Privacy Policy

At Vendor Spots, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our farmers market vendor management platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

Personal Information

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, mailing address
• Vendor Profile: Business name, description, social media links, business address
• Payment Information: Processed securely through Stripe (we do not store credit card numbers)
• Application Documents: PDF applications, profile images, logos, banners
• Communication Data: Messages, emails, and SMS communications sent through our platform

Automatically Collected Information

When you access our platform, we automatically collect:

• Log Data: IP address, browser type, operating system, access times
• Device Information: Device type, unique device identifiers
• Usage Data: Pages visited, features used, actions taken on the platform
• Cookies: Session cookies for authentication and functionality

Third-Party Information

We may receive information from third-party services:

• Stripe: Payment processing and subscription management data
• Google Calendar: Calendar event data (only if you connect your account)
• WooCommerce: Product synchronization data (if applicable)

We use the information we collect to:

• Provide Services: Create and manage your account, process applications, manage subscriptions
• Process Transactions: Handle payments, vendor spot bookings, and subscription billing
• Communications: Send transactional emails, application status updates, payment confirmations
• Market Management: Connect vendors with market managers, facilitate event applications
• Improve Platform: Analyze usage patterns, identify bugs, develop new features
• Security: Detect fraud, prevent abuse, maintain platform security
• Legal Compliance: Comply with legal obligations and enforce our terms

Marketing Communications

We may send you marketing emails about new features, markets, or promotional offers. You can opt out of marketing emails at any time by clicking the "unsubscribe" link or contacting us directly.

We may share your information in the following circumstances:

With Other Users

• Market managers can view vendor profiles and contact information for applicants
• Vendors can view market information and contact market managers
• Public vendor profiles may be visible to other platform users

With Service Providers

• Stripe: Payment processing and subscription management
• Resend: Transactional email delivery
• Twilio: SMS notifications
• DigitalOcean Spaces: Image and file storage
• Google: Calendar integration (optional)

For Legal Reasons

We may disclose your information if required to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms of Service

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred.

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted over HTTPS/TLS encryption
• Password Security: Passwords hashed using bcrypt
• Access Controls: Role-based access control (RBAC) system
• Email Verification: Mandatory email verification for all accounts
• Payment Security: PCI-DSS compliant payment processing through Stripe
• Secure Storage: Images and files stored on secure cloud infrastructure

Important: While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your data.

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal information
• Portability: Request your data in a portable format
• Opt-Out: Unsubscribe from marketing communications
• Object: Object to certain processing of your information

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within 30 days.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to opt-out of the sale of personal information. We do not sell your personal information.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and the right to object.

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for authentication and core functionality
• Functional Cookies: Remember your preferences and settings
• Session Cookies: Maintain your logged-in state (JWT tokens)

Most browsers allow you to control cookies through their settings. However, disabling cookies may impact your ability to use certain features of our platform.

Do Not Track

We currently do not respond to "Do Not Track" browser signals. We may adopt a policy for responding to such signals in the future.

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations (e.g., tax records, payment history)
• Resolve disputes and enforce our agreements
• Prevent fraud and maintain security

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or security purposes.

Our platform is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if the changes are significant
• Post a notice on our platform

Your continued use of our platform after changes are posted constitutes your acceptance of the updated Privacy Policy.