Privacy Policy

Introduction

Elevantiq GmbH, trading as Vendure ("Vendure", "we", "us") is committed to protecting your personal data and privacy. This Privacy Policy describes how we collect, use, and protect your personal information when you interact with our website and use our online forms.

Data Controller

Elevantiq GmbH, trading as Vendure Registered office: Rennfeld 15, 6370 Kitzbühel, Austria Office: Stiftgasse 15–17/1/3, 1070 Vienna, Austria Email: contact@vendure.io

Types of Data Collected

We collect personal data when you submit information via forms on our website, including but not limited to:

• Name
• Email address
• Company name
• Content of your message/inquiry

Purpose and Legal Basis for Data Processing

We process your data to respond to inquiries, provide support, or handle business requests. The legal basis for processing your data is your explicit consent (Article 6(1)(a) GDPR) when submitting the form.

Data Sharing and Third Parties

Your personal data may be shared with third-party providers for the purposes described below:

• Twenty: To manage customer relationships, inquiries, and related communications. Twenty Privacy Policy: https://twenty.com/privacy-policy
• Loops: To send transactional emails and marketing communications. Loops Privacy Policy: https://loops.so/privacy
• WorkOS: To provide single sign-on (SSO) and identity management for our portals. WorkOS Privacy Policy: https://workos.com/privacy
• Google Workspace: For email communication, document management, and collaboration. Google Privacy Policy: https://policies.google.com/privacy
• Vercel: To host our websites and portals. Vercel Privacy Policy: https://vercel.com/legal/privacy-policy
• Northflank: To host our application infrastructure and APIs. Northflank Privacy Policy: https://northflank.com/legal/privacy
• Sentry: For application error monitoring and diagnostics. Sentry Privacy Policy: https://sentry.io/legal/privacy/
• Dealfront (Leadfeeder): To identify the companies visiting our website (not individuals) so we can understand interest in our products and improve our outreach. This service is only active after you consent to marketing cookies (see "Cookies and Visitor Identification" below). Dealfront Privacy Policy: https://www.dealfront.com/privacy/

These service providers are contractually bound to protect your data according to GDPR standards.

Cookies and Visitor Identification

Our website uses privacy-friendly, cookieless analytics (Plausible) that do not track individuals and require no consent.

With your consent, we also use Dealfront (Leadfeeder) to identify the organisations that visit our website. This tool sets a first-party cookie (_lfa) in your browser and uses your IP address to determine the company a visit is associated with. It is used for B2B company identification — it does not identify you as an individual and is not used for advertising.

The legal basis for this processing is your consent (Article 6(1)(a) GDPR). When you first visit the site we ask for your consent via a cookie banner:

• If you decline, the Dealfront tracker is never loaded and no _lfa cookie is set.
• If you accept, the tracker loads and the _lfa cookie is stored.

You can review or withdraw your consent at any time using the "Cookie settings" link in the website footer. Withdrawing consent stops the tracker from loading on subsequent visits.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes stated above or to comply with legal obligations.

Data Subject Rights

You have the right to:

• Access your data
• Request correction or deletion of your data
• Object to or restrict processing of your data
• Withdraw consent at any time
• Request data portability

Please contact us at contact@vendure.io to exercise any of these rights.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Complaints and Supervisory Authority

You have the right to file a complaint with the supervisory authority if you believe your data protection rights have been violated:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna, Austria
https://www.dsb.gv.at

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: 11/06/2026