Privacy Policy

Last updated: March 1, 2026 | Version 1.0

1. Data We Collect

We collect account information (name, email, company), uploaded compliance documents (PDFs, images), vendor contact information, and usage analytics. Document content is processed to extract compliance-relevant data.

2. Third-Party AI Sub-Processors

All uploaded documents (PDFs and images) are processed by the following third-party AI sub-processors:

  • OpenAI — Used for AI-powered text extraction, document classification, and compliance field analysis.
  • Amazon Web Services (AWS) — Used for document storage (S3), OCR text extraction (Textract), and scheduled processing (EventBridge/Lambda).

These processors handle document data in accordance with their respective privacy policies and data processing agreements.

3. Data Retention

Data is stored for the duration of the active subscription plus seven (7) years for audit purposes. This retention period ensures compliance with regulatory requirements and enables historical compliance auditing. After the retention period, data is permanently deleted from all systems including backups.

4. Security Measures

We implement the following security measures to protect your data:

  • SSL/TLS Encryption — All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
  • Role-Based Access Control (RBAC) — Access to data is restricted based on user roles (Admin, Manager, Assistant, Owner). Each role has specific permissions limiting what data can be viewed or modified.
  • Multi-Tenant Isolation — Each company's data is logically isolated using CompanyID-based query scoping, ensuring no cross-tenant data access.
  • JWT Authentication — Secure token-based authentication with automatic expiration.
  • Magic Link Tokens — Vendor portal access uses cryptographically secure, time-limited tokens with SHA-256 hashing.

5. Your Rights

Depending on your jurisdiction, you may have the right to: access your personal data, request correction of inaccurate data, request deletion of your data (subject to our retention policy), opt out of certain data processing activities, and data portability.

6. Contact

For privacy-related inquiries, contact us at help@vendorsuite.io or submit a support ticket through the Platform.