Privacy Policy

1. Introduction

Welcome to VendorDB! This privacy policy outlines how we collect, use, and protect your personal data when you use our platform. By accessing or using VendorDB, you agree to the terms of this policy.

2. Information We Collect

VendorDB collects the following data:

  • IP address from all users
  • Username, email address, password (hashed via bcrypt), and date of birth (for age verification during registration) from registered users
  • Profile picture, display name, "About Me" section, and country of residence (optional) as set by users

We do not collect any other personal data, and all data is stored in a secure MongoDB database.

3. Use of Your Information

VendorDB uses your information for the following purposes:

  • Providing and promoting VendorDB services
  • Verifying your identity for age verification during registration
  • Allowing user interaction, such as reviews and updates
  • Personalizing your experience on VendorDB
  • Contacting you with service-related announcements
  • Handling support and user inquiries

Your personal data is not shared with any third parties. All data processing is strictly for the operation and improvement of VendorDB services.

4. Legal Basis for Data Processing

VendorDB processes your personal data based on the following legal grounds:

  • For the performance of the contract with registered users (e.g., providing access to VendorDB services)
  • For compliance with legal obligations, such as age verification and data protection regulations
  • For the legitimate interests pursued by VendorDB to maintain and improve the platform

You have the right to withdraw your consent at any time by deleting your account.

5. Cookies and Session Tokens

VendorDB uses session tokens in the form of JSON Web Tokens (JWT) for registered users to maintain their sessions. These tokens are securely stored on the client-side as HTTP-only cookies.

There are no other cookies used on VendorDB, and no third-party tracking or analytics software is utilized. Your consent to cookies is implied when you log in, and no additional cookie consent button is required. Session tokens expire three days after being issued, and they are automatically renewed upon each login.

6. Data Security

VendorDB takes data security seriously. All data is stored in a MongoDB database, with passwords hashed via bcrypt for added protection. The database is not directly accessible from the internet, and access is restricted to the server via firewall rules. All traffic on VendorDB is SSL-only, ensuring encrypted communication between the server and users. The server itself is accessible only via SSH, using a private/public key system with password login disabled.

If a data breach occurs, VendorDB will take immediate action to limit its severity. Affected users will be notified via email and will have their passwords reset. If the full extent of the breach is uncertain, a precautionary password reset may be applied to all users. VendorDB will also release a public statement on all available channels, such as the website and social media, to inform users about the incident.

7. Data Retention

VendorDB retains your personal data for as long as your account is active. If you choose to delete your account, all associated account data, including any past reviews, will be immediately removed from our database. Users have the right to request deletion of their account at any time. Account data that is no longer necessary will be securely deleted.

8. Children's Privacy

VendorDB is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided personal data to VendorDB, please contact us at privacy@vendordb.info to request deletion of the data.

9. Your Data Subject Rights

As a user of VendorDB, you have the following data subject rights:

  • Right to access: You can view all data collected about you in your Dashboard after logging in.
  • Right to rectification: You can edit your data in user settings.
  • Right to erasure: You can delete your account and all associated data at any time in your Dashboard after logging in.
  • Right to restriction of processing: If you do not consent to data processing, you can delete your account.
  • Right to data portability: When requesting your data, it can optionally be displayed as JSON format.
  • Right to object: You can delete your account if you object to data processing.
  • Right not to be subject to automated decision making: Currently, no automated decision processes are in place. Any future implementations will involve human moderation.

To exercise your rights or if you have any questions about our privacy practices, please contact us at privacy@vendordb.info.

10. Contact Information

If you have any questions or concerns regarding this privacy policy or your data on VendorDB, please contact us at:

Xenorio - Management
Schlesierstraße 3
64546 Mörfelden-Walldorf
Germany
Email: privacy@vendordb.info
Representative: Marcus Huber

11. Changes to This Policy

Users will be notified of any changes to this privacy policy via email using the address associated with their account. Additionally, a message will be sent in the news room of our Matrix space. All changes are also accessible on our GitHub repository. Continued use of VendorDB after policy updates implies acceptance of the revised terms.