Privacy Policy

1. Introduction and Scope

Vendera AI, Inc. ("Vendera," "we," "our," or "us") operates the website at https://vendera.ai, the Vendera Vending Management System mobile application ("VMS App"), and the Vendera AI-powered smart cooler platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with the Services.

This Policy applies to:

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

2.1 Information You Provide Directly

2.2 Information Collected Automatically

When you visit our website or use the VMS App, we automatically collect:

2.3 Transaction and Cooler Data

When a Consumer uses a Vendera smart cooler, the following data is collected as part of the payment and inventory management process:

IMPORTANT NOTICE REGARDING VIDEO RECORDING: Each Vendera smart cooler records video during open-door sessions. A notice is posted on every cooler unit advising Consumers of this recording. Video footage is used exclusively for transaction verification, AI product recognition, dispute resolution, and fraud prevention. Vendera does not use video footage for facial recognition, biometric identification, or targeted advertising purposes.

2.4 Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. You may control cookie preferences through your browser settings. We use:

3. How We Use Personal Information

3.1 To Provide and Operate the Services

3.2 To Improve the Services

3.3 Business and Legal Operations

3.4 Marketing and Communications

4. Legal Bases for Processing (GDPR and UK GDPR)

For individuals in the European Economic Area (EEA) or the United Kingdom, our processing of personal data is based on the following legal grounds:

5. How We Share Personal Information

We do not sell personal information. We share information only in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to operate the Services on our behalf. These providers are contractually bound to process data only as instructed by Vendera and to maintain appropriate security standards. Current categories of service providers include:

5.2 Business Partners and Distributors

Where an Operator has been referred to Vendera through a distributor or business partner, we may share account and operational data with that distributor to the extent necessary to support the Operator relationship. We will inform Operators of any such sharing arrangements.

5.3 Legal and Regulatory Disclosures

We may disclose personal information if required to do so by law, court order, or government authority, or where we reasonably believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

5.4 Business Transfers

In the event of a merger, acquisition, asset sale, or other business combination, personal information may be transferred as part of that transaction. We will notify affected individuals if a transfer results in a material change in how their data is used.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to resolve disputes. Specific retention practices:

You may request deletion of your personal data at any time, subject to our legal retention obligations, by contacting us at [email protected].

7. Your Privacy Rights

7.1 Rights Under GDPR and UK GDPR

If you are located in the EEA or the United Kingdom, you have the following rights:

To exercise these rights, contact us at [email protected]. We will respond within thirty (30) days. You also have the right to lodge a complaint with your local data protection authority.

7.2 Rights Under CCPA and CPRA (California Residents)

California residents have the right to Know, Delete, Correct, Opt-Out of Sale or Sharing (Vendera does not sell or share personal information for cross-context behavioral advertising), Limit Use of Sensitive Personal Information, and Non-Discrimination. To submit a request, contact us at [email protected]. We will verify your identity before processing and respond within forty-five (45) days.

7.3 Rights Under PIPEDA (Canadian Residents)

If you are located in Canada, you have rights under PIPEDA to access, correct, and request deletion of your personal information. Contact us at [email protected].

8. International Data Transfers

Vendera is based in the United States. If you access our Services from outside the United States, your personal information will be transferred to, stored, and processed in the United States. We ensure such transfers comply with applicable law, including through Standard Contractual Clauses (SCCs) where required by GDPR.

9. Data Security

Vendera implements appropriate technical and organizational measures to protect personal information, including encryption of data in transit using TLS/SSL, PCI-DSS compliant payment processing through WeVend, access controls and authentication for the VMS platform, and regular security assessments. No method of transmission over the internet is completely secure; while we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

10. Children's Privacy

The Services are not directed to children under the age of thirteen (13) in the United States or under sixteen (16) in the EEA. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will delete it promptly. If you believe a child has provided us with personal information, contact us at [email protected].

11. Third-Party Links and Services

Our website and VMS App may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy with a revised effective date. For material changes, we will provide additional notice at least thirty (30) days before the change takes effect.

13. Contact Information

For questions regarding this Privacy Policy or your personal information:

Company: Vendera AI, Inc.

Website: https://vendera.ai

Privacy Inquiries: [email protected]