Vendrail

Privacy Policy

Effective: 2026-06-27 · v1.0

Note: This is a carefully prepared template. It is not a substitute for legal advice. Before public launch at scale, have a qualified attorney review it.

1. Data controller

The data controller for personal data collected through Vendrail is:

Egységmester Kft. (Egységmester Korlátolt Felelősségű Társaság)
Registered seat: 2330 Dunaharaszti, Gyóni Géza köz 8, Hungary
E-mail: hello@practicalapps.studio

2. What data we collect

  • Account data: name, e-mail address, and password hash when you create an account.
  • Store data: WooCommerce store URLs and product URLs you submit for checkout monitoring. This includes store-owner ("vendor") contact details and any lead/subscriber e-mail addresses you upload or that are collected through your store's public status page.
  • Check data: screenshots, step verdicts, and technical metadata captured during automated checkout runs. Screenshots may incidentally contain customer-visible personal data from the monitored store; we treat this data as confidential service output and do not use it for any purpose other than delivering the monitoring result to you.
  • Billing data: subscription plan and payment status. Full card details are processed by our payment processor (Stripe) and are not stored by us.
  • Usage data: log entries, IP addresses, browser type, and pages visited, used for security and service improvement.

3. How we use your data

  • Delivering the checkout monitoring service you have subscribed to.
  • Sending alerts and reports about checkout failures on your store.
  • Processing subscription payments and managing your account.
  • Improving the reliability and accuracy of our automated checks.
  • Complying with legal obligations.

4. Legal bases (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): processing required to deliver the service you signed up for.
  • Legitimate interest (Art. 6(1)(f)): security monitoring and fraud prevention.
  • Legal obligation (Art. 6(1)(c)): accounting and tax records.
  • Consent (Art. 6(1)(a)): marketing e-mails and non-essential cookies, where we ask for your consent separately.

5. Data retention

Account and check data are retained for as long as your account is active and for up to 2 years after account deletion, unless a longer retention period is required by law. Billing records are kept for 8 years as required by Hungarian accounting law.

6. Data sharing and processors

We do not sell your personal data. We share data only with the following sub-processors under appropriate data-processing agreements:

  • Stripe, Inc. and Stripe Payments Europe, Ltd.: payment processing and subscription management; Stripe acts as Merchant of Record (calculates, collects, and remits VAT/GST). Data transferred under Standard Contractual Clauses. See stripe.com/privacy.
  • Hostinger International Ltd. (Lithuania, EEA): server, application, and PostgreSQL database hosting (VPS infrastructure), under a data-processing agreement.
  • Resend, Inc. (USA): delivery of alert notifications and check-result e-mails to you and your store's subscribers, under a data-processing agreement and Standard Contractual Clauses.
  • Playwright / Chromium (headless browser, operated by us on Hostinger): the automated checkout-monitoring engine that opens the store and product URLs you submit, runs a synthetic checkout (stopping before any real payment), and captures screenshot evidence. It only visits the URLs you authorise for monitoring.
  • Umami Analytics (self-hosted by us on Hostinger): cookie-less, aggregated, privacy-oriented usage analytics. Loaded only after you grant analytics consent in the cookie banner (consent basis, Art. 6(1)(a)). See our Cookie Policy.
  • GlitchTip (self-hosted by us on Hostinger): application error and crash monitoring (Sentry-compatible). May process technical context such as IP address, URL, and stack traces to diagnose faults.
  • Law enforcement: when required by a valid legal order.

We do not currently use any third-party large-language-model (LLM) or AI sub-processor. If we introduce one, we will name it in this Policy before doing so.

7. International transfers

If your data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

8. Your rights

Under the GDPR you have the following rights:

  • Access (Art. 15): obtain a copy of the personal data we hold about you.
  • Rectification (Art. 16): correct inaccurate or incomplete data.
  • Erasure (Art. 17): request deletion of your data where there is no lawful reason to continue processing.
  • Restriction (Art. 18): ask us to pause processing in certain circumstances.
  • Data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Object (Art. 21): object to processing based on legitimate interest at any time.
  • Withdraw consent (Art. 7(3)): where processing is based on consent, withdraw it at any time without affecting prior processing.

We will respond to your request within 30 days (extendable by a further 60 days for complex requests, with notice). Exercise these rights by e-mailing hello@practicalapps.studio. You also have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH, www.naih.hu).

9. Cookies

We use essential session cookies required to operate the service and, with your consent, analytics cookies to improve the product. See our Cookie Policy for details.

10. Changes to this policy

We may update this policy. Material changes will be notified by e-mail or in-app notice at least 14 days before taking effect.

11. Contact

Questions about this policy: hello@practicalapps.studio