Privacy Policy

Last updated: 2026-05-08

What we collect

Account info: corporate email, name, company, role.
Vendor proofs: incorporation document, screencast, marketing video, screenshots.
Activity: searches, RFPs sent, proposals submitted, messages exchanged.
System: IP address, user agent, login timestamps.

How we use it

To match enterprises with the right vendors, to enable RFP and messaging flows, to prevent abuse, and to send transactional emails (account approval, RFP invitations, profile completeness reminders). We do not run marketing campaigns to purchased lists.

Storage & security

Data is stored in encrypted Postgres on AWS RDS in us-west-1. Files (logos, covers, proofs) are stored in S3 with server-side encryption and served via CloudFront. JWTs are signed with rotating secrets stored in AWS Secrets Manager.

Your rights

You can export your data, correct it, or request deletion at any time by emailing privacy@vendor.new.

Cookies

We use a single auth cookie for session management. We do not use third-party tracking cookies or advertising identifiers.