Privacy Policy

1. Introduction

Vendi Inc. ("Vendi", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our omnichannel communication platform and services.

By using Vendi, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email, company details)
• Billing information (processed securely through third-party payment processors)
• Customer conversation data from connected messaging channels
• Team member information and access settings

2.2 Information Automatically Collected

• Usage data (features used, time spent, interactions)
• Device information (browser type, operating system)
• Log data (IP address, access times, pages viewed)

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain our communication platform services
• To manage your account and provide customer support
• To process your transactions and send related information
• To improve our services through AI model training (anonymized data only)
• To detect, prevent, and address technical issues and security threats
• To send administrative information, updates, and marketing communications (with your consent)
• To comply with legal obligations and enforce our Terms of Service

4. Data Processor Role

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties except in the following circumstances:

• Service Providers: We share data with trusted third-party service providers who assist in operating our platform (e.g., cloud hosting, analytics)
• Messaging Platforms: We connect to WhatsApp, Facebook, Instagram, Telegram, and TikTok APIs as necessary to provide our services
• Legal Requirements: We may disclose information if required by law or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred

We never sell your data to third parties for marketing purposes.

5.5 Instagram & WhatsApp Data (Meta Platform Terms)

What We Receive

• Inbound direct messages and comments sent to your connected Instagram Business Account
• Your account's public profile (ID, username, display name)
• Metadata required to send replies on your behalf

What We Do With It

• Store it securely in your tenant's isolated workspace
• Surface inbound messages in your WhatsApp Business inbox so you can respond
• Send your approved replies back to Instagram via Meta's Send API

What We Never Do

• Read messages not addressed to your business account
• Publish posts on your behalf
• Access Instagram Insights or analytics
• Share Meta-sourced data with any third party other than you, the merchant
• Use Meta-sourced messaging data to train external AI models

Retention: Meta-sourced data is retained only as long as needed to operate the service. When you disconnect Instagram or delete your Vendi account, all Meta-sourced data is purged within 30 days. See the Data Deletion section below.

6. AI and Machine Learning

Vendi uses AI to provide features like smart reply suggestions, auto-tagging, and conversation summaries. Here's how we handle AI:

• AI models process your conversation data to provide intelligent suggestions
• We may use anonymized, aggregated data to improve AI model performance
• Individual customer data is never used for training without explicit consent
• You can opt out of AI features at any time in your account settings

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Retained for the duration of your active subscription plus 90 days
• Conversation data: Retained according to your plan (7 days to unlimited)
• Billing records: Retained for 7 years for accounting purposes
• You can request data deletion at any time (subject to legal retention requirements)

8. Data Security

We implement industry-standard security measures to protect your data:

• End-to-end encryption for data in transit (TLS 1.3)
• Encryption at rest for stored data (AES-256)
• Regular security audits and penetration testing
• SOC 2 Type II compliance
• Role-based access controls and authentication
• Regular employee security training

9. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Request data export in a machine-readable format
• Objection: Object to certain types of data processing
• Restriction: Request restriction of data processing

To exercise these rights, contact us at [email protected]

10. Data Deletion Instructions

You can request full deletion of your Vendi account and all associated data — including Instagram and WhatsApp data we received on your behalf — at any time. Choose any of the methods below.

Method 1 — Self-Serve (In-App)

1. Sign in to your Vendi account
2. Open Settings → Account → Delete my account
3. Confirm deletion
4. Your account, paired channels, inbound messages, audit logs, and feedback are queued for deletion immediately. Full deletion across primary database and backups completes within 30 days.

Method 2 — Email Request

Email [email protected] from the email associated with your Vendi account, with the subject line "Data Deletion Request". Include:

• Your Vendi-registered email address
• (Optional) The Instagram username and/or WhatsApp number you connected
• (Optional) Any data you want excluded from deletion (e.g., legal hold)

We confirm receipt within 2 business days and complete deletion within 30 days.

Method 3 — Revoke Access via Meta

You can remove Vendi's access directly from Meta:

• Instagram: Profile → Settings and privacy → Apps and websites → Active → Vendi → Remove
• Facebook: facebook.com/settings → Business Integrations → Vendi → Remove

Once you revoke access, we receive Meta's deauthorization callback and purge the corresponding tokens and Meta-sourced data within 30 days.

What Gets Deleted

• Account profile (name, email, business profile, role)
• All paired channels (WhatsApp pairing, Instagram tokens, OAuth connections)
• All inbound messages, threads, and customer conversation data
• All agent actions, approvals, audit logs, and feedback
• All operational settings (caps, quiet hours, automation level)

What May Be Retained

• Anonymized, aggregated usage statistics that cannot be tied to your identity
• Records required by law (e.g., tax records for paid plans) for the legally mandated period
• Encrypted backups, which age out within 30 days of the deletion request

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Compliance with GDPR and other applicable data protection laws

12. Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

13. Children's Privacy

Vendi is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, please contact us: