Get Early Access

Privacy Policy

Effective Date: January 2026
Last Updated: January 2026

Overview

VendorLog ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vendor relationship intelligence platform.

We believe in transparency. Your vendor data is yours—we're just the secure, reliable place where you store it.

Information We Collect

Information You Provide

Account Information

  • Name and email address
  • Company name and size
  • Job title and department
  • Password (encrypted)

Vendor Data

  • Vendor names, contacts, and relationship details
  • Contract terms, renewal dates, and pricing
  • Notes, comments, and selection rationale
  • Satisfaction scores and usage assessments

Payment Information

  • Billing address
  • Payment method details (processed securely through our payment provider—we do not store full credit card numbers)

Information Collected Automatically

Usage Data

  • Features accessed and actions taken
  • Time spent in the application
  • Error logs and performance data

Device Information

  • Browser type and version
  • Operating system
  • IP address (anonymized for analytics)

Information from Third Parties

Integrations

  • If you connect accounting software (QuickBooks, Xero, NetSuite), we access vendor transaction data as authorized by you
  • We only pull the data necessary to provide our services
  • You can disconnect integrations at any time

How We Use Your Information

We use your information to:

  • Provide the Service — Store and organize your vendor data, send renewal alerts, generate reports
  • Improve the Product — Analyze usage patterns to build better features (using aggregated, anonymized data)
  • Communicate with You — Send service updates, renewal reminders, and support responses
  • Ensure Security — Detect and prevent fraud, abuse, and security incidents
  • Meet Legal Obligations — Comply with applicable laws and respond to legal requests

We do not:

  • Sell your personal information or vendor data
  • Use your vendor data to train AI models
  • Share your data with third parties for their marketing purposes
  • Access your data except to provide support (and only with your permission)

Data Sharing

We share your information only in these circumstances:

Service Providers

  • Cloud hosting (AWS)
  • Payment processing (Stripe)
  • Email delivery (for notifications)
  • Analytics (aggregated, anonymized data only)

All service providers are bound by data protection agreements and may only use your data to provide services to us.

Legal Requirements
We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers
If VendorLog is acquired or merged, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control.

With Your Consent
We may share information for other purposes if you give us explicit consent.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption — All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls — Role-based access, multi-factor authentication available
  • Infrastructure — Hosted on AWS with SOC 2 compliant data centers
  • Monitoring — Continuous security monitoring and incident response procedures
  • Backups — Regular encrypted backups with secure offsite storage

No system is 100% secure. If we discover a breach affecting your data, we will notify you promptly as required by law.

Data Retention

Active Accounts
We retain your data for as long as your account is active and as needed to provide services.

Closed Accounts
When you close your account, we delete your vendor data within 30 days. We may retain certain information (account records, billing history) for up to 7 years as required for legal, tax, or audit purposes.

Export Your Data
You can export all your vendor data at any time in standard formats (CSV, PDF).

Delete Your Data
You can request deletion of your account and all associated data by contacting support@vendorlog.io.

Your Rights

Depending on your location, you may have the following rights:

  • Access — Request a copy of your personal data
  • Correction — Update or correct inaccurate information
  • Deletion — Request deletion of your personal data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to certain processing of your data
  • Restriction — Request limits on how we use your data

To exercise any of these rights, contact us at privacy@vendorlog.io.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act. We do not sell personal information. You may request disclosure of data collected and request deletion.

European Residents (GDPR)

If you are in the European Economic Area, you have rights under GDPR including the right to lodge a complaint with your local data protection authority. Our legal basis for processing is contract performance (to provide the service) and legitimate interests (to improve and secure the service).

Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Functions — Authentication, security, preferences
  • Analytics — Understanding how the product is used (anonymized)

We do not use advertising cookies or third-party tracking for marketing purposes.

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

Children's Privacy

VendorLog is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

International Data Transfers

VendorLog is based in the United States. If you access our service from outside the US, your data will be transferred to and processed in the US. We use standard contractual clauses and other safeguards to protect international data transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email to your registered address
  • Displaying a notice in the application

Your continued use of VendorLog after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@vendorlog.io

We're building VendorLog to be a tool you can trust with your vendor data. If you ever have concerns about how we handle your information, please reach out—we're happy to explain.