سياسة الخصوصية

• Account data: name, email address, job title, password (hashed and salted, never stored in plain text).
• Company data: company name, country, registration number, business categories (UNSPSC codes), logo.
• Usage data: pages visited, features used, request and bid activity, timestamps of actions.
• Communications: messages sent through the platform, notification preferences.
• Technical data: IP address, browser type, device identifiers, cookies (see the Cookies section below).

• To deliver and operate the VEXORS platform and its features.
• To process payments via Stripe (we do not store card details; Stripe is PCI DSS compliant).
• To send service notifications, product updates, and support communications.
• To detect fraud, enforce our Terms of Service, and protect the security of the platform.
• To improve our services through aggregated, anonymised analytics.

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion (right to erasure): request that we delete your personal data by emailing privacy@vexors.com. We act within 30 days, except for records we must retain for other parties (such as requests, bids, awards, and ratings shared with companies you have dealt with) or to meet legal obligations, which we retain or anonymise.
• Portability: request a copy of your personal data in a machine-readable format by emailing privacy@vexors.com.
• Objection: object to certain processing activities, including marketing communications. To stop receiving marketing emails, click the unsubscribe link in any email we send, or email privacy@vexors.com.
• Restriction: request that we temporarily restrict processing of your data while a dispute is being resolved.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Supervisory authority complaint: if you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

To exercise any right, email privacy@vexors.com. We will respond within 30 days.

• Explore (free) tier: activity log retained for 30 days. Account data retained for 90 days after account closure.
• Grow tier: activity log retained for 1 year. Account data retained for 1 year after account closure.
• Scale tier: configurable retention by agreement. A Data Processing Agreement (DPA) is available; contact us to request one.

We use the following third-party processors. Each has been reviewed for compliance with applicable data protection laws:

• Amazon Web Services (AWS): cloud hosting, storage, and email delivery. AWS maintains ISO 27001 and SOC 2 certifications.
• MongoDB Atlas: managed database hosting.
• Stripe: payment processing. Stripe is PCI DSS Level 1 certified. We do not store card details.
• Anthropic: AI bid evaluation and scoring.
• OpenAI: text embeddings for semantic supplier and catalog matching.

VEXORS FZC is incorporated in the United Arab Emirates. Personal data is hosted with Amazon Web Services and MongoDB Atlas. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to a country without an EU adequacy decision, those transfers are governed by Standard Contractual Clauses (SCCs).

VEXORS FZC is subject to the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL) and, where applicable, the DIFC Data Protection Law No. 5 of 2020. We are actively conducting a legal review of our obligations under these frameworks. Data subject rights listed in Section 3 above apply to UAE residents.

The VEXORS platform is intended for use by business entities and individuals who are at least 18 years old. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we may have collected data from a minor, please contact us at privacy@vexors.com.

Cookies are small text files placed on your device when you use the platform. We use only first-party cookies, in two categories:

• Strictly necessary (always active): session authentication, security (CSRF) protection, and your language preference. The platform cannot function without these.
• Functional (set with your consent): interface preferences such as light or dark theme, sidebar layout, and onboarding progress.

We do not use advertising, retargeting, or third-party analytics cookies, and we do not share cookie data with advertising networks. We also use your browser's local storage to hold interface preferences and reduce repeated requests; that data stays on your device and is not sent to us automatically.

You can accept or decline functional cookies at any time using the cookie controls shown on your first visit, and you can manage or delete cookies through your browser settings. Blocking strictly necessary cookies will prevent you from signing in.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to the registered account owner and by notice on the platform before the changes take effect. The “Last Updated” date at the top of this page indicates when the policy was last revised. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.