Privacy Policy

We collect the following categories of information:

• Account & workspace data — your name, email address, business/workspace name, and role. A workspace is created for you on first sign-in.
• Compliance data you enter or upload — details about your trucks, permits, inspections, certifications, insurance certificates (COIs), and commissary agreements, including identifiers, issuing authorities, and expiration and fee due dates, plus any documents you upload.
• Contact & notification data — the email address and phone number used to deliver reminders, and your notification preferences.
• Billing data — subscription plan and billing status. Payments are processed by our payment processor (Stripe); we do not store full card numbers on our systems.
• Usage & device data — limited technical data such as log events, approximate device/browser information, and product analytics about how features are used.
• Communications — messages you send us and renewal notices you forward to your VendGuard inbox address.

• Provide, operate, and secure the service and your workspace.
• Track your compliance items and send reminders before expiration or fee due dates by email and, on eligible plans, SMS and voice.
• Read and organize documents you upload (including via AI-assisted processing) to suggest dates and details for your review.
• Process subscriptions, billing, and customer support.
• Monitor reliability, debug errors, and improve the product in aggregate.
• Comply with law and enforce our Terms.

When you upload a document, we may send its contents to an AI provider to perform optical character recognition and suggest structured details (such as an expiration date). These suggestions are estimates you must review and confirm; we never treat AI-extracted data as a confirmed renewal or compliance status on your behalf. We take steps to avoid exposing sensitive document contents in our diagnostic and analytics tooling — for example, we do not log permit or COI numbers, or extracted document text, to our error-monitoring or analytics providers.

We share information with vendors who process it on our behalf, under contract, only to provide the service. These currently include:

• Supabase — database, authentication, and document storage (hosting your account and compliance data).
• Vercel — application hosting and delivery.
• Anthropic — AI-assisted document reading (OCR/extraction).
• Resend (outbound) and Postmark (inbound) — email delivery and forwarded-notice intake.
• Twilio — SMS and automated voice reminders.
• Stripe — subscription billing and payment processing.
• Sentry (error monitoring) and PostHog (product analytics) — operated subject to the logging limits described above.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

Beyond the service providers above, we may disclose information: (a) to comply with law, legal process, or a lawful government request; (b) to protect the rights, safety, and security of VendGuard, our users, or the public; and (c) in connection with a merger, acquisition, or sale of assets, in which case we will continue to protect your information and notify you of any change in control or applicable policy.

We retain your information for as long as your account is active and as needed to provide the service. Compliance items are archived rather than hard-deleted so your history and audit trail remain intact. We retain certain records as required for legal, tax, security, and audit-log purposes. When you close your account, we will delete or de-identify your information within 90 days, except where retention is required by law.

We use technical and organizational measures to protect your information, including access controls, encryption in transit, and tenant isolation so each workspace can only access its own data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

• Access & correction — view and update your account and compliance data from within the app.
• Deletion — request deletion of your account by contacting us, subject to legal retention requirements.
• Notification controls — adjust reminder preferences in Settings. Reply STOP to any SMS to opt out of text messages; transactional account emails may still be sent.
• Regional rights — depending on where you live, you may have additional rights to access, correct, delete, or port your data, or to object to certain processing. Contact us to exercise them; we will not discriminate against you for doing so.

We use strictly necessary cookies to keep you signed in and to operate the service, and limited analytics to understand product usage. We do not use third-party advertising cookies. You can control cookies through your browser settings, though some features may not work without them.

VendGuard is operated in the United States and our providers may process and store information in the United States and other countries. By using the service, you understand your information may be transferred to and processed in those locations.

VendGuard is a business tool intended for users 18 and older and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or in-app) and update the "Last updated" date above. Your continued use of VendGuard after the changes take effect means you accept the updated Policy.

Questions or requests about your privacy? Contact us at:

VendGuard
Email: raysarchive@proton.me

See also our Terms of Service.