Privacy Policy
This policy describes how AI Vendor Packet handles data for the public website, scanner, workspace app, billing flow, and analytics.
This page describes the current launch-readiness position. It should be reviewed by a qualified lawyer before relying on it for contract decisions.
Last reviewed: May 21, 2026
What we collect
AI Vendor Packet may collect account information such as email address, workspace name, selected vendors, selected commitments, review notes, billing plan, and product settings.
The public scanner can run without an account. If a user saves a scanner draft in the browser, that draft stays in browser storage unless the user imports it into a workspace.
The product may collect basic analytics and attribution data, including page visits, UTM parameters, and conversion events such as scanner completion or checkout start.
How we use data
We use account and workspace data to provide review packets, evidence records, scanner reports, billing, support, abuse prevention, security review, and product improvement.
We use analytics and campaign data to understand which pages and review paths are useful. We do not treat analytics as a substitute for legal, privacy, or security review.
What users should avoid entering
AI Vendor Packet is not designed to receive secrets, passwords, private keys, payment card numbers, health records, or large customer data exports.
Scanner fields and review notes should describe usage context and commitments at a summary level. They should not contain raw customer content unless a signed agreement and security review support that use.
Sharing and subprocessors
We may share data with service providers that help operate the product, such as hosting, database, authentication, analytics, payment, email, and monitoring providers.
We do not sell customer workspace data. If this changes, the policy should be updated and reviewed before the change takes effect.
Retention and deletion
Workspace records are retained while the account is active so users can keep review evidence and history.
Users can request deletion or export through the contact email listed on this page. Some billing, audit, security, or backup records may be retained where needed for operations or legal obligations.
Security
AI Vendor Packet uses private app routes, authenticated sessions, server-side checks, rate limits, and review audit logs to reduce accidental exposure.
No security program can guarantee that data will never be accessed, lost, or misused. The Security page explains current controls and launch limits.
Questions about these pages: Use the contact address provided in your order form, receipt, or workspace invitation. AI Vendor Packet organizes review evidence and suggested review actions. It does not provide legal advice.