TrackMyVendor
Login Sign up free

Privacy Policy

Last updated: Feb 2026

This Privacy Policy describes how TrackMyVendor ("Service," "we," "us," or "our") collects, uses, stores, and shares information when you use our vendor compliance tracking platform. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Account Information

  • Name (first and last) and email address provided at registration.
  • Authentication credentials (password hash, or OAuth provider identifier if you sign in with Google).
  • Organization name and membership role (owner or member).

Billing Information

  • Subscription plan and status, trial dates, and cancellation dates.
  • Stripe customer and subscription identifiers. We do not store credit card numbers — all payment data is processed and stored by Stripe.

Vendor and Compliance Data

  • Vendor names and email addresses you add to the Service.
  • License information: license numbers, holder names, license types, states, expiration dates, and statuses — whether sourced from government databases or entered manually.
  • Uploaded documents: certificates of insurance (COI), W-9 forms, safety certificates, contracts, and other compliance documents (PDF, PNG, JPEG, GIF, up to 10 MB each).
  • AI-extracted insurance data: insured name, policy number, carrier, effective and expiration dates, coverage types, coverage limits, certificate holder, and description of operations — extracted automatically from uploaded COI documents.
  • Project names, vendor-project assignments, and per-project insurance minimum requirements.

Activity and Usage Data

  • Audit trail: timestamped logs of actions performed within your Organization (e.g., adding vendors, uploading documents, changing settings).
  • Notification records: which compliance alerts were sent, to whom, and when.
  • General usage data such as pages visited, features used, and session information.

Vendor Self-Service Data

  • When vendors use tokenized upload links, we collect the documents and license selections they submit. Vendors do not need to create an account, but their email address is stored as part of the upload request.

Government-Sourced Data

  • We download and store publicly available professional license records from government agencies (including Texas TDLR, Florida DBPR, and California CSLB). This data includes license holder names, license numbers, types, states, expiration dates, and statuses. This data is public record and is not collected from you.

2. How We Use Information

  • Provide the Service — display license data, calculate compliance scores, store and manage your documents, and facilitate vendor self-service uploads.
  • Automated alerts — send email notifications about expiring licenses, insurance, and documents based on your configured alert windows.
  • AI document processing — transmit uploaded insurance certificates to third-party AI services to extract policy data and populate fields automatically.
  • Billing — process subscriptions, manage trials, and handle payment events via Stripe.
  • Communications — send transactional emails including team invitations, vendor upload requests, compliance alerts, and account-related messages.
  • Improve the Service — analyze usage patterns to fix bugs, improve features, and maintain security.
  • Prevent abuse — detect and prevent unauthorized access, fraud, and violations of our Terms of Service.

3. Third-Party Services and Data Sharing

We share data with the following categories of third-party providers, solely as necessary to operate the Service:

Provider Purpose Data Shared
Stripe Payment processing Email, name, payment method, subscription details
Google (Gemini AI) Insurance certificate data extraction Uploaded COI document content
Google (OAuth) Social sign-in authentication Authentication token, email, name
Resend Transactional email delivery Recipient email addresses, email content

Each provider's use of your data is governed by their own privacy policies. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may also disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Retention

  • Active accounts — We retain your data for as long as your account is active and your subscription is in effect.
  • After cancellation — Upon account cancellation, we retain your data for up to 90 days to allow for reactivation, after which it will be scheduled for deletion.
  • Backups — Deleted data may persist in encrypted backups for up to an additional 30 days before being purged.
  • Legal obligations — We may retain certain data longer if required by law or necessary to resolve disputes or enforce our agreements.
  • Government-sourced license data — Publicly sourced license records are retained indefinitely as part of the Service's database and are not tied to any individual user account.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your personal data, subject to our retention obligations.
  • Export — Request an export of your data in a portable format.
  • Objection — Object to certain processing of your personal data.

To exercise any of these rights, email support@trackmyvendor.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Note that deleting your account will remove your Organization's vendor data, documents, and compliance history. This action cannot be undone after the retention period expires.

6. Data Security

We implement reasonable technical and organizational measures to protect your data, including encrypted connections (TLS), secure credential storage, and access controls. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies and Tracking

The Service uses essential cookies required for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use third-party advertising or tracking cookies.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact

For privacy inquiries, email support@trackmyvendor.com.