Privacy Policy

Last updated: March 2026

1. Who we are

VendorEdge is a revenue optimisation platform for food truck operators, operated as an independent software service. Our website is located at vendoredge.app. For any privacy-related questions, contact us at hello@vendoredge.app.

As a service operating within the European Union, VendorEdge complies with the General Data Protection Regulation (GDPR) and applicable Irish data protection law.

2. What data we collect

We collect the following categories of personal data:

  • Account data: Your email address and encrypted password when you create an account.
  • Profile data: Your vendor type and cuisine type, which you provide voluntarily during onboarding.
  • Usage data: The locations you plan, shift data you log (dates, hours, revenue, notes), and how you interact with the platform.
  • Payment data: Billing information collected and processed by Stripe, our payment processor. We do not store your card details directly — these are handled entirely by Stripe. We receive and store your Stripe customer ID and subscription status.
  • Technical data: IP address, browser type, device information, and pages visited, collected automatically when you use the service.
  • Communications: Any messages you send us via email.

3. How we use your data

We use your personal data for the following purposes:

  • To provide and operate the VendorEdge service, including account management and location scoring features.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails including account confirmation, trial notifications, and billing updates.
  • To improve the service through anonymised analytics using PostHog.
  • To respond to support requests and communications.
  • To comply with legal obligations.

The legal basis for processing under GDPR is: contract performance (to provide the service you signed up for), legitimate interests (improving the service and preventing fraud), and legal obligation where applicable.

4. Anonymous location sharing

VendorEdge includes an optional feature that allows you to share your planned shift locations anonymously with other users of the platform. When this feature is enabled for a location:

  • Only your cuisine type and approximate location are shared — never your name, email, or account details.
  • Other users can see that a vendor of your cuisine type is planning nearby, but cannot identify you.
  • This feature is opt-in per location and can be disabled at any time when planning a shift.

5. Data sharing and third parties

We share your data only with the following third-party services, solely to operate the platform:

  • Supabase — our database and authentication provider. Your account data and usage data are stored on Supabase infrastructure.
  • Stripe — our payment processor. Stripe handles all card data and is PCI DSS compliant. Stripe's privacy policy is available at stripe.com/privacy.
  • Resend — our email delivery provider, used to send transactional emails.
  • PostHog — our product analytics provider. PostHog collects anonymised usage data to help us understand how the platform is used.
  • Mapbox — our mapping provider. Mapbox may process location data when you interact with the map.
  • Vercel — our hosting provider.

We do not sell your personal data to any third party. We do not share your data with advertisers.

6. Data retention

We retain your personal data for as long as your account is active. If you cancel your subscription and delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes (typically up to 7 years for financial records).

7. Your rights under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate data.
  • Right to erasure: You can ask us to delete your personal data, subject to legal retention requirements.
  • Right to restriction: You can ask us to restrict processing of your data in certain circumstances.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at hello@vendoredge.app. You also have the right to lodge a complaint with the Data Protection Commission of Ireland at dataprotection.ie.

8. Cookies and tracking

VendorEdge uses essential cookies required for authentication and session management. We also use PostHog for product analytics, which may set cookies to track usage across sessions. By using the service, you consent to this use of cookies.

We do not use advertising cookies or share data with advertising networks.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (HTTPS), encrypted password storage, and access controls. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on the platform. Continued use of VendorEdge after changes constitutes acceptance of the updated policy.

11. Contact

For any questions about this Privacy Policy or how we handle your data, contact us at hello@vendoredge.app.