Privacy Policy
Last updated: March 15, 2026
Table of Contents
1. Introduction
VendorOps ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website and services.
VendorOps is designed for business users managing vendor and supplier documentation.
2. Data Controller
The data controller is VendorOps.
Email: privacy@vendorops.eu
3. Personal Data We Collect
3.1 Data You Provide
We may collect:
- Name
- Email address
- Company name
- Job role
- Information submitted via forms (e.g. waitlist, contact requests)
3.2 Data Uploaded to the Platform
When using VendorOps, you may upload:
- Vendor documents
- Compliance-related files
- Metadata related to vendors and suppliers
These documents may contain personal data depending on your usage. You remain the data controller for vendor data you upload.
3.3 Automatically Collected Data
We may collect limited technical data such as:
- IP address
- Browser type
- Device information
- Usage logs
This data is used solely for security, performance, and reliability purposes.
4. Purpose of Processing
We process personal data to:
- Provide and operate the VendorOps service
- Communicate with users
- Improve product functionality
- Ensure security and prevent abuse
- Comply with legal obligations
We do not sell personal data.
5. Legal Basis for Processing
Under GDPR, our legal bases include:
- Contractual necessity (providing the service)
- Legitimate interest (security, service improvement)
- Consent (marketing communications, where applicable)
- Legal obligations
6. Data Storage & Location
- Data is stored within the European Union
- We use secure cloud infrastructure located in EU regions
- Access is restricted to authorized personnel only
7. Data Retention
We retain personal data only as long as necessary:
- Account data: for the duration of the account
- Uploaded documents: until deleted by the user
- Marketing emails: until consent is withdrawn
Users may request deletion at any time.
8. Data Sharing
We only share data with:
- Infrastructure providers (hosting, email delivery)
- Payment providers (if applicable)
All third parties are GDPR-compliant and act as data processors.
9. Your Rights (GDPR)
You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict or object to processing
- Request data portability
Requests can be sent to: privacy@vendorops.eu
10. Cookies & Analytics
We use minimal cookies necessary for:
- Website functionality
- Security
10.1 Website Analytics
We use TelemetryDeck, a privacy-first analytics service based in Germany, to understand how our website and application are used. TelemetryDeck does not use cookies, does not collect personal data, and does not track individual users across websites.
TelemetryDeck generates anonymous usage signals by combining technical identifiers (such as browser type and operating system) with a daily-changing salt and hashing them with SHA-256. This makes it impossible to identify individual users or track them over time.
Data collected by TelemetryDeck includes:
- Pages visited and referrer URLs
- Browser type and version
- Operating system and device type
- Country (derived anonymously, no IP address stored)
All data is processed on servers located in the European Union (Germany). No data is transferred outside the EU. For more information, see TelemetryDeck's Privacy Policy.
Since TelemetryDeck does not use cookies or process personal data, no consent banner is required for analytics under GDPR.
11. Changes
We may update this Privacy Policy periodically. Material changes will be communicated on the website.
12. Contact
For privacy-related questions: privacy@vendorops.eu