Privacy Policy

What we collect

When you use vendor.rip, we may collect:

• Usage data — pages visited, tools assessed, Rip Scores requested. Used to improve the product and understand demand signals.
• Account data — if you sign in via Google or email, we store your email address and display name to manage your session and dashboard.
• Assessment data — tools you assess, migration plans generated, and outcomes you report. This feeds the Rip Score intelligence layer (aggregated, never personally attributed in public data).
• GitHub preview requests — if you submit the GitHub integration form, your business email and organisation name are stored to manage the preview waitlist.

How we use it

• To provide the service and personalise your dashboard.
• To improve Rip Scores using aggregated, anonymised data.
• To contact you about your account or the preview programme (only if you signed up).
• We do not sell your data to third parties.
• We do not use your data for advertising.

Cookies

We use a single session cookie (VendorRipAuth) to keep you signed in. It is HttpOnly, Secure, and expires after 12 days of inactivity. No advertising or tracking cookies are set.

Data storage

Data is stored in Google Firebase (Firestore) in the us-central1 region. The service is hosted on Vercel (CDN edge nodes globally). Both providers are SOC 2 Type II certified.

Your rights

You can request deletion of your account and all associated data at any time by emailing privacy@vendor.rip. We will action deletion requests within 30 days. EU and UK users have additional rights under GDPR — contact us at the same address.

Changes

We may update this policy as the product evolves. Material changes will be announced via the product or email. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions? Email privacy@vendor.rip.