VendWave

VendWave Privacy Policy

Last updated: June 2026

1. Introduction

Welcome to VendWave. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how VendWave ("we", "us", or "our") collects, uses, stores, and protects information about you when you use our platform at vendwave.app and our WhatsApp assistant service.

By signing up for VendWave, you agree to the collection and use of information in accordance with this policy.

We operate in compliance with the Nigerian Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. If you are located in the European Economic Area, we also comply with the General Data Protection Regulation (GDPR).

2. Who We Are

VendWave is a business management platform that helps small vendors and business owners log sales, create invoices, track inventory, and manage their business through WhatsApp and a web portal.

For questions about this policy, contact us at: privacy@vendwave.app

3. Information We Collect

3.1 Information You Provide Directly

Account information:

  • Full name
  • Business name and display name
  • Email address
  • Password (stored as a secure hash — we never store your plain text password)
  • WhatsApp phone number
  • Currency preference
  • Business logo (if uploaded)

Business data you enter:

  • Customer names, phone numbers, and email addresses
  • Transaction records — sales amounts, products, payment status
  • Invoice and receipt details
  • Inventory records — product names, quantities, prices
  • Team member names and WhatsApp numbers

Communications:

  • WhatsApp messages you send to the VendWave assistant
  • Messages you send through the portal chat interface
  • Support communications you send to us

3.2 Information Collected Automatically

Usage data:

  • Pages visited and features used within the portal
  • Time and date of actions
  • Device type and browser information
  • IP address
  • Session duration

WhatsApp interaction data:

  • Message timestamps
  • Message delivery status
  • Whether you have activated your WhatsApp connection

3.3 Information From Third Parties

Paystack:

When you make a payment we receive transaction confirmation from Paystack including payment reference, amount, and status. We do not store your card details — these are handled entirely by Paystack.

Meta (WhatsApp Business API):

We use Meta's WhatsApp Business API to send and receive WhatsApp messages. Meta processes your WhatsApp number and message content to facilitate the service.

Cloudinary:

We use Cloudinary to store your business logo and generated invoice and receipt images.

4. How We Use Your Information

We use the information we collect to:

  • Provide the service — process your sales, generate invoices and receipts, track inventory, and deliver analytics
  • Power the WhatsApp assistant — parse your messages using AI to understand your intent and take the right action
  • Send you communications — morning reminders, weekly business reviews, trial expiry notices, payment confirmations, and system notifications via WhatsApp
  • Process payments — manage your subscription through Paystack
  • Improve the product — understand how vendors use VendWave to make it better
  • Provide support — respond to your questions and resolve issues
  • Comply with legal obligations — meet our obligations under Nigerian and applicable international law

We do not sell your personal information to third parties. We do not use your business data for advertising purposes.

5. AI Processing of Your Messages

When you send a message to the VendWave WhatsApp assistant or use the portal chat, your message is processed by Anthropic's Claude AI to identify your intent and extract relevant information such as customer names, amounts, and product names.

Your messages are sent to Anthropic's API for processing. Anthropic's privacy policy governs how they handle this data. We do not use your messages to train AI models.

We store the intent and extracted entities in our database to execute your requested action. The raw message text is not stored permanently — only the structured data extracted from it.

6. Your Customers' Data

When you use VendWave you may enter information about your own customers — their names, phone numbers, and transaction history. You are the data controller for your customers' information. We process this data on your behalf as a data processor.

You are responsible for:

  • Ensuring you have the right to store your customers' information
  • Informing your customers that their information is processed through VendWave
  • Handling any requests your customers make regarding their personal data

7. Team Members

If you add team members to your VendWave account, we collect their name and WhatsApp number. We send them an activation message via WhatsApp. Their transaction activity is recorded and visible to the business owner.

Team members should be informed that their activity on VendWave is visible to the business owner.

8. How We Share Your Information

We share your information only in the following circumstances:

Service providers:

  • Meta (WhatsApp Business API) — WhatsApp message delivery
  • Anthropic — AI message processing
  • Paystack — payment processing
  • Cloudinary — file storage
  • Vercel — frontend hosting
  • Railway/Render — backend hosting

All service providers are contractually required to handle your data securely and only for the purposes we specify.

Legal requirements:

We may disclose your information if required by Nigerian law, court order, or government authority.

Business transfers:

If VendWave is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before this happens.

We do not share your information with any other third parties.

9. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Account data — retained while your account exists and for 12 months after deletion
  • Transaction records — retained for 7 years to comply with Nigerian financial record-keeping requirements
  • WhatsApp message content — not stored permanently beyond the current session
  • Conversation context — deleted after 10 minutes of inactivity
  • Deleted account data — soft deleted immediately on request, permanently deleted 30 days after the deletion request

When you request account deletion your data is immediately made inaccessible and permanently deleted 30 days later. You can cancel the deletion within that 30-day window.

10. Data Security

We take the security of your data seriously. We implement the following measures:

  • All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt — we cannot see your password
  • JWT tokens expire after 15 minutes and require refresh
  • Database access is restricted to authorised systems only
  • Regular security reviews of our infrastructure

No method of electronic storage or transmission is 100% secure. While we use commercially reasonable means to protect your data we cannot guarantee absolute security.

11. Your Rights Under NDPR and GDPR

You have the following rights regarding your personal data:

Right to access — You can request a copy of all personal data we hold about you.

Right to rectification — You can correct inaccurate personal data through your account settings or by contacting us.

Right to erasure — You can request deletion of your account and all associated data. We process deletion requests within 30 days.

Right to data portability — You can export all your business data in CSV and PDF format from your dashboard at any time.

Right to restrict processing — You can request that we limit how we use your data in certain circumstances.

Right to object — You can object to certain types of processing including direct marketing.

Right to withdraw consent — Where processing is based on consent you can withdraw it at any time.

To exercise any of these rights contact us at privacy@vendwave.app. We will respond within 30 days.

12. Analytics and Cookies

VendWave uses Google Analytics 4 to understand how visitors use our website and dashboard. This helps us improve the product and fix issues faster. Google Analytics collects information such as pages visited, time spent on pages, the country you are visiting from, and the device and browser you are using.

Google Analytics uses cookies — small text files stored in your browser — to distinguish visitors and track usage over time. We use Google Analytics in consent mode, which means no analytics cookies are set until you explicitly accept them. If you decline, we collect no personally identifiable analytics data about your visit.

When you first visit VendWave you will see a cookie consent banner. You can accept or decline analytics tracking with a single click. Your preference is remembered for future visits. You can change your preference at any time by clearing your browser's local storage for vendwave.app.

Data collected by Google Analytics is processed by Google in accordance with their privacy policy. You can learn more about how Google uses this data at: g.co/policies/privacy/partners. You can also opt out of Google Analytics across all websites using the Google Analytics opt-out browser add-on at: tools.google.com/dlpage/gaoptout.

VendWave does not use any other third-party analytics, advertising cookies, or tracking pixels. We do not sell your data to advertisers or use it for targeted advertising.

13. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use advertising cookies or tracking cookies.

Cookies we use:

  • Session cookie — keeps you authenticated during your session
  • Refresh token cookie — httpOnly, allows you to stay logged in securely
  • Theme preference — stores your light or dark mode preference

You can disable cookies in your browser settings but this will prevent you from using the authenticated parts of VendWave.

14. Children's Privacy

VendWave is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor please contact us immediately at privacy@vendwave.app.

15. International Data Transfers

Your data is primarily stored on servers located in the European Union and United States through our hosting providers. When data is transferred internationally we ensure appropriate safeguards are in place including standard contractual clauses where required.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via:

  • A WhatsApp message to your registered number
  • An email to your registered address
  • A prominent notice in the portal

The date at the top of this page shows when the policy was last updated. Continued use of VendWave after changes are posted constitutes acceptance of the updated policy.

17. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@vendwave.app
Website: vendwave.app

For NDPR-related complaints you may also contact the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

We use analytics to improve VendWave. Privacy policy