Privacy Policy
1. Introduction and Scope
Vendera AI, Inc. ("Vendera," "we," "our," or "us") operates the website at https://vendera.ai, the Vendera Vending Management System mobile application ("VMS App"), and the Vendera AI-powered smart cooler platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with the Services.
This Policy applies to:
- Visitors to vendera.ai and any Vendera-owned web properties
- Business operators and distributors who purchase, lease, or manage Vendera coolers and use the VMS App ("Operators")
- End customers who interact with a Vendera smart cooler to purchase products ("Consumers")
- Prospective partners, distributors, and enterprise buyers who contact us or request information
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Services.
2. Information We Collect
2.1 Information You Provide Directly
- Contact and inquiry data: name, email address, phone number, company name, job title, and message content submitted via our website contact forms, demo request forms, or discovery call scheduling
- Operator account data: business name, billing address, tax identification number, bank or payment details for invoicing, and login credentials for the VMS App
- Product and inventory data: product names, prices, quantities, and images uploaded by Operators to the VMS platform
2.2 Information Collected Automatically
When you visit our website or use the VMS App, we automatically collect:
- Device identifiers, IP address, browser type and version, operating system
- Pages viewed, referring URLs, session duration, and interaction events
- Approximate geolocation derived from IP address (city/region level only)
- Crash reports and diagnostic data from the VMS App
2.3 Transaction and Cooler Data
When a Consumer uses a Vendera smart cooler, the following data is collected as part of the payment and inventory management process:
- Payment card data (processed and tokenized by our payment processor; Vendera does not store raw card numbers)
- Pre-authorization records and final transaction amounts
- Video recordings of each cooler session, captured by internal cameras activated upon door opening and deactivated upon door closure, for the purpose of product recognition, dispute resolution, and fraud prevention
- A log of items removed from the cooler as determined by our AI vision system
- Timestamp and location identifier of the cooler unit
IMPORTANT NOTICE REGARDING VIDEO RECORDING: Each Vendera smart cooler records video during open-door sessions. A notice is posted on every cooler unit advising Consumers of this recording. Video footage is used exclusively for transaction verification, AI product recognition, dispute resolution, and fraud prevention. Vendera does not use video footage for facial recognition, biometric identification, or targeted advertising purposes.
2.4 Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies. You may control cookie preferences through your browser settings. We use:
- Strictly necessary cookies: required for site functionality and security
- Analytics cookies: to understand how visitors interact with our website (e.g., Google Analytics)
- Marketing cookies: for measuring the effectiveness of our advertising campaigns (only with consent where required)
3. How We Use Personal Information
3.1 To Provide and Operate the Services
- Processing Operator accounts, orders, leases, and payments
- Operating the VMS platform and delivering real-time inventory, sales, and alert data
- Authenticating Consumer payments and completing cooler transactions
- Processing product recognition via AI vision to charge Consumers accurately
- Delivering customer support and responding to inquiries
3.2 To Improve the Services
- Training and improving our AI product recognition models using anonymized transaction data
- Analyzing VMS usage patterns to develop new features and improve performance
- Conducting internal research and analytics on vending performance metrics
3.3 Business and Legal Operations
- Enforcing our Terms of Use and other agreements
- Detecting, investigating, and preventing fraud, theft, or unauthorized access
- Resolving disputes between Operators and Consumers regarding transactions
- Complying with applicable legal obligations, court orders, and regulatory requirements
3.4 Marketing and Communications
- Sending Operators and prospective partners product updates, event invitations, and service announcements
- Sending promotional communications where you have opted in or where we have a legitimate interest
- You may opt out of marketing communications at any time by following the unsubscribe link in any email or contacting us at [email protected]
4. Legal Bases for Processing (GDPR and UK GDPR)
For individuals in the European Economic Area (EEA) or the United Kingdom, our processing of personal data is based on the following legal grounds:
- Contract performance: processing necessary to enter into or perform a contract with you
- Legitimate interests: operating our business, improving the Services, fraud prevention, and direct marketing to business contacts, where these interests are not overridden by your rights
- Legal obligation: complying with applicable laws and regulations
- Consent: where we rely on your consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal
5. How We Share Personal Information
We do not sell personal information. We share information only in the following circumstances:
5.1 Service Providers
We engage trusted third-party service providers to operate the Services on our behalf. These providers are contractually bound to process data only as instructed by Vendera and to maintain appropriate security standards. Current categories of service providers include:
- Payment processing: WeVend (payment gateway) and Castles Technology (POS terminal hardware)
- Cloud infrastructure and hosting providers
- Mobile application development and analytics platforms
- Customer relationship management (CRM) software (currently Zoho CRM)
- Email and marketing communication platforms
- Manufacturing and logistics partners for hardware fulfillment
5.2 Business Partners and Distributors
Where an Operator has been referred to Vendera through a distributor or business partner, we may share account and operational data with that distributor to the extent necessary to support the Operator relationship. We will inform Operators of any such sharing arrangements.
5.3 Legal and Regulatory Disclosures
We may disclose personal information if required to do so by law, court order, or government authority, or where we reasonably believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.
5.4 Business Transfers
In the event of a merger, acquisition, asset sale, or other business combination, personal information may be transferred as part of that transaction. We will notify affected individuals if a transfer results in a material change in how their data is used.
6. Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to resolve disputes. Specific retention practices:
- Operator account data: retained for the duration of the business relationship and for up to seven (7) years thereafter for financial and legal record-keeping
- Consumer transaction records and video footage: retained for a minimum of ninety (90) days and a maximum of twelve (12) months, unless a dispute or legal matter requires longer retention
- Website analytics data: retained in aggregated form for up to twenty-four (24) months
- Marketing contact data: retained until you opt out, after which it is suppressed from future communications
You may request deletion of your personal data at any time, subject to our legal retention obligations, by contacting us at [email protected].
7. Your Privacy Rights
7.1 Rights Under GDPR and UK GDPR
If you are located in the EEA or the United Kingdom, you have the following rights:
- Right to access, rectification, erasure, restriction, data portability, to object, and to withdraw consent
To exercise these rights, contact us at [email protected]. We will respond within thirty (30) days. You also have the right to lodge a complaint with your local data protection authority.
7.2 Rights Under CCPA and CPRA (California Residents)
California residents have the right to Know, Delete, Correct, Opt-Out of Sale or Sharing (Vendera does not sell or share personal information for cross-context behavioral advertising), Limit Use of Sensitive Personal Information, and Non-Discrimination. To submit a request, contact us at [email protected]. We will verify your identity before processing and respond within forty-five (45) days.
7.3 Rights Under PIPEDA (Canadian Residents)
If you are located in Canada, you have rights under PIPEDA to access, correct, and request deletion of your personal information. Contact us at [email protected].
8. International Data Transfers
Vendera is based in the United States. If you access our Services from outside the United States, your personal information will be transferred to, stored, and processed in the United States. We ensure such transfers comply with applicable law, including through Standard Contractual Clauses (SCCs) where required by GDPR.
9. Data Security
Vendera implements appropriate technical and organizational measures to protect personal information, including encryption of data in transit using TLS/SSL, PCI-DSS compliant payment processing through WeVend, access controls and authentication for the VMS platform, and regular security assessments. No method of transmission over the internet is completely secure; while we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.
10. Children's Privacy
The Services are not directed to children under the age of thirteen (13) in the United States or under sixteen (16) in the EEA. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will delete it promptly. If you believe a child has provided us with personal information, contact us at [email protected].
11. Third-Party Links and Services
Our website and VMS App may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy with a revised effective date. For material changes, we will provide additional notice at least thirty (30) days before the change takes effect.
13. Contact Information
For questions regarding this Privacy Policy or your personal information:
Company: Vendera AI, Inc.
Website: https://vendera.ai
Privacy Inquiries: [email protected]