← Back

Privacy Policy

Effective date: May 10, 2026

This Privacy Policy describes how VREND ("Vrend," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Vrend application, website (vrend.app), and related services (collectively, the "Service"). By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.

We are committed to protecting your privacy. We do not sell your personal data. We do not display advertisements. We collect only what is necessary to operate the Service.

---

1. Information We Collect

1.1 Information You Provide

When you create an account or use the Service, you may provide:

• Account information — email address, password (stored as a secure hash, never in plaintext), and display name
• Seller profile information — store name, store description, and any optional profile details you choose to add
• Product information — product titles, descriptions, prices, categories, and product images you upload
• Order information — shipping addresses, order notes, and purchase history
• Communications — messages you send to us via email or through the Service, including support requests

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device information — device type, operating system, browser type and version, screen resolution
• Usage data — pages viewed, features used, time spent in the app, actions taken (e.g., products listed, orders placed)
• Log data — IP address, access times, referring URLs, and error logs
• Location data — approximate location derived from your IP address (we do not collect precise GPS location)

1.3 Information We Do NOT Collect

• We do not collect or store payment card numbers, bank account details, or other financial instrument data. All payment processing is handled exclusively by Stripe.
• We do not collect biometric data.
• We do not access your device contacts, camera, or microphone without your explicit permission (camera access is requested only for product photo uploads).

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Legal Basis
To create and maintain your account	Contract performance
To enable sellers to list products and manage their stores	Contract performance
To facilitate transactions between buyers and sellers	Contract performance
To send transactional communications (order confirmations, shipping updates, account alerts)	Contract performance
To provide customer support and respond to inquiries	Legitimate interest
To detect and prevent fraud, abuse, or security incidents	Legitimate interest
To monitor and improve the Service's performance and reliability	Legitimate interest
To comply with legal obligations	Legal obligation
To send product updates and service announcements (you may opt out)	Consent / Legitimate interest

3. Third-Party Services

We share your information only with the third-party service providers necessary to operate the Service. We do not sell, rent, or trade your personal information to any third party.

3.1 Stripe

Payment processing is handled entirely by Stripe, Inc. When sellers connect their Stripe account or buyers make a purchase, Stripe collects and processes payment information directly. Vrend does not receive, store, or have access to full payment card numbers.

Information shared with Stripe includes: transaction amounts, buyer email address (for receipts), and seller account identifiers. Stripe's collection and use of your data is governed by the Stripe Privacy Policy.

3.2 Supabase

Application data (account information, store data, product listings, order records, and uploaded images) is stored on infrastructure provided by Supabase, Inc. Our Supabase project is hosted on servers located in the United States. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Supabase's data handling is governed by the Supabase Privacy Policy.

3.3 Additional Providers

We may use the following categories of service providers, each bound by data processing agreements:

• Email delivery — to send transactional and service emails
• Error monitoring — to identify and resolve bugs and performance issues
• Analytics — to understand how the Service is used (aggregated, non-identifying data only)

We will never share your data with advertising networks or data brokers.

4. Cookies and Similar Technologies

4.1 Cookies We Use

Vrend uses only essential cookies required for the Service to function:

• Authentication cookies — to keep you signed in and maintain your session
• Security cookies — to prevent cross-site request forgery and other attacks

4.2 Cookies We Do NOT Use

• We do not use advertising or retargeting cookies.
• We do not use third-party tracking cookies.
• We do not use social media tracking pixels.

4.3 Managing Cookies

Because we use only essential cookies, disabling them may prevent you from using the Service. You can manage cookie preferences through your browser settings.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — retained until you delete your account
• Product listings — retained until you delete them or delete your account
• Order records — retained for a minimum of 3 years after the transaction date for legal, tax, and dispute resolution purposes
• Product images — deleted within 30 days of product or account deletion
• Server logs — retained for up to 90 days, then automatically purged
• Support communications — retained for up to 2 years after resolution

After account deletion, we may retain anonymized, aggregated data that cannot be used to identify you for analytics and service improvement purposes.

6. Data Security

We implement industry-standard security measures to protect your information:

• All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Data at rest is encrypted using AES-256 encryption
• Passwords are hashed using secure, one-way algorithms (bcrypt) and are never stored in plaintext
• Access to production systems is restricted and logged
• We conduct regular security reviews of our infrastructure and codebase

No method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you become aware of a security vulnerability, please report it to privacy@vrend.app.

7. Your Privacy Rights

7.1 All Users

Regardless of your location, you have the right to:

• Access your personal data through the app at any time
• Correct inaccurate information in your account settings
• Delete your products, store information, and account
• Export your data in a portable format upon request
• Object to certain processing activities
• Withdraw consent for optional data processing at any time

7.2 Rights Under GDPR (European Economic Area, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to data portability — receive your personal data in a structured, commonly used, machine-readable format
• The right to restrict processing of your personal data
• The right to erasure ("right to be forgotten")
• The right to lodge a complaint with your local data protection authority

Our legal bases for processing are outlined in Section 2 above. For data transferred outside the EEA, we rely on standard contractual clauses approved by the European Commission.

7.3 Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• The right to know what personal information we collect, use, and disclose
• The right to delete your personal information
• The right to opt out of the sale of your personal information — we do not sell personal information, so this right is automatically satisfied
• The right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, email privacy@vrend.app. We will respond to verifiable consumer requests within 45 days.

In the preceding 12 months, the categories of personal information we have collected are described in Section 1 above. We have not sold any personal information.

8. Account Deletion

You may delete your account at any time. To request deletion:

• Use the account deletion option within the app (Settings > Delete Account), or
• Email privacy@vrend.app with the subject "Account Deletion Request"

Upon receiving a valid deletion request, we will:

1. Delete your account, profile, and store data within 30 days
2. Delete uploaded product images within 30 days
3. Retain order records for the legally required retention period (see Section 5)
4. Remove your data from active systems and backups within 90 days

Deletion is permanent and cannot be reversed.

9. Age Restrictions

The Service is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a user under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us at privacy@vrend.app.

10. International Data Transfers

Your information is processed and stored in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place, including standard contractual clauses where required.

11. Do Not Track

Some browsers include a "Do Not Track" (DNT) signal. Because there is no accepted standard for how to respond to DNT signals, we do not currently respond to them. However, since we do not engage in cross-site tracking or serve third-party advertisements, your tracking preferences are effectively honored by default.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting the updated policy on the Service with a new effective date
• Sending an email notification to the address associated with your account
• Displaying a prominent notice within the app

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

VREND
Email: privacy@vrend.app
Website: vrend.app

We will respond to all privacy-related inquiries within 30 days.