Privacy Policy

Last Updated: January 2025

1. Introduction

Vendrato ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI phone agent services ("Service"). By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Account registration information (name, email address, company name, phone number)
  • Payment information (processed securely by Paddle.com)
  • Business information for AI training (FAQs, scripts, standard operating procedures)
  • CRM integration credentials and data
  • Customer support communications

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Call data (phone numbers, call duration, timestamps, call recordings)
  • Usage data (features used, interactions with the AI agent)
  • Device information (IP address, browser type, operating system)
  • Performance metrics and analytics

2.3 Third-Party Data

We may receive information from:

  • CRM integrations (GoHighLevel, Salesforce, Attio)
  • Calendar services for appointment booking
  • Telephony providers

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain our Service
  • Train and improve our AI phone agents
  • Process payments through Paddle.com
  • Send you technical notices and support messages
  • Respond to your requests and provide customer support
  • Analyze usage patterns and optimize Service performance
  • Detect and prevent fraud and security issues
  • Comply with legal obligations

4. Payment Processing

All payment transactions are processed by Paddle.com, our third-party payment processor and Merchant of Record. Vendrato does not directly collect or store your credit card information.

When you make a payment:

  • Paddle.com securely collects and processes your payment information
  • Paddle.com is PCI DSS compliant and follows industry-standard security practices
  • We receive only transaction confirmations and basic billing information from Paddle.com
  • Paddle.com's privacy practices are governed by their own privacy policy at paddle.com/privacy

5. Call Recording and Voice Data

Our Service records and processes phone conversations for:

  • Training and improving AI agent performance
  • Quality assurance and compliance purposes
  • Providing transcripts and analytics

You are responsible for ensuring compliance with applicable call recording laws in your jurisdiction, including providing appropriate disclosures and obtaining consent from call participants when required.

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

  • Paddle.com for payment processing
  • Cloud hosting providers (secure data storage)
  • AI and machine learning service providers
  • Customer support and communication tools
  • Analytics providers

6.2 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

6.3 Legal Requirements

When required by law, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Secure payment processing through Paddle.com's PCI DSS compliant systems
  • Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records for operational purposes

Call recordings are typically retained for 90 days unless required for ongoing investigations or legal matters. You may request deletion of your data subject to legal and operational requirements.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal information
  • Data Portability: Request a copy of your data in a portable format
  • Opt-Out: Opt-out of certain data processing activities
  • Restriction: Request restriction of processing

To exercise these rights, please contact us through your account dashboard or our support channels.

10. Children's Privacy

Our Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or services, including:

  • Paddle.com payment processing
  • CRM integrations (GoHighLevel, Salesforce, Attio)
  • Other business tools and services

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification for material changes

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Website: www.vendrato.com
  • Through your account dashboard
  • Via our customer support channels

For payment-related privacy questions, you may also contact Paddle.com at paddle.com/support.