Privacy Policy

• Account data: name, email address, job title, password (hashed with bcrypt cost 12, never stored in plain text).
• Company data: company name, country, registration number, business categories (UNSPSC codes), logo.
• Usage data: pages visited, features used, request and bid activity, timestamps of actions.
• Communications: messages sent through the platform, notification preferences.
• Technical data: IP address, browser type, device identifiers, cookies (see Cookie Policy).

• To deliver and operate the VEXORS platform and its features.
• To process payments via Stripe (we do not store card details; Stripe is PCI DSS compliant).
• To send service notifications, product updates, and support communications.
• To detect fraud, enforce our Terms of Service, and protect the security of the platform.
• To improve our services through aggregated, anonymised analytics.

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion (right to erasure): request that we delete your personal data. Submit via account settings or by emailing privacy@vexors.com. We will act within 30 days.
• Portability: export your data in machine-readable format via account settings (JSON format).
• Objection: object to certain processing activities, including marketing communications. To stop receiving marketing emails, click the unsubscribe link in any email we send, or email privacy@vexors.com.
• Restriction: request that we temporarily restrict processing of your data while a dispute is being resolved.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Supervisory authority complaint: if you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

To exercise any right, email privacy@vexors.com. We will respond within 30 days.

• Explore (free) tier: activity log retained for 30 days. Account data retained for 90 days after account closure.
• Grow tier: activity log retained for 1 year. Account data retained for 1 year after account closure.
• Scale tier: configurable retention by agreement. A Data Processing Agreement (DPA) is available; contact us to request one.

We use the following third-party processors. Each has been reviewed for compliance with applicable data protection laws:

• Amazon Web Services (AWS): cloud infrastructure, storage, email delivery (SES). AWS is ISO 27001 certified and SOC 2 compliant.
• Stripe: payment processing. Stripe is PCI DSS Level 1 certified. We do not store card details.
• Anthropic: AI bid evaluation and scoring. Data processed is anonymised bid content; no personal identifiers are sent to Anthropic.
• Sentry: error monitoring. Personal identifiers are scrubbed before transmission to Sentry.

VEXORS FZC is incorporated in the United Arab Emirates (registered with Sharjah Publishing City - Free Zone Authority, trade license No. 4421914.01) and our primary servers are located in the United States (AWS us-east-1). Transfers of personal data from the European Economic Area (EEA) to the United States are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission.

EU region hosting (eu-west-1) is planned for Phase 6 of our infrastructure roadmap, triggered when EU-registered companies exceed 500 or when a contractual data residency requirement is agreed with an enterprise customer.

VEXORS FZC is subject to the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL) and, where applicable, the DIFC Data Protection Law No. 5 of 2020. We are actively conducting a legal review of our obligations under these frameworks. Data subject rights listed in Section 3 above apply to UAE residents.

The VEXORS platform is intended for use by business entities and individuals who are at least 18 years old. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we may have collected data from a minor, please contact us at privacy@vexors.com.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to the registered account owner and by notice on the platform before the changes take effect. The “Last Updated” date at the top of this page indicates when the policy was last revised. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.