Privacy Policy

VendOS (“VendOS,” “we,” “our,” or “us”) operates an automated retail vending service across Southern California, including age-verified vending machines that accept QR code, cash, and credit card payments. This Privacy Policy describes the categories of information we collect, how we use that information, and the choices available to operators, end customers, and visitors of vendos.pro.

1. Information We Collect

We collect information from three groups of users: operators (the businesses that host VendOS machines), end customers (individuals purchasing products from a VendOS machine), and visitors of vendos.pro.

Information you provide to us

• Operator account information — business name, contact name, email address, phone number, location address, billing information, and any details you submit through our contact or onboarding forms.
• Age verification data — when an end customer purchases an age-restricted product, our machines temporarily process government-issued identification through certified ID-scanning technology to confirm the customer meets the legal minimum age. We retain only the data required by applicable law (typically a record of pass/fail, a timestamp, and the truncated transaction reference); we do not store full ID images on the machine after verification.
• Payment information — when payment is initiated, our PCI-compliant payment processors handle card and QR-pay credentials. VendOS receives only tokenized references and the information required to reconcile transactions (amount, time, machine ID, last four digits).

Information collected automatically

• Machine telemetry — inventory counts, machine health, error codes, transaction volume, and uptime data, used to maintain service quality.
• Website analytics — IP address, browser type, device, referring URL, and pages visited on vendos.pro, collected via standard server logs and limited analytics cookies.

2. How We Use Information

We use information to:

• Operate, install, restock, and maintain VendOS vending machines.
• Verify the age of end customers purchasing nicotine products and comply with state and federal law.
• Process payments and remit revenue to operators on agreed-upon schedules.
• Communicate with operators about installations, service visits, billing, and product updates.
• Detect and prevent fraud, abuse, and security incidents.
• Improve the VendOS service, including hardware reliability and customer experience.

3. How We Share Information

We do not sell personal information. We share information only as described below.

• Service providers — payment processors, ID verification vendors, cloud infrastructure providers, and logistics partners that perform services on our behalf, under contracts that require confidentiality and limit use to providing the contracted service.
• Operators — we share aggregate, de-identified sales and inventory reports with operators for the machines installed at their locations. We do not share end-customer identification details or images with operators.
• Legal and regulatory — we may disclose information when required by law, subpoena, court order, or to comply with state regulators that audit age-verification and tobacco-licensing compliance.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections.

4. Data Retention

We retain operator account information for the duration of the operator relationship plus a reasonable period thereafter for legal, tax, and audit purposes. Age-verification audit records are retained only for the period required by applicable law. Tokenized payment references are retained for the period required for chargeback, reconciliation, and tax purposes.

5. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, or loss. This includes encryption of data in transit, restricted access controls, hardware tamper protection on our machines, and regular security review. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Your Choices and Rights

Depending on your state of residence, you may have the right to request access to, correction of, or deletion of personal information we hold about you. California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of certain disclosures. To exercise these rights, contact us at privacy@vendos.pro. We will verify your request and respond within the time required by applicable law.

7. Cookies

We use a small number of essential and analytics cookies on vendos.pro. You can control cookies through your browser settings. Disabling cookies may affect site functionality.

8. Children

VendOS services are intended for adults of legal purchasing age and for business operators. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated to operators directly.

10. Contact Us

Questions or requests about this Privacy Policy can be sent to privacy@vendos.pro or by mail to VendOS, Attn: Privacy, Southern California, USA.