Privacy policy for VendorSignal.

VendorSignal may store account identity data, supplier intake data, follow-up answers, uploads metadata, report outputs, usage records, and service health logs.

Supplier intake data can include company details, payment terms, verification claims, communication signals, notes, and attachment metadata entered by the user.

We process submitted data to authenticate users, generate risk reports, persist report history, meter plan usage, operate the product, diagnose failures, and secure the service.

We do not sell submitted supplier data. We use the minimum operational context needed to run the application and improve reliability.

The current stack uses Clerk for authentication, Supabase Postgres through Prisma for data storage, and a configured AI endpoint for normalization and related report-processing tasks.

Those providers may process data strictly as part of delivering authentication, storage, or model inference for the service.

Data is retained for as long as needed to operate active workspaces, maintain report history, investigate incidents, and satisfy reasonable backup and recovery requirements.

Deletion requests are handled manually for the current deployment. Operational backups may persist for a limited period after primary records are removed.

VendorSignal uses authenticated access controls, HTTPS transport, hosted database controls, and operational backup procedures appropriate for the current deployment stage.

No internet-facing system can guarantee absolute security. Users should avoid submitting secrets or payment credentials that are not required for supplier evaluation.

You can review saved reports in the workspace, stop using the service at any time, and request account or data handling support through the Contact page.

For privacy or deletion requests, use the channel listed on the Contact page.