Privacy Policy

This Privacy Notice for VendorPlan, Inc. ("VendorPlan," "we," "us," or "our") explains how we access, collect, store, use, and share information (collectively, "process") when you use our services (the "Services"), including when you:

• Visit our website at https://www.vendorplan.ai (opens in a new tab) or any website of ours that links to this Privacy Notice
• Use the VendorPlan application and related services that link to this Privacy Notice

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.

• What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
• Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions. We do not process sensitive personal information.
• Do we collect any information from third parties? We may collect information from public databases, marketing partners, social media platforms, and other outside sources. Learn more about information collected from other sources.
• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
• In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information.
• How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
• What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
• How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws. Learn more at Section 16.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.

1. What information do we collect?
2. How do we process your information?
3. When and with whom do we share your personal information?
4. Do we use cookies and other tracking technologies?
5. Do we offer artificial intelligence-based products?
6. How long do we keep your information?
7. How do we keep your information safe?
8. Do we collect information from minors?
9. What are your privacy rights?
10. Controls for do-not-track features
11. Do United States residents have specific privacy rights?
12. VendorPlan communications data
13. Record calls or store transcripts
14. Do we make updates to this notice?
15. How can you contact us about this notice?
16. How can you review, update, or delete the data we collect from you?
17. Cookie Policy

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. When you use VendorPlan for a project, you or your organization may provide additional information through the Services, including communications and documents routed to VendorPlan in connection with delivery coordination.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• names
• phone numbers
• email addresses
• job titles
• mailing addresses
• account credentials (such as username and password)

Sensitive Information. We do not intentionally collect or process sensitive personal information. Please do not submit sensitive personal information through the Services. If sensitive personal information is included in communications or documents that you choose to provide to the Services, we will process it only as necessary to provide the Services and for security, legal, and compliance purposes.

Payment Data. If you choose to make a purchase, payments are processed by our third-party payment processor, Stripe. We do not collect or store your payment card numbers. Stripe may collect and store payment information according to its own privacy practices. You may review Stripe’s privacy notice at https://stripe.com/privacy (opens in a new tab).

Notifications and Communications. We may send notifications and other communications related to the Services, including by email and through the VendorPlan application. These communications may be sent to you, other users within your organization, and to your vendors or other project participants when your organization uses the Services to coordinate deliveries (for example, delivery instructions, scheduling updates, requests for confirmation, and other project-related notices).

Your organization controls who is designated to receive Service notifications, including which users within your organization and which vendor contacts (or other project participants) receive emails or other notices through the Services. Where enabled, we may also send push notifications to contractor users through the VendorPlan application. You can manage certain notification preferences through your account settings or your device settings. Vendors and other recipients may manage email preferences using unsubscribe or preference options provided in the message where required by law.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

We also collect information through cookies and similar technologies. You can find out more about this in our Cookie Policy in Section 17 of this document.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Information collected from other sources

We may receive information about you from third parties, such as service providers, channel partners, event organizers, referral sources, or integrations you enable. This may include professional or business contact information (for example, name, company, role, email address, phone number) and information related to your use of our website or Services.

We use this information to provide and improve the Services, communicate with you, manage events, marketing, and promotions, and maintain our records, in accordance with applicable law. We may use cookies and similar technologies for analytics and, where permitted, advertising-related purposes. See our Cookie Notice for more information and choices.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts.
• To deliver and facilitate delivery of services to the user.
• To respond to user inquiries/offer support to users.
• To send administrative information to you.
• To request feedback.
• To send you marketing and promotional communications.
• To protect our Services.
• To evaluate and improve our Services, products, marketing, and your experience.
• To identify usage trends.
• To comply with our legal obligations.
• Delivery Coordination. To coordinate and confirm construction deliveries by processing emails/attachments and communicating with vendors and drivers on the customer’s behalf.
• Reporting and Analytics. To generate operational reporting and analytics related to project delivery coordination, including dashboards and performance metrics based on Customer Content, communications data, and usage data.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

The categories of third parties we may share personal information with are as follows:

• AI Platforms
• Cloud Computing Services
• Payment Processors
• Data Storage Service Providers
• Performance Monitoring Tools
• User Account Registration & Authentication Services
• Website Hosting Service Providers
• Sales & Marketing Tools
• Communication & Collaboration Tools

Business transfers. We may share or transfer personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, reorganization, bankruptcy, or acquisition of all or a portion of our business.

We may use cookies and similar technologies (such as pixels and local storage) to collect information when you interact with our Services. These technologies help us operate the Services, maintain security, prevent crashes, fix bugs, save your preferences, and understand how the Services are used.

We may allow service providers to use these technologies on our behalf for analytics, performance monitoring, and to improve our Services. We do not use cookies or similar technologies to engage in targeted advertising based on your activity within the VendorPlan application.

For more information about the cookies and similar technologies we use and the choices available to you, please see our Cookie Notice in Section 17 of this agreement.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services.

Use of AI Technologies

We provide the AI Products through third-party service providers ("AI Service Providers"), including OpenAI. As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes outlined in Section 3. You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

AI Features may be used to:

• Extract and structure delivery-related information from communications and documents provided to the Services (emails and attachments)
• Match communications to the correct project, vendor, or delivery
• Generate summaries, suggested updates, and audit-log style notes for users
• Support search, filtering, and organization of project delivery information within the Services
• Help detect spam, abuse, and security issues related to communications processing
• Assist users through a chatbot or conversational interface to create, update, and reschedule delivery calendar events and related project instructions based on user requests
• Support the voice agent and project-specific driver phone

How We Process Your Data Using AI

We do not use Customer Content to train public or third-party foundation models. We process information using AI Features only to provide and improve the Services, maintain security, and comply with law, consistent with this Privacy Notice and our agreements with service providers.

All personal information processed using our AI Products is handled in line with our Privacy Notice and our agreement with third parties. This ensures high security and safeguards your personal information throughout the process, giving you peace of mind about your data’s safety.

We retain personal information for as long as necessary to provide the Services and for the other purposes described in this Privacy Notice, including to maintain business records, comply with legal obligations, resolve disputes, and enforce our agreements.

In general, we retain information associated with a customer account for the duration of the customer’s relationship with us. Customer Content and project records are retained in accordance with the customer’s configuration or applicable retention settings (if available), and otherwise for a reasonable period consistent with providing the Services. We may retain certain information for longer periods where required or permitted by law (for example, tax, accounting, compliance, and security obligations).

When we no longer have a legitimate business need to process personal information, we will delete or anonymize it. If deletion is not immediately possible (for example, because the information is stored in backups), we will securely store the information and isolate it from further processing until deletion is possible.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@vendorplan.ai.

Certain privacy rights described in this Notice apply only where required by applicable law. Our Services are intended for business users, and we will respond to rights requests as and when applicable law requires.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section How can you contact us about this notice?.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

• Log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our cookie policy in Section 17.

If you have questions or comments about your privacy rights, you may email us at privacy@vendorplan.ai.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

This section applies only to the extent U.S. state privacy laws apply to VendorPlan’s processing of personal information.

Categories of Personal Information We Collect

• A. Identifiers — Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name
• B. Personal information as defined in the California Customer Records statute — Name, contact information, education, employment, employment history, and financial information
• C. Commercial information — Transaction information, purchase history, financial details, and payment information
• E. Network activity — Information about a user’s interaction with our website and Services, such as pages or screens viewed, features used, timestamps, referring URLs, and in-app search queries (if used), plus related analytics and log data.
• F. Geolocation data — Approximate location information derived from an IP address (for example, city, state, or region). We do not collect precise geolocation (GPS) data.
• G. Audio, electronic, sensory, or similar information — Audio recordings and related call information (such as call metadata and, where enabled, transcripts) generated when individuals call a project-specific phone line or otherwise communicate with us. This may also include electronic communications and files provided through the Services (such as emails and attachments) and information generated in connection with operating and securing the Services.
• H. Professional or employment-related information — Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us
• I. Inferences drawn from collected personal information — Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

• Receiving help through our customer support channels;
• Participation in customer surveys or contests; and
• Facilitation in the delivery of our Services and to respond to your inquiries.

We will use and retain the collected personal information as needed to provide the Services or for:

• Category A - As long as the user has an account with us

Sources of Personal Information

We collect personal information from the following sources:

• Directly from you when you create an account, configure projects, submit forms, contact support, or otherwise use the Services.
• From your organization and its administrators when a customer provisions user accounts, assigns roles, configures notification recipients, or provides business contact details for project participants.
• From communications and documents routed to VendorPlan in connection with delivery coordination (for example, emails and attachments that you or your organization choose to CC or forward to VendorPlan).
• From vendors, drivers, and other project participants when they receive and respond to Service communications, or when they call a project-specific phone line to receive delivery instructions (including related call metadata and any information provided during the interaction).
• Automatically through your use of the website and Services (for example, log data, device information, and cookies or similar technologies, as described in this Privacy Notice and our Cookie Notice).
• From integrations and third-party services you enable (for example, tools used for authentication, communications, analytics, or other supported integrations).
• From service providers that support transactions (for example, we may receive limited information from Stripe confirming payment status and related billing details, but we do not receive or store full payment card numbers).

How We Use and Share Personal Information

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information in the section When and with whom do we share your personal information?.

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under When and with whom do we share your personal information?.

Your Rights

• Right to know whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request the deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to non-discrimination for exercising your rights
• Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Depending upon the state where you live, you may also have the following rights:

• Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)
• Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)
• Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)
• Right to obtain a list of third parties to which we have sold personal data (as permitted by applicable law, including the privacy law in Connecticut)
• Right to review, understand, question, and depending on where you live, correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Connecticut and Minnesota)
• Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)
• Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)

How to Exercise Your Rights

You may submit a request by emailing privacy@vendorplan.ai with the subject line “Privacy Rights Request.” Please include your name, the email address associated with your account (or other information that allows us to locate your records), the state where you reside, and the specific right you wish to exercise. Authorized agents may submit requests on behalf of a consumer where permitted by law, and we may require proof of authorization.

Request Verification

To protect your information, we will take reasonable steps to verify your identity before responding to a request. Verification methods may vary depending on the nature of the request and the sensitivity of the information involved. If we cannot verify your identity, we may be unable to fulfill the request.

California "Shine The Light" Law

California Civil Code Section 1798.83 permits California residents, in certain circumstances, to request information about disclosures of certain categories of personal information to third parties for their direct marketing purposes. To make such a request, email privacy@vendorplan.ai and include “Shine the Light Request” in the subject line.

When customers use VendorPlan for a construction project, the Services may process communications and related information ("Communications Data") to coordinate deliveries and keep project information up to date.

What Communications Data may include

• emails and attachments that customers choose to CC or forward to VendorPlan (and related message metadata such as sender, recipients, subject line, and timestamps)
• delivery-related information contained in those communications or attachments
• notifications and messages sent by VendorPlan to designated recipients (including customer users and vendor contacts), and related delivery status information
• information created in the Services based on communications processing, such as calendar events, delivery status indicators, audit logs, summaries, and operational notes
• usage and activity data related to communications features (for example, when notifications are sent)

How we use Communications Data

We use Communications Data to provide and operate the Services, including extracting and organizing delivery details, updating delivery calendars and audit logs, sending project-related notifications to designated recipients, providing customer support, improving reliability and performance, and maintaining security and compliance.

Customer control

Customer administrators control which users and vendor contacts are designated to receive Service notifications, and customers determine what communications and documents are routed into the Services.

VendorPlan may provide a project-specific phone line that drivers and other project participants can call to receive delivery instructions and related project information.

Call data we may process

Depending on configuration and applicable law, we may process:

• call metadata (such as caller phone number, time, duration, and routing information)
• call audio and information provided during the call
• where enabled, transcriptions or call recordings

Recording and transcription notice

If call recording or transcription is enabled, we will provide notice to callers as required by law. Recording and transcription may be used to provide the voice feature, support quality assurance, maintain an audit trail (where applicable), troubleshoot issues, and maintain security.

Retention

Call logs and any recordings or transcripts (if collected) are retained in accordance with this Privacy Notice and our retention practices, including as needed to provide the Services, maintain security, and comply with legal obligations.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

You may request access to, correction of, or deletion of personal information by contacting us at privacy@vendorplan.ai. We may need to verify your identity before processing your request.

Please note that we may retain certain information as necessary to provide the Services, comply with legal obligations, maintain security, prevent fraud, resolve disputes, and enforce our agreements, consistent with the “How long do we keep your information?” section of this Privacy Notice.

Last updated January 15th, 2026

This Cookie Policy explains how VendorPlan, Inc. (“Company,” “we,” “us,” and “our”) uses cookies and similar technologies to recognize you when you visit our website at https://www.vendorplan.ai (opens in a new tab) (the “Website”) and, where applicable, when you use our web-based Services. It explains what these technologies are and why we use them, as well as your choices to control our use of them.

In some cases, cookies and similar technologies may collect information that is considered personal information, or that becomes personal information if combined with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, VendorPlan, Inc.) are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use cookies and similar technologies for the following purposes:

• Strictly necessary cookies to operate the Website and Services, maintain security, enable core functionality, and prevent fraud.
• Functional cookies to remember preferences and settings.
• Analytics and performance cookies to understand how the Website and Services are used, measure performance, and improve reliability.

We do not use cookies or similar technologies for cross-context behavioral advertising based on your activity within the VendorPlan application.

How can I control cookies?

You can control cookies through your browser settings. Most browsers allow you to remove or reject cookies and to set preferences for certain websites. If you choose to remove or reject cookies, some features of the Website or Services may not function properly. We may implement additional cookie preference tools in the future, and we will update this Cookie Policy if we do.

How can I control cookies on my browser?

Browser settings vary by browser. You can typically find cookie controls in your browser’s help menu or settings.

What about other tracking technologies, like web beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Do you serve targeted advertising?

We do not use cookies or similar technologies on the VendorPlan application for targeted advertising. If we use advertising-related cookies on our Website in the future, we will update this Cookie Policy and, where required, provide choices through our cookie preference tools.

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore revisit this Cookie Policy regularly to stay informed about our use of cookies and related technologies. The date at the top of this Cookie Policy indicates when it was last updated.

Where can I get further information?

If you have any questions about our use of cookies or other technologies, please contact us at privacy@vendorplan.ai.

Or