Vendit logo

Vendit

About

Privacy Policy

Effective October 28, 2025

1. Introduction

This Privacy Policy explains how Vendit Mobile, LLC ("Vendit", "we", "our", "us") and its affiliates collect, use, disclose, and protect personal information in connection with the Vendit mobile application and related websites and services. By using the Service, you acknowledge this Privacy Policy and the Terms of Service. If you do not agree, do not use the Service.

2. Scope

The Service is directed to, and made available for, U.S. residents and U.S. businesses only. We do not intentionally make the Service available outside the United States. We may close or restrict accounts that do not meet these requirements.

The Service is not intended for individuals under the age of 18. By using the Service, you represent that you are at least 18 years old. If we learn that we have collected personal information from someone under 18, we will delete it.

3. Controller

Vendit Mobile, LLC is the entity responsible for personal information processed in connection with the Service.

Contact us:
Email: support@venditmobile.com

4. Data Residency

Primary storage and routine processing occur in data centers located in the United States. We do not intentionally transfer personal information outside the United States except as required to provide the Service or comply with law.

5. Information We Collect

We collect the following categories of information directly from you, from your devices, and from integrated services that you choose to connect.

  • Account information: Email address, password, and display name.
  • Photos and listing content: Photos of items you choose to scan and the context we extract from those photos such as item context, tags and text. We do not collect video or audio through the Service.
  • Device and technical information: Device type and operating system, app version, Internet Protocol address used to derive coarse location at the city or region level, timestamps, and diagnostic information including crash or error reports.
  • Usage information: In-app screens viewed, features used, interactions necessary to operate and improve the Service. We configure analytics to a minimal, privacy-forward baseline and disable advertising features.
  • Payments: If you purchase from us on the web, payments are processed by our payment processor.
  • Support communications: Support messages and attachments you send to us.
  • eBay connection data: OAuth tokens and technical identifiers needed to publish to your eBay account. We do not keep eBay tokens after you disconnect or revoke access.

6. Sources of Information

We obtain information directly from you, from your devices during use of the Service, and from eBay when you connect your account and request suggested listing data. We do not obtain information from data brokers.

7. How We Use Information

We use personal information for the following purposes:

  • Provide the Service: Authenticate accounts, allow you to scan items, extract context, create drafts, and publish listings to eBay.
  • Personalize for your account: Remember recent choices and provide lightweight suggestions based on your own activity in your account. We do not build cross-user profiles.
  • Security and abuse prevention: Protect the Service and users, prevent fraud and misuse, detect and respond to incidents, and enforce our terms.
  • Reliability and improvement: Debug, fix crashes, measure and improve performance and usability, and run low-risk experiments and product tests.
  • Communications: Send transactional messages, service announcements, and product updates by email. You can opt out of non-transactional emails at any time.
  • Legal compliance: Comply with law, respond to lawful requests, and protect the rights, property, and safety of the Service, our users, and the public.

We do not use your photos, your extracted context, or eBay-sourced data to train machine learning models, whether our own or those of our service providers.

8. Sales of Personal Data

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We honor Global Privacy Control signals on our web surfaces. We do not collect or use mobile advertising identifiers such as IDFA or Google Advertising ID.

9. Cookies

Our web surfaces may use strictly necessary cookies and privacy-respecting analytics to understand traffic and improve the site. You can control cookies through your browser settings. We do not respond to browser Do Not Track signals because a common standard has not been established, but we honor Global Privacy Control as stated above.

10. Disclosure of Information

We disclose personal information as described below:

  • Service providers: We engage third parties to host, store, process, and support the Service such as cloud hosting, authentication, image processing, analytics, crash diagnostics, and email delivery. Each service provider is bound by a written agreement requiring them to process personal information only to provide contracted services, to implement appropriate security measures, and to refrain from using our data to train their models or for unrelated purposes.
  • At your direction: We disclose information when you instruct us to do so, such as when you connect and publish to eBay.
  • De-identified and aggregated information: We may share information that cannot reasonably be used to identify you to help us explain product usage and improve the Service. We do not permit re-identification.
  • Legal process and safety: We disclose information when we have a good-faith belief that doing so is required by a valid legal process or request, to enforce our terms, to prevent fraud or abuse, or to protect the Service, our users, or the public. When legally permitted, we will notify affected users before producing their information.
  • Business transfers: If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred to the successor subject to this Policy or a policy at least as protective.

We do not publish a live list of our service providers in this Policy. A current list of material vendors is available upon request.

11. Intermediate Copies

When you connect your eBay account, we can retrieve suggested listing data such as title, category, price, and item specifics along with account specifics to better enhance your service experience. To help you review and publish, we store an intermediate copy of that data in our systems.

Unpublished drafts: If you do not publish, we keep the draft for up to 30 days, after which any data from or derived from eBay is deleted leaving minimal fields needed to support reference and continuity.

Published drafts: After you publish, we keep only the minimal fields needed to support continuity and limited troubleshooting such as an internal reference to your draft and basic status for up to 30 days, after which that data is deleted. We do not cache or reuse full eBay listing content after publishing.

User-initiated deletion: You can delete a draft at any time. When you choose to delete, we delete the intermediate copy and queued assets as soon as reasonably possible.

Tokens and revocation: We store eBay tokens securely while the connection is active. When you disconnect in the app or revoke access through eBay, we purge our stored tokens without delay.

12. Retention

We keep personal information only as long as needed for the purposes described in this Policy, then delete it from active systems and allow it to expire from backups on a fixed schedule. Our standard retention schedule is as follows:

  • Account information: Deleted from active systems within 30 days after account deletion. Backup copies roll off within 90 days through scheduled rotation.
  • Photos and extracted context: Kept until you delete them or delete your account. No automatic archive period is applied.
  • eBay drafts and minimal post-publish fields: Unpublished drafts are deleted at 30 days. Minimal post-publish fields are deleted at 30 days. If you delete a draft, we delete it promptly.
  • OAuth tokens for eBay: Kept while the connection is active and purged immediately upon disconnect, revocation, or expiry.
  • Analytics events: Retained for 12 months.
  • Crash and diagnostics: Retained for 90 days.
  • Logs: Application and security logs retained for 90 days.
  • Support communications: Retained for 12 months.
  • Backups: Encrypted backups roll off within 90 days through scheduled rotation and are not used for production processing.
  • De-identified and aggregated data: May be retained without a set time limit and will not be used to re-identify individuals.

Legal holds: We may retain specific records for longer periods where we reasonably believe it is necessary to comply with law, resolve disputes, or protect the Service and users. We limit such retention to what is necessary and delete when those purposes conclude.

Lifecycle enforcement: We use storage lifecycle rules, time-based deletion jobs, and related technical controls to enforce the schedule above.

13. Security

We employ administrative, technical, and physical safeguards designed to protect personal information:

  • Encryption: Encryption in transit using Transport Layer Security version 1.2 or later. Encryption at rest using server-side encryption with a managed key service or equivalent.
  • Access controls: Least-privilege access, multi-factor authentication for production systems, role-based access to tools, and just-in-time ticketed access with audit logging for any human review of user content.
  • Key and secret management: Keys and secrets are stored in a secrets management system. We avoid hard-coded credentials and favor short-lived credentials.
  • Vulnerability and patch management: Routine scanning and prompt remediation. Critical vulnerabilities addressed on an expedited basis and high severity within a reasonable period.
  • Testing: We conduct periodic security testing and annual vulnerability scans. We may commission a third-party penetration test before major releases or when required for enterprise onboarding.
  • Business continuity: Regular backups, continuity planning, and disaster recovery targets designed to restore service within a reasonable period.
  • Incident response: We investigate potential incidents and notify affected users without undue delay and within a commercially reasonable outer bound of 72 hours where permitted by law.

No method of transmission or storage is perfectly secure. We work to protect personal information but cannot guarantee absolute security.

14. Privacy Rights

We honor core U.S. privacy rights for all U.S. users even if a particular state law does not require it. Subject to legal limits, you may exercise the rights below:

  • Access: Request a copy of your personal information.
  • Correction: Request correction of inaccurate information we maintain about you.
  • Deletion: Request deletion of your personal information. We will delete from active systems within 30 days and allow backups to expire within 90 days, subject to the limits in the Retention section.
  • Portability: Request a portable copy of certain information in a commonly used format.
  • Appeal: If we deny your request, you may appeal through the same channel you used to make the request. We will respond to appeals within 45 days. If your appeal is denied and state law gives you the right to contact your Attorney General, our response will describe how to do so.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

How to submit a request: Use the in-app help center or email support@venditmobile.com. We will verify your identity using your logged-in session and an email challenge. Authorized agents may submit requests on behalf of a user where allowed by law, subject to verification of both the agent and the user. We may deny or limit requests that are excessive or unfounded.

15. Children

We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information, contact us and we will delete it.

16. Artificial Intelligence and Service Providers

We use third-party service providers to deliver the Service, and these providers are bound to a Data Processing Agreement (DPA). Our selection of third-party services does not claim to train on any input data you provide and are bound to process information only as instructed, to protect input information, and to prevent the use of data to train artificial intelligence systems. We do not publish a live list of vendors in this Policy. A current list of material vendors is available upon request by email. We may add, remove, or replace vendors at any time and your continued use of the Service after updates constitutes acceptance.

17. Government Requests

We require valid legal process before disclosing user information to law enforcement or other government authorities, unless disclosure is necessary to prevent imminent harm. Where legally permitted, we will notify affected users before producing their information so they can seek protection.

18. Changes to this Policy

We may update this Privacy Policy from time to time. The Last updated date reflects the effective date of changes. Material changes will be posted in the app or on our website. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

19. California Notice at Collection and State Disclosures

We provide the following summary of categories of personal information for transparency. We collect the categories listed below from you or your device and use them for the purposes described in the How we use information section. We retain them for the periods described in the Retention section.

Categories we collect:

  • Identifiers such as email address and device identifiers
  • Internet or network activity such as usage and diagnostic information
  • Geolocation derived from Internet Protocol address at a coarse level
  • Commercial information limited to your interactions with Vendit
  • Audio visual or similar information limited to photos you upload
  • Inferences limited to session-level preferences and draft status
  • Sensitive information is not intentionally collected

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under 16. You can exercise rights as described in the Your privacy choices and rights section. We honor Global Privacy Control signals on our web surfaces.

20. Contact

Questions about privacy or this Policy can be sent to support@venditmobile.com or in app. Security reports can be sent to the same address.

Vendit - It's Never Been This Easy To List This Much

Privacy PolicyTerms of ServiceContact

© 2025 Vendit Mobile. All rights reserved.