Skip to main content
Legal

Privacy Policy

We take your privacy seriously. Here's exactly what we collect, why, and how we protect it.

Last updated: March 11, 2026·Terms of Service →

The short version

We collect only what we need to run the service. We never sell your data. You own everything you upload. You can delete your account and data at any time.

1. Information We Collect

We collect information you provide directly when creating an account: name, email address, company name, and payment method details processed by Stripe. We also collect: insurance certificate documents you upload, vendor data you enter, and usage data (pages visited, features used, timestamps) used solely to improve the service. We do not collect sensitive personal information beyond what is necessary to provide the service.

2. How We Use Your Information

We use your information to: provide and operate the VendorValid service, send transactional emails (expiry alerts, team invitations, password resets, compliance reports), process payments via Stripe, and respond to support requests. We do not use your data for advertising and we do not sell it to third parties — ever.

3. Data Storage and Security

All data is stored in Supabase (PostgreSQL) with row-level security enforcing complete isolation between companies — no company can access another's data. Insurance documents are stored in private cloud storage and accessible only via short-lived signed URLs. Payment information is processed and stored exclusively by Stripe. All data in transit is encrypted via TLS 1.3. Data at rest is encrypted with AES-256.

4. Data Sharing

We share data only with service providers necessary to operate VendorValid: Supabase (database and storage), Stripe (payment processing), Resend (transactional email delivery), Anthropic (AI document extraction — documents are processed but not stored by Anthropic for training), and Inngest (background job processing). Each provider is contractually bound to use your data only to provide their services to us.

5. Vendor Portal Data

Insurance documents uploaded through the vendor self-service portal are associated with the requesting company's account. Vendors uploading documents via their portal link acknowledge that the uploaded documents will be stored and accessible to the company that invited them. Vendors can contact support@vendorvalid.com to request removal of their documents.

6. Data Retention

We retain your data as long as your account is active. Upon account cancellation, data is retained for 30 days to allow recovery, then permanently and irreversibly deleted. You may request immediate deletion of your data before the 30-day period by contacting privacy@vendorvalid.com.

7. Your Rights

You may access, correct, or delete your personal data at any time from your account settings. You may export all vendor and policy data as CSV from your account. For data deletion requests, copies of data we hold, or GDPR/CCPA inquiries, contact privacy@vendorvalid.com. We will respond within 30 days.

8. Cookies

We use session cookies strictly for authentication, managed by Supabase Auth. We do not use advertising cookies, tracking pixels, or third-party marketing cookies. Any analytics we collect are aggregate, anonymized, and used only to improve the product.

9. Children's Privacy

VendorValid is a business software platform intended for users aged 18 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, contact privacy@vendorvalid.com and we will delete it.

10. Changes to This Policy

We will notify account owners by email at least 14 days before making material changes to this privacy policy. Minor clarifications may be made without notice. Continued use of the service after notification constitutes acceptance of the updated policy.

11. Contact Us

Privacy questions or requests: privacy@vendorvalid.com. General support: support@vendorvalid.com. We aim to respond within 2 business days.

Privacy questions? Email privacy@vendorvalid.com.