Privacy Policy

Last Updated: June 17, 2024

1. Introduction

This Privacy Policy relates to the data that Vendrix, Inc. (the “Company”) receives and collects through its web site at and other sites owned and operated by Company that refer to this Privacy Policy, and through all related technologies, software, and services provided by Company, including its apps and its hosted products and services (collectively, the “Services”). In this Privacy Policy, "we", "our", and "us" refers to Vendrix Inc. and "you" refers to the natural person visiting our website or using the Services provided by Vendrix. "Personal Data" means data that identifies or could reasonably be used to identify you; other capitalized terms used in this Privacy Policy have the meaning provided below in Section 8. This Privacy Policy describes Vendrix’s use of Personal Data that you provide to us. If you have any questions, please contact us.

This Policy covers both any public-facing website operated by Company (collectively, the “Public Site”) as well as Services provided only to registered users. As noted below, certain parts of the Privacy Policy apply only to the Public Site, and certain parts apply only to the Services.

2. Notice of Information Collected and Use

We will inform you when we need information that personally identifies you (personal information) or allows us to contact you or provide you with the Services. Generally, this information is requested when you register for our Services or when you fill out our contact form on our Public Site.

Company may receive certain information about you from Customers during the implementation and provision of Services. For example, Customers may provide basic information, manually or through provision of our integration services, when they are setting up the Service for their use.

You may be able to log into our Services using single sign-on providers or single sign-on features of other products. These products will authenticate your identity and may share certain personal information with us such as your name and email address.

Company uses cookies and other technologies on our Public Site and as part of the Services for user session management and to provide a better user experience, including customization of content display. A cookie is text data that a website transfers to the individual's browser from a web server that is stored on the individual's computer hard drive. Cookies cannot be used by themselves to identify individuals.

We use various methods and technologies to store or collect usage information (“Tracking Technologies”). A few of the Tracking Technologies used with the Services, include, without limitation, cookies, web beacons, embedded scripts, browser fingerprinting, entity tags, UTM codes (i.e. a code that you can attach to a custom URL in order to track a source, medium, and campaign name), and recognition technologies that make assumptions about users and devices.

Analytics. We use third party analytics tools that help us understand how users engage with our Services. Like many services, these analytic tools use first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our Service. This information is, among other reasons, used to compile reports and to help us improve our Service. In most instances the reports disclose website trends without identifying individual visitors. Further, third-parties may use Tracking Technologies in connection with our Services, which may include the collection of information about your online activities over time and across third-party websites or online services as well as across your Devices. We do not control those Tracking Technologies and we are not responsible for them. However, you accept that you will encounter third-party Tracking Technologies in connection with use of our Services and accept that our statements under this Privacy Policy do not apply to the Tracking Technologies or practices of such third-parties. We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

Location-Based Information. In connection with use of our Services we may use location-based services in order to verify your location and, if we deem appropriate, deliver relevant content based on your location. We also share your location with third-parties (as set out below) as part of the location-based services we offer and for other commercial purposes. You can change the settings on your Device to prevent it from providing us with such information. This location data is collected in a form that personally identifies you and will be used by us, our Customers, and our partners and licensees to provide and improve the Services or for other commercial purposes. You should consider the risks involved in disclosing your location information and adjust your mobile and browser settings accordingly.

Information Collected and Stored – Text Messages. After you sign up for our Services (subject to your consent where required by applicable law), we may send you text messages as part of a two-part authentication process. We, our third-party service providers, and Customers use a variety of technologies that automatically (or passively) store or collect certain information whenever we send you a text message. This information will be stored or accessed using a variety of technologies that will be downloaded to your mobile device whenever you receive a text message.

California Do Not Track Disclosures. Various third-parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browsers do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

3. What We Do With the Information You Share

We will share your personal information only in the ways that are described in this Privacy Policy. We will use Personal Data and Usage Data to improve the usability of our website and the Services, and to offer other Services we believe may be of interest to you. We may improve usability of the website and the Services by analyzing how you interact with our website and the Services (such as analyzing how you use tools made available to you or which links you click).

We will use your information to provide the Services, and we may provide information to companies that assist us in providing Services, such as a hosting provider or a customer service provider. These companies are authorized to use your information only as necessary to provide these Services and to assist with supporting our users. We may share your information in response to subpoenas, court orders, and other legal processes or governmental requests, or to establish or exercise our legal rights or defend against legal claims. Company may share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, protecting and defending the rights or property of Company, its Services and its users, violations of our Terms, or as otherwise required by law.

4. Access and Consent

Upon request, we will grant you reasonable access to personal information about you and was collected on the Public Site or in conjunction with the Services. We will take reasonable steps to permit individuals to correct, amend, or delete information about them that is shown to be inaccurate or incomplete.

In addition, we allow users to modify the level of communications that you receive related to our Services. You may contact our Support Team through our support portal to obtain current information about how to modify the types of information that you receive from us.

Your use of the Services or the website constitutes your consent to the uses of Personal Data described in this Privacy Policy. If you wish to revoke your consent, please do not visit our website and delete any cookies you may have on your devices and cease all use of the Services. Employee Personal Data provided by a Company or its Employees will be maintained by Vendrix consistent with our practices and as required by law or the agreements we maintain with third-party service providers. When using certain products or services, the Company will need to formally close its Vendrix Account and satisfy any outstanding obligations owed to us before an Employee can fully revoke consent to our use of Personal Data. Vendrix, its affiliates, and its service providers may retain Personal Data to comply with governmental reporting obligations and other legal or regulatory requirements.

5. International Use and Data Transfers

We will not disclose any personally identifiable information to a third party who is not a Company contractor or agent (“Agent”) except as outlined above.

Our Services are operated from and directed toward Companies in the United States, for exclusive use by Employees. Any Personal Data we collect may be transferred to, processed, used, handled, and stored in the United States or other countries through our service providers. Personal Data protection laws in the United States may differ from those of the country you are located in and your Personal Data may be subject to government requests or subpoenas, court orders, or law enforcement according to United States law.

Principally, your any personally identifiable information is forwarded to other controllers only if required for the fulfillment of a contractual obligation, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

By using the Services or visiting our website, you are consenting to the transfer, processing, use of, handling, and storage of Personal Data in the United States and as described in this Privacy Policy and in other agreements between Vendrix and you.

6. Security

Company takes reasonable technical, administrative and physical measures to protect the security of your personal information from unauthorized use, disclosure and alteration. When you place orders or access your personal account information, you're utilizing a secure connection via SSL, which encrypts your personal information before it's sent over the Internet.

Company provides information and training to all employees who have access to personally identifiable data maintained by Company, and Company employees are responsible for the internal security of such information. Company takes all reasonable measures to ensure that such information is reliable for its intended use, and is accurate, complete and current. Inside the Company, data is stored in password-controlled servers with limited access. You also have a significant role in protecting your information. No one can see or edit your personal information without knowing your user name and password, so do not share these with others.

7. Children's Privacy

Company does not knowingly collect or maintain information acquired through our site from persons under 18 years of age (the “Approved Age”), and no part of the site or services is directed to persons under the Approved Age. Any user under the Approved Age should not use or access our site at any time or in any manner. If we learn that personally identifiable information of persons less than the Approved Age has been collected from our site without verified parental consent, we will take the appropriate steps to delete this information.

8. Dispute Resolution

Any questions or concerns regarding the use or disclosure of personal information should be directed to Company pursuant to the contact information below. Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

All disputes arising out of or related to the Agreement shall be finally settled under the Rules of Arbitration of the International Chamber of Commerce by one arbitrator appointed in accordance with such rules. The place of arbitration shall be Birmingham, Alabama, USA. The arbitration shall be conducted in English. The arbitrator shall award to the prevailing party, if any, as determined by the arbitrators, its reasonable attorneys’ fees and costs, including the costs of the arbitration. Judgment on any arbitral award may be entered in any court having jurisdiction.

The parties shall keep confidential: (i) the fact that any arbitration occurred; (ii) any awards awarded in the arbitration; (iii) all materials used, or created for use in the arbitration; and (iv) all other documents produced by another party in the arbitration and not otherwise in the public domain, except, with respect to each of the foregoing, to the extent that disclosure may be legally required (including to protect or pursue a legal right) or necessary to enforce or challenge an arbitration award before a court or other judicial authority.

9. In the Event of Merger, Sale, or Bankruptcy

In the event that all or part of Company is acquired by or merged with a third party entity, Company may transfer or assign the personally identifiable information held by Company as part of such merger, acquisition, or other change of control. In the unlikely event of Company's bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights generally, Company may not be able to control how personal information is treated, transferred, or used.

10. Changes to this Privacy Policy

We may change this Privacy Policy periodically, as reflected by the "last updated" date below. Please revisit this page to stay aware of any changes.

11. Contact Information

If you have any questions about how Vendrix uses Personal Data or Usage Data, please contact us. If you prefer physical mail you can reach us at Vendrix Inc, 1500 1st Ave N, Birmingham AL, 35203.

12. Defined Terms

Capitalized terms used in this Privacy Policy are defined as follows:

  • Vendrix Account means the corporate account maintained by the Company to use Services and manage Cards.
  • Cards means physical or virtual payment cards issued by a bank issuer and managed through your Vendrix Account.
  • Company means a company that applies for the Services, opens a Vendrix Account, and that authorizes Users to access and use Services.
  • De-Identified Data means data derived from Personal Data that has been anonymized or aggregated with other data and that can no longer be used to identify a specific individual.
  • Employees means the employees, contractors, and agents of a Company.
  • Services means the expense and corporate card management services, Cards and other services provided through your Vendrix Account.
  • Third-Party Data means data provided by financial services providers, identity verification services, data aggregators, or other Third-Party Service Providers.
  • Third-Party Services means services provided by Third-Party Service Providers.
  • Third-Party Service Provider means an affiliate or other third party that assists us in providing the Services to you, that supports our internal operations, or that provides other services related or connected to, or provided through the Services and a Vendrix Account.
  • Usage Data means information we collect when you visit our website and use the Services, and may contain Personal Data.