top of page

Privacy Policy

1. Introduction and Scope

Vendera AI, Inc. ("Vendera," "we," "our," or "us") operates the website at https://vendera.ai, the Vendera Vending Management System mobile application ("VMS App"), and the Vendera AI-powered smart cooler platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with the Services.

 

This Policy applies to:

  • Visitors to vendera.ai and any Vendera-owned web properties

  • Business operators and distributors who purchase, lease, or manage Vendera coolers and use the VMS App ("Operators")

  • End customers who interact with a Vendera smart cooler to purchase products ("Consumers")

  • Prospective partners, distributors, and enterprise buyers who contact us or request information

 

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Services.

 

2. Information We Collect

2.1 Information You Provide Directly

  • Contact and inquiry data: name, email address, phone number, company name, job title, and message content submitted via our website contact forms, demo request forms, or discovery call scheduling

  • Operator account data: business name, billing address, tax identification number, bank or payment details for invoicing, and login credentials for the VMS App

  • Product and inventory data: product names, prices, quantities, and images uploaded by Operators to the VMS platform

 

2.2 Information Collected Automatically

When you visit our website or use the VMS App, we automatically collect:

  • Device identifiers, IP address, browser type and version, operating system

  • Pages viewed, referring URLs, session duration, and interaction events

  • Approximate geolocation derived from IP address (city/region level only)

  • Crash reports and diagnostic data from the VMS App

 

2.3 Transaction and Cooler Data

When a Consumer uses a Vendera smart cooler, the following data is collected as part of the payment and inventory management process:

  • Payment card data (processed and tokenized by our payment processor; Vendera does not store raw card numbers)

  • Pre-authorization records and final transaction amounts

  • Video recordings of each cooler session, captured by internal cameras activated upon door opening and deactivated upon door closure, for the purpose of product recognition, dispute resolution, and fraud prevention

  • A log of items removed from the cooler as determined by our AI vision system

  • Timestamp and location identifier of the cooler unit

 

IMPORTANT NOTICE REGARDING VIDEO RECORDING: Each Vendera smart cooler records video during open-door sessions. A notice is posted on every cooler unit advising Consumers of this recording. Video footage is used exclusively for transaction verification, AI product recognition, dispute resolution, and fraud prevention. Vendera does not use video footage for facial recognition, biometric identification, or targeted advertising purposes.

 

2.4 Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. You may control cookie preferences through your browser settings. We use:

  • Strictly necessary cookies: required for site functionality and security

  • Analytics cookies: to understand how visitors interact with our website (e.g., Google Analytics)

  • Marketing cookies: for measuring the effectiveness of our advertising campaigns (only with consent where required)

 

3. How We Use Personal Information

We use the information we collect for the following purposes:

 

3.1 To Provide and Operate the Services

  • Processing Operator accounts, orders, leases, and payments

  • Operating the VMS platform and delivering real-time inventory, sales, and alert data

  • Authenticating Consumer payments and completing cooler transactions

  • Processing product recognition via AI vision to charge Consumers accurately

  • Delivering customer support and responding to inquiries

 

3.2 To Improve the Services

  • Training and improving our AI product recognition models using anonymized transaction data

  • Analyzing VMS usage patterns to develop new features and improve performance

  • Conducting internal research and analytics on vending performance metrics

 

3.3 Business and Legal Operations

  • Enforcing our Terms of Use and other agreements

  • Detecting, investigating, and preventing fraud, theft, or unauthorized access

  • Resolving disputes between Operators and Consumers regarding transactions

  • Complying with applicable legal obligations, court orders, and regulatory requirements

 

3.4 Marketing and Communications

  • Sending Operators and prospective partners product updates, event invitations (including trade shows such as NAMA), and service announcements

  • Sending promotional communications where you have opted in or where we have a legitimate interest

  • You may opt out of marketing communications at any time by following the unsubscribe link in any email or contacting us at privacy@vendera.ai

 

4. Legal Bases for Processing (GDPR and UK GDPR)

For individuals in the European Economic Area (EEA) or the United Kingdom, our processing of personal data is based on the following legal grounds:

  • Contract performance: processing necessary to enter into or perform a contract with you (e.g., processing Operator accounts and transactions)

  • Legitimate interests: operating our business, improving the Services, fraud prevention, and direct marketing to business contacts, where these interests are not overridden by your rights

  • Legal obligation: complying with applicable laws and regulations

  • Consent: where we rely on your consent (e.g., marketing cookies or promotional emails), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal

 

5. How We Share Personal Information

We do not sell personal information. We share information only in the following circumstances:

 

5.1 Service Providers

We engage trusted third-party service providers to operate the Services on our behalf. These providers are contractually bound to process data only as instructed by Vendera and to maintain appropriate security standards. Current categories of service providers include:

  • Payment processing: WeVend (payment gateway) and Castles Technology (POS terminal hardware)

  • Cloud infrastructure and hosting providers

  • Mobile application development and analytics platforms

  • Customer relationship management (CRM) software (currently Zoho CRM)

  • Email and marketing communication platforms

  • Manufacturing and logistics partners for hardware fulfillment

 

5.2 Business Partners and Distributors

Where an Operator has been referred to Vendera through a distributor or business partner, we may share account and operational data with that distributor to the extent necessary to support the Operator relationship. We will inform Operators of any such sharing arrangements.

 

5.3 Legal and Regulatory Disclosures

We may disclose personal information if required to do so by law, court order, or government authority, or where we reasonably believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

 

5.4 Business Transfers

In the event of a merger, acquisition, asset sale, or other business combination, personal information may be transferred as part of that transaction. We will notify affected individuals if a transfer results in a material change in how their data is used.

 

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to resolve disputes. Specific retention practices:

  • Operator account data: retained for the duration of the business relationship and for a period of up to seven (7) years thereafter for financial and legal record-keeping purposes

  • Consumer transaction records and video footage: retained for a minimum of ninety (90) days and a maximum of twelve (12) months, unless a dispute or legal matter requires longer retention

  • Website analytics data: retained in aggregated form for up to twenty-four (24) months

  • Marketing contact data: retained until you opt out, after which it is suppressed from future communications

You may request deletion of your personal data at any time, subject to our legal retention obligations, by contacting us at privacy@vendera.ai.

 

7. Your Privacy Rights

7.1 Rights Under GDPR and UK GDPR

If you are located in the EEA or the United Kingdom, you have the following rights:

  • Right to access: request a copy of the personal data we hold about you

  • Right to rectification: request correction of inaccurate or incomplete data

  • Right to erasure: request deletion of your personal data, subject to legal retention obligations

  • Right to restriction: request that we limit the processing of your data in certain circumstances

  • Right to data portability: receive your data in a structured, machine-readable format

  • Right to object: object to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent: withdraw consent for any processing based on consent, at any time

To exercise these rights, contact us at privacy@vendera.ai. We will respond within thirty (30) days. You also have the right to lodge a complaint with your local data protection authority.

 

7.2 Rights Under CCPA and CPRA (California Residents)

California residents have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: request disclosure of the categories and specific pieces of personal information collected, the purposes for collection, and the categories of third parties with whom it is shared

  • Right to Delete: request deletion of personal information we have collected, subject to legal exceptions

  • Right to Correct: request correction of inaccurate personal information

  • Right to Opt-Out of Sale or Sharing: Vendera does not sell or share personal information for cross-context behavioral advertising. No opt-out action is required.

  • Right to Limit Use of Sensitive Personal Information: where applicable, you may request that we limit the use of sensitive personal information to what is necessary to perform the Services

  • Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights

To submit a CCPA/CPRA request, contact us at privacy@vendera.ai or call us at the number listed on our website. We will verify your identity before processing the request and will respond within forty-five (45) days.

 

7.3 Rights Under PIPEDA (Canadian Residents)

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) to access, correct, and request deletion of your personal information. Contact us at privacy@vendera.ai to exercise these rights.

 

8. International Data Transfers

Vendera is based in the United States. If you are accessing our Services from outside the United States, including from the EEA, UK, or Canada, your personal information will be transferred to, stored, and processed in the United States. We ensure that such transfers are made in compliance with applicable law, including through the use of Standard Contractual Clauses (SCCs) where required by GDPR.

 

9. Data Security

Vendera implements appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols

  • PCI-DSS compliant payment processing through WeVend

  • Access controls and authentication requirements for the VMS platform

  • Regular security assessments and monitoring

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

 

10. Children's Privacy

The Services are not directed to children under the age of thirteen (13) in the United States or under the age of sixteen (16) in the European Economic Area. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child below the applicable age threshold, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@vendera.ai.

 

11. Third-Party Links and Services

Our website and VMS App may contain links to third-party websites or integrate with third-party services (such as social media platforms or mapping tools). We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.

 

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the updated policy at https://vendera.ai/privacy-policy with a revised effective date. For material changes, we will provide additional notice (such as an email to Operators or a prominent notice on our website) at least thirty (30) days before the change takes effect.

 

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

 

Company: Vendera AI, Inc.

Website: https://vendera.ai

Privacy Inquiries: privacy@vendera.ai

 

For EEA and UK residents: Vendera's designated representative for GDPR inquiries may be reached at privacy@vendera.ai. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

bottom of page