Your Privacy Matters

Privacy Policy

We are committed to protecting your privacy and being transparent about how we handle your data.

Last updated: January 15, 2025

1. Introduction

Vinte Technology Pty Ltd ("Vinte", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

This policy applies to information we collect through our website, platform, and services. By using our services, you consent to the practices described in this policy.

If you are located in the European Union (EU) or California, please see the specific sections below regarding your additional rights under GDPR and CCPA.

2. Information We Collect

Personal Information

Information you provide when creating an account or using our services:

  • - Name and email address
  • - Company name and job title
  • - Payment information (processed securely by our payment provider)
  • - Communications with our support team

Business Data (Customer Integrations)

Data accessed through your connected systems via encrypted API keys:

  • - Sales history and transactions
  • - Customer and account details
  • - Pricing and inventory data
  • - Order patterns and forecasts

Important: This data is only accessed using your unique encrypted credentials and remains your property.

Public Data (Market Research)

Publicly available information used for market intelligence:

  • - Restaurant and business directories
  • - Social media and review platforms
  • - Industry research and market reports
  • - News and press releases

Usage Data & Analytics

Information collected automatically through PostHog analytics:

  • - Feature usage and page views
  • - Session duration and interactions
  • - Device type and browser information
  • - IP address (anonymized where possible)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our platform
  • Process your data through AI to deliver insights and recommendations
  • Improve and develop new features
  • Send service-related communications (updates, security alerts, support)
  • Respond to your inquiries and provide customer support
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Union, we process your personal data on the following legal bases:

Contract Performance

Processing necessary to perform our contract with you (providing our services).

Legitimate Interests

Processing for our legitimate business interests (improving services, analytics), balanced against your rights.

Consent

Where you have given explicit consent (e.g., marketing communications). You may withdraw consent at any time.

Legal Obligations

Processing necessary to comply with legal requirements (tax, accounting, regulatory).

5. Data Sharing & Sub-Processors

We never sell your personal data. We share data only with trusted third-party service providers who help us operate our platform:

Provider Purpose Location
Vercel Hosting & infrastructure USA
Supabase Database & authentication USA
OpenAI AI processing (Enterprise API) USA
Trigger.dev Background job processing USA
Reducto Document processing USA
PostHog Product analytics USA/EU

All sub-processors are bound by data protection agreements and maintain appropriate security measures.

6. Data Security

We implement industry-standard security measures to protect your data:

Encryption at Rest

Data encrypted via Supabase infrastructure

Encryption in Transit

TLS 1.3 for all data transfers

Unique API Keys

Encrypted credentials per customer

Access Controls

Role-based access management

Security Audits

Regular vulnerability assessments

No AI Training

Your data never trains AI models

For more details, see our Data Security documentation.

7. Data Retention

We retain your data according to the following principles:

  • Account Data: Retained while your account is active and for a reasonable period afterward for record-keeping
  • Business Data: Processed in real-time; not retained after processing unless necessary for service delivery
  • Deletion: Data deleted upon your request, subject to legal retention requirements

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our sub-processors are located.

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all sub-processors
  • Technical and organizational security measures

9. Your Rights (GDPR - EU Users)

If you are located in the European Union, you have the following rights under GDPR:

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to certain processing activities

Right to Withdraw Consent

Withdraw consent where processing is based on consent

Right to Complain

Lodge a complaint with a supervisory authority

To exercise these rights, contact us at hello@vinte.ai

10. Your Rights (CCPA - California Users)

If you are a California resident, you have the following rights under CCPA:

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights
  • Authorized Agents: Designate an agent to submit requests on your behalf

Do Not Sell My Personal Information: We do not sell personal information. We share data only with service providers who help us operate our platform.

To exercise these rights, contact us at hello@vinte.ai.

11. Cookies & Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Necessary for site functionality and authentication
  • Analytics Cookies: PostHog for understanding product usage and improving our services

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings.

12. Children's Privacy

Our services are intended for business users who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18.

If we learn that we have collected personal information from a minor, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with personal information, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on this page with a new "Last Updated" date
  • Notify you by email for significant changes affecting your rights

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us.

Vinte Technology Pty Ltd

Queensland, Australia

Email: hello@vinte.ai

We aim to respond to all data protection inquiries within 30 days.

Contact Us Data Security

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Queensland, Australia.

For EU residents, nothing in this policy affects your rights under applicable EU data protection laws, and you may lodge complaints with your local data protection authority.