the token becomes invalid or you disable notifications.
  • Server logs: rotated after 30 days.

7. Your rights and choices

Depending on where you live, you may have the following rights:

  • Access: request a copy of the personal information we hold about you
  • Correction: ask us to correct inaccurate information
  • Deletion: ask us to delete your account and personal information
  • Portability: receive your data in a portable format
  • Objection / restriction: object to or restrict certain processing
  • Withdraw consent: where we rely on consent (e.g., push notifications), you can withdraw it at any time in device settings

To exercise these rights, email privacy@vendorium.io from the address associated with your account, or use Account → Delete Account in the App. We respond within 30 days.

You can also disable specific permissions (camera, photos, notifications) at any time in your device’s system settings.

California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, and the right to non-discrimination for exercising those rights. We do not sell personal information.

EU/UK residents have the right to lodge a complaint with their local data protection authority.

8. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from children. If you believe a child has provided us with information, please email privacy@vendorium.io and we will delete it.

9. Security

We protect your information using industry-standard measures: TLS for data in transit, encryption at rest for sensitive fields, hashed passwords, secure storage of credentials on device (Keychain / Keystore), and access controls on production systems. No system is perfectly secure; if we ever experience a breach affecting your information, we will notify you in accordance with applicable law.

10. Third-party links and services

The App may contain links to third-party websites or services (for example, vendor-hosted shop URLs or social media profiles). This Policy does not apply to those third-party sites, and we encourage you to review their own privacy policies before using them.

11. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you in the App and update the “Last updated” date above. Continued use of the Service after the effective date of an updated Policy means you accept the changes.

12. Contact

Questions, requests, or complaints about this Policy or our handling of your information:

  • Email: privacy@vendorium.io
  • Mail: 27233 Lana Ln Conroe Tx, 77385