Privacy Policy

1. Information We Collect

Account information. When you register for Vendora WiFi, we collect your name, email address, contact number, and (optionally) a business or trade name if you operate under one. Your password is stored in a one-way encrypted form — we cannot recover or read it.

Google sign-in (optional). If you choose to sign in with Google, we receive your Google profile name, email address, and a stable identifier from Google to link your sessions. We do not receive your Google password.

Device information. For each device you register, we store its unique hardware identifier (VND-ID), the label and location you assign, its firmware version, and the timestamp of its most recent check-in with our servers.

Sales and check-in data. Your devices report to our servers periodically. Each check-in includes operational data (uptime, free memory, firmware version) and sales data: total revenue and transaction count, plus per-transaction records (voucher code, peso amount, minutes granted, transaction type, and timestamp). We do not collect or store any data about your individual customers — voucher codes are random alphanumeric strings that cannot be traced back to a person.

Payment information for credit orders. When you submit a credit order, we collect the payment method you used (GCash, Maya, GoTyme, bank transfer, etc.), the reference or transaction number, the sender name and (for bank transfers) the bank name, the claimed payment amount, and the proof-of-payment image or PDF you upload. We do not store full bank account numbers or e-wallet credentials.

Technical logs. We log basic web request data (IP address, user-agent, request timestamp) and device API calls for security monitoring and abuse detection. These logs do not contain payment or password data.

2. How We Use Your Information

Your account information is used to provide and manage your Vendora account, verify your operator status before activating your account, and communicate important service updates.

Device check-in data is used to power your operator dashboard — fleet status, daily and lifetime sales summaries, per-transaction history, and alerts when a device goes silent. Payment proof and order details are used only to verify the payment you submitted and to add the corresponding credits to your account; they are reviewed by our admin team and never shared elsewhere.

3. Sub-processors and Third-Party Services

To operate the platform, we rely on a small number of trusted third-party services that may process limited account data on our behalf:

• Amazon Web Services (AWS) — hosting and database. Our infrastructure is located in the Singapore region. AWS does not access your data except as needed to provide the hosting service.
• Google (Gmail SMTP) — outbound transactional email (verification, alerts, credit order updates). Google processes the email envelope and body strictly for delivery.
• Google (OAuth Sign-In) — only if you choose to sign in with Google. Google handles the authentication exchange and returns the basic profile information described in Section 1.

We do not use third-party advertising networks, analytics trackers, or marketing platforms.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Beyond the sub-processors listed in Section 3, we will only disclose information if required by valid Philippine legal process, to protect the rights and safety of Vendora and its users, or with your explicit consent.

5. Data Retention

Device check-in records older than 30 days are automatically pruned from our database. Per-transaction sales records are retained for the lifetime of your account so your historical reports stay accurate. Account information and credit order records are retained for the duration of your account and for up to 90 days after account closure, after which they are permanently deleted (subject to any longer retention period required by Philippine law).

6. Security

All device-to-server communication is cryptographically signed so sales data cannot be tampered with or forged. Account passwords are stored in a one-way encrypted form using industry-standard hashing. Web traffic to and from this site is encrypted via HTTPS. Payment proof files are stored in a non-public storage area accessible only through authenticated download links. No security measure is perfect, but we monitor for unusual activity and patch our systems promptly.

7. Children's Data

Vendora WiFi is a business-to-business tool for vendo operators. It is not directed at children, and we do not knowingly collect personal information from anyone under 18 years of age. If you believe a minor has registered for an account, please contact us so we can remove the account and any associated data.

8. Your Rights

You may request a copy of your personal data, ask for corrections, or request deletion of your account at any time by contacting us at vendorawifi@gmail.com. Account deletion will remove your account profile, registered devices, sales records, credit ledger, and uploaded payment proofs. Some redacted records may be retained for fraud-prevention and accounting purposes as permitted by Philippine law.

9. Cookies

Vendora uses session cookies strictly for authentication and CSRF protection. We do not use tracking cookies or third-party analytics cookies. You can clear these cookies in your browser at any time — doing so will simply log you out of your operator account.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered operators via email of any material changes. Continued use of Vendora after the effective date constitutes acceptance of the revised policy. The "Last updated" date at the top of this page indicates when the current version took effect.

11. Contact

Questions about this policy, requests to access or delete your data, or any other privacy concern? Reach us at vendorawifi@gmail.com.