Product
Product overview Pricing Integrations
Solutions
E-commerce Restaurants Healthcare
Resources
Blog About API
ESENFR
Contact us →

Last updated: April 1, 2026

Privacy Policy

1. Introduction

At VENDAQ SpA ("VENDAQ," "we"), we take privacy seriously. This Privacy Policy describes how we collect, use, store, and protect your information when you use our AI-powered customer service platform.

This policy applies to all users of the VENDAQ platform, including account holders (merchants) and, where relevant, to end customers who interact with our AI agents.

VENDAQ SpA, Chilean Tax ID (RUT) 78.368.957-K, registered at Pastor Fernández 17100A, Lo Barnechea, Santiago Metropolitan Region, Chile.

2. Data We Collect

Account information

  • First and last name of account holder
  • Email address
  • Company name
  • Billing and payment information (processed by Stripe; we do not store card data)
  • Phone number (optional)

Conversation data

  • Messages between the AI agent and end customers (text, transcribed voice, images)
  • Conversation metadata (timestamps, channel, duration, status)
  • Files and media shared in conversations

End customer data

  • Name and phone number (provided by the messaging platform)
  • Conversation history
  • Order information and purchase history (when integrated with e-commerce)
  • Language and contact preferences

Usage and analytics data

  • Pages visited, features used in the dashboard
  • IP address, browser type, device
  • AI agent performance metrics (response times, resolution rates)

3. How We Use Your Data

  • Provide the Service: Process conversations, generate AI responses, manage integrations with messaging channels and e-commerce platforms
  • Improve the Service: Analyze aggregated and anonymized metrics to improve platform performance and experience
  • Analytics: Provide statistics, reports, and metrics within your administration dashboard
  • Billing: Process payments, send invoices, manage subscriptions through Stripe
  • Communications: Send service notifications, product updates, and, with your consent, marketing communications
  • Support: Respond to your inquiries and support requests
  • Security: Detect and prevent fraud, abuse, or unauthorized activities

4. Data We Do NOT Use to Train AI

This is critical: VENDAQ does not use your customers' conversations, your business data, or your end customers' information to train artificial intelligence models.

Conversation data is processed in real time by large language model (LLM) providers exclusively to generate responses. These providers (Google Gemini, Anthropic Claude, Groq) operate under enterprise/API usage policies that prohibit using data for model training.

Aggregated and anonymized analytics may be used to improve the platform overall, but never the contents of your individual conversations.

5. Who We Share Data With

We share data only when strictly necessary to provide the Service:

ProviderPurposeData shared
Google (Gemini)Natural language processingConversation content (real-time, no retention)
Anthropic (Claude)Natural language processingConversation content (real-time, no retention)
GroqNatural language processingConversation content (real-time, no retention)
DeepgramVoice message transcriptionVoice message audio
StripePayment processingBilling information
ClerkUser authenticationAccount and session data
NeonPostgreSQL databaseAll data (as infrastructure provider)
Fly.ioAPI server hostingAll data (as infrastructure provider)
UpstashCache and message queuesSession data and temporary cache
CloudflareCDN and DDoS protectionWeb traffic (no conversation data)

We do not sell, rent, or trade your personal data to third parties. For more details about our sub-processors, see our Data Processing Agreement.

6. Storage and Security

  • Database: PostgreSQL managed by Neon (serverless)
  • Primary region: São Paulo, Brazil (GRU) — for low latency across Latin America
  • Encryption at rest: AES-256
  • Encryption in transit: TLS 1.2+
  • Access controls: Role-based access, multi-factor authentication for internal team
  • Data isolation: Multi-tenant with tenant_id-level isolation (your data is never visible to other merchants)
  • Monitoring: Data access logging and auditing
  • Backups: Automatic daily backups with 30-day retention

7. Data Retention

  • Active account: Data is retained as long as your account is active
  • Canceled account: Data is retained for 30 days after cancellation to allow reactivation, then permanently deleted
  • Conversations: Retained according to your plan settings (by default, indefinitely while the account is active)
  • Billing data: Retained as required by applicable legal and tax obligations (up to 6 years under Chilean law)
  • Security logs: Retained for 12 months
  • Analytics data: Aggregated and anonymized, retained indefinitely

8. End Customer Personal Data

When you use VENDAQ to communicate with your customers, we act as a data processor of your end customers' personal data. You, as the merchant, are the data controller.

This means:

  • We process end customer data only according to your instructions and to provide the Service
  • You are responsible for having a legal basis to collect and process that data
  • You must inform your end customers about the use of AI in customer service
  • You are responsible for handling access, correction, or deletion requests from your end customers

To formalize this relationship, we offer a Data Processing Agreement (DPA).

9. Cookies

We use minimal, essential cookies:

  • Session cookie: To maintain your session after logging into the dashboard
  • Preferences: Language and interface settings
  • Analytics (with consent): Google Analytics to understand website usage (not the dashboard or conversations)

We do not use advertising cookies or third-party tracking cookies for marketing purposes.

For more information, see our Cookie Policy.

10. Your Rights

In accordance with Chilean Law No. 19,628 on the Protection of Private Life, and in line with international standards, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Deletion: Request the deletion of your personal data
  • Portability: Receive your data in a structured and machine-readable format (JSON or CSV)
  • Objection: Object to the processing of your data in certain cases
  • Restriction: Request restriction of processing of your data

To exercise any of these rights, send an email to [email protected]. We will respond within a maximum of 30 days.

11. International Data Transfers

Your data may be processed on servers located outside Chile (Brazil, United States) by our infrastructure providers and AI services. We ensure all providers meet equivalent data protection standards through appropriate contractual agreements.

12. Minors

The Service is intended for business use and is not directed at individuals under 18 years of age. We do not intentionally collect data from minors under 18. If we detect that we have collected data from a minor, we will delete it immediately.

13. Changes to this Policy

We may update this Privacy Policy periodically. We will notify you of material changes at least 30 days in advance by email and through a notice on the platform.

The last update date is indicated at the beginning of this document.

14. Contact

For privacy or data protection inquiries:

  • Privacy email: [email protected]
  • General email: [email protected]
  • Address: Pastor Fernández 17100A, Lo Barnechea, Santiago Metropolitan Region, Chile
  • Tax ID (RUT): 78.368.957-K