Privacy Policy

Last updated: April 2026

1. Information We Collect

When you register for Vendora, we collect your name, email address, business name, and contact number. When your devices (ESP8266 vending units) communicate with our platform, we receive heartbeat data including sales figures, transaction counts, and firmware version. We do not collect data from your customers — only device-level aggregate statistics are transmitted.

2. How We Use Your Information

Your account information is used to provide and manage your Vendora subscription, verify your operator status, and communicate important service updates. Device heartbeat data is used to power your operator dashboard (fleet status, sales tracking) and to detect offline devices so we can alert you promptly.

3. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share data with service providers who help us operate the platform (e.g., email delivery, database hosting) under strict confidentiality agreements. We will disclose information if required by law or to protect the rights and safety of Vendora and its users.

4. Data Retention

Device heartbeat records older than 30 days are automatically pruned from our database. Account information is retained for the duration of your subscription and up to 90 days after account closure, after which it is permanently deleted.

5. Security

All device-to-server communication is authenticated via HMAC-SHA256 signatures using your per-device secret key. Account access is protected by password hashing (bcrypt) and optional Google OAuth. We use HTTPS for all web traffic.

6. Your Rights

You may request a copy of your personal data, ask for corrections, or request deletion of your account at any time by contacting us at vendorawifi@gmail.com. Account deletion will remove all associated device records and heartbeat data.

7. Cookies

Vendora uses session cookies strictly for authentication and CSRF protection. We do not use tracking cookies or third-party analytics cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered operators via email of any material changes. Continued use of Vendora after the effective date constitutes acceptance of the revised policy.

9. Contact

Questions about this policy? Reach us at vendorawifi@gmail.com.