Privacy Policy

1. Introduction

VendorWeave ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our supply chain automation platform.

By using VendorWeave, you agree to the collection and use of information in accordance with this policy.

3. Information We Collect

Information You Provide

• Account information (name, email, company name)
• Supplier contact information you add to the platform
• Communication data (emails sent through our platform)
• Payment information (processed securely via Stripe)

Information Collected Automatically

• Usage data (features used, pages visited)
• Device information (browser type, IP address)
• Cookies and similar tracking technologies

4. Email Access and Permissions (OAuth)

When you connect your email account (Google Gmail or Microsoft Outlook), VendorWeave requests permission to:

• Send emails on your behalf to suppliers (lead time inquiries, price requests, PO status checks, follow-ups, and document requests)
• Read email responses from suppliers to extract relevant supply chain data

This access is used only to provide supplier communication features within VendorWeave. We do not:

• Read emails unrelated to supplier communications
• Access your personal email content
• Share email data with third parties or advertising platforms
• Use email data for advertising, marketing, or profiling purposes
• Allow human employees to read your emails (unless you explicitly request support assistance)

OAuth Token Security

Your OAuth access tokens are encrypted and stored securely. Tokens are automatically refreshed before expiration and are permanently deleted when you disconnect your email account or delete your VendorWeave account.

Revoking Email Access

You can revoke VendorWeave's access to your email at any time:

• Google: Visit myaccount.google.com/permissions and remove VendorWeave
• Microsoft: Visit account.microsoft.com/privacy/app-access and remove VendorWeave
• Within VendorWeave: Go to Settings > Email Connection and click Disconnect

5. AI Processing

VendorWeave uses artificial intelligence (powered by Anthropic's Claude API) to:

• Parse supplier email responses to extract lead times, prices, delivery dates, and status updates
• Extract data from uploaded documents (certificates, compliance forms, assessments)
• Score confidence levels on parsed data for human review

AI processing occurs in real-time. Email content and document data sent to the AI is processed transiently and is not permanently stored by the AI provider. VendorWeave retains only the extracted structured data (e.g., lead time values, certification dates), not the raw email content.

6. How We Use Your Information

• To provide and maintain our service
• To send automated supplier communications on your behalf via your connected email account
• To parse supplier responses using AI and extract supply chain data
• To process transactions and send billing information
• To respond to your inquiries and provide support
• To improve our platform and develop new features
• To send product updates and marketing communications (with your consent)

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

Third-Party Service Providers

We use the following third-party services to operate VendorWeave. These providers only receive the minimum data necessary to perform their function:

• Google Gmail API: Email delivery for users who connect a Google account
• Microsoft Graph API: Email delivery for users who connect a Microsoft account
• Anthropic (Claude API): AI parsing of supplier email responses and documents
• Stripe: Payment processing (we never see or store your full card number)
• Vercel: Application hosting and deployment
• Google Sheets API: Data storage for supplier records

8. Data Security

We implement industry-standard security measures to protect your data:

• 256-bit TLS encryption for all data in transit
• Encryption at rest for stored data
• Regular security assessments and monitoring
• Access controls and authentication requirements

9. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Request transfer of your data to another service
• Objection: Object to processing of your data
• Restriction: Request limited processing of your data

To exercise these rights, contact us at privacy@vendorweave.com.

10. Data Retention

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes described in this policy. When you delete your account, we will delete or anonymize your data within 30 days, unless we are required to retain it for legal or regulatory purposes.

11. Cookies

We use only essential cookies necessary for authentication and security. We do not use analytics, advertising, or tracking cookies. Therefore, no cookie consent is required to use VendorWeave.

Essential Cookies We Use

• Session Cookies: Required for user authentication and maintaining your logged-in state
• Security Tokens: CSRF protection to prevent unauthorized actions

You can control cookies through your browser settings, but disabling essential cookies will prevent you from logging in and using the platform. These cookies are automatically deleted when you log out or close your browser.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: