Data Privacy FAQ​

At Vendia, customer trust is our top priority. Maintaining customer trust is an ongoing commitment. We strive to inform you of the privacy and data security policies, practices, and technologies we’ve put in place with respect to the Vendia services. Our commitments include:

• Access: As a customer, you maintain full control of your content that you upload to Vendia services under your Vendia account, and responsibility for configuring access to Vendia services and resources. We provide a set of access, permissions, and logging features to help you do this effectively. We provide APIs for you to configure access control permissions for any of the services you develop or deploy using Vendia. We do not access or use your content for any purpose without your agreement. We never use your content or derive information from it for marketing or advertising purposes.
• Storage: You choose the cloud service providers (CSP) region(s) in which your content is stored. You can replicate and back up your content in more than one CSP Region. When multiple parties are sharing data in the same universal application, Vendia may move or replicate your content outside of your chosen CSP region(s) depending on permissions. As a customer you control permissions over which of your content is shared and can be moved or replicated to other locations. Only the content you allow will be moved or replicated. All other content will not be moved or replicated without your agreement, except as necessary to comply with the law or a binding order of a governmental body.
• Security: We protect the security of your information during transmission to or from Vendia services by using encryption protocols and software. All data stored on Vendia services are encrypted at rest. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information.
• Disclosure of customer content: We will not disclose customer content unless we're required to do so to comply with the law or a binding order of a government body. If a governmental body sends Vendia a demand for customer content, we will attempt to redirect the governmental body to request that data directly from the customer. If compelled to disclose customer content to a government body, we will give customers reasonable notice of the demand to allow the customer to seek a protective order or other appropriate remedy unless Vendia is legally prohibited from doing so.
• Security Assurance: We maintain compliance programs that validate our security controls, such as SOC2. We follow the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data. These security protections and control processes are independently validated by third-party independent assessments.

How does Vendia classify customer information?

Vendia classifies customer information into two categories: customer content _and _account information.

We define customer content as data, text, audio, video, or images that a customer or any end user transfers to us for processing, storage, or hosting by Vendia services in connection with that customer's account, and any computational results that a customer or any end user derives from the foregoing through their use of Vendia services. Customer content does not include account information, which we describe below. The terms of the Vendia Service Agreement available at www.vendia.com/services-agreement apply to your use of the Vendia services and your customer content.

We define account information as information about a customer that a customer provides to us in connection with the creation or administration of a customer account. For example, account information includes names, usernames, phone numbers, email addresses, and billing information associated with a customer account. The information practices described in the **Vendia Privacy Notice **available at www.vendia.com/privacy apply to account information.

Who owns customer content?

As a customer, you maintain ownership of your content, and you select which Vendia services can process, store, and host your content. We do not access or use your content for any purpose without your agreement. We never use customer content or derive information from it for marketing or advertising.

Who controls customer content?

As a customer, you control your content.

• You determine where your content will be stored and the geographic region of that storage. Depending on how you establish permissions for your content, Vendia may move or replicate your content with other parties (nodes) within your universal application.
• You manage access to your content, and access to Vendia services and resources through users, roles, permissions, and credentials that you control.

Where is customer content stored?

Vendia gives you the flexibility of choosing how and where you want to run your applications, and when you do you are using the same network, control plane, API’s, and Vendia services. If you would like to run your applications globally you can choose from any supported cloud service providers (CSP) regions. As a customer, you choose the CSP region(s) in which your customer content is stored, allowing you to deploy Vendia services in the location(s) of your choice, in accordance with your specific geographic requirements. You can replicate and back up your content in more than one CSP Region. When multiple parties are sharing data in the same universal application, Vendia may move or replicate your content outside of your chosen CSP region(s) depending on permissions. As a customer you control the permissions over which of your content is shared and can be moved or replicated to other locations. Vendia will not share, move or replicate your content without your permission, except as necessary to comply with the law or a binding order of a governmental body.