Compliance Policy
Last updated: 2026
Policies
Compliance Policy
Last updated: 2026
1. COMMITMENT TO REGULATORY COMPLIANCE
Vendoram is deeply committed to maintaining the highest standards of regulatory compliance, ethical conduct, and corporate transparency. We recognize that our platform handles sensitive supplier intelligence, procurement data, and operational metrics. Therefore, we have implemented a comprehensive compliance framework designed to ensure that our operations, data handling practices, and platform architecture strictly adhere to applicable local, national, and international laws. This commitment extends across all facets of our business, from software engineering to client onboarding and data sourcing.
2. GLOBAL DATA PROTECTION AND PRIVACY FRAMEWORKS
We operate in strict alignment with major global data protection regulations to safeguard the rights and privacy of our users and the entities they verify. - GDPR (General Data Protection Regulation): For users and data subjects within the European Economic Area (EEA), Vendoram acts in accordance with GDPR principles, providing robust mechanisms for data access, rectification, erasure, and portability, while ensuring lawful bases for data processing. - CCPA (California Consumer Privacy Act): We comply with the CCPA by offering Californian residents transparency regarding data collection practices and honoring requests to opt-out of the sale of personal information (noting that Vendoram does not sell personal data). - We continually monitor legislative developments in emerging privacy frameworks worldwide to ensure our platform remains compliant and our clients remain protected.
3. TRADE COMPLIANCE, SANCTIONS, AND EXPORT CONTROLS
Vendoram's services respect and strictly adhere to international trade laws, economic sanctions, and export control regulations enforced by governing bodies worldwide. - Sanctions Screening: We actively cross-reference our internal operations against consolidated sanctions lists, including those maintained by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the European Union, the United Nations, and the UK's HM Treasury. - Restricted Entities: Vendoram categorically refuses to process vendor verification requests, provide analytical reports, or offer services to individuals, corporations, or entities residing in comprehensively sanctioned jurisdictions or those explicitly listed on denied parties lists. We reserve the right to terminate accounts immediately upon discovering a sanctions violation.
4. DATA LOCALIZATION AND SOVEREIGNTY
We understand that enterprise clients in heavily regulated industries (such as finance, healthcare, or government) may face strict data sovereignty and localization mandates. - Enterprise Options: For qualifying enterprise clients, Vendoram offers customized data localization architectures, allowing operational data and intelligence reports to be hosted and processed entirely within specific geographical regions (e.g., EU-only servers, US-only environments) to satisfy national compliance requirements.
5. ANTI-MONEY LAUNDERING (AML) AND KNOW YOUR CUSTOMER (KYC)
To prevent the misuse of our platform for illicit financial activities, Vendoram implements stringent onboarding and monitoring procedures. - KYC Procedures: All enterprise accounts and high-volume API users must undergo rigorous Know Your Customer (KYC) verifications. This involves submitting valid corporate registration documents, identifying ultimate beneficial owners (UBOs), and verifying the legitimacy of the business entity. - AML Monitoring: We deploy automated systems to monitor platform usage patterns for anomalies or activities that may indicate money laundering, terrorist financing, or other financial crimes. We fully cooperate with law enforcement agencies and financial intelligence units pursuant to lawful requests and subpoenas.
6. ETHICAL DATA SOURCING AND SUPPLIER INTELLIGENCE
The integrity of Vendoram's analytical reports relies heavily on the quality and ethical sourcing of our data. - Sourcing Practices: We aggregate supplier intelligence exclusively from publicly available government registries, licensed commercial data providers, authorized corporate disclosures, and our proprietary, ethically managed intelligence networks. - Prohibition of Illicit Data: Vendoram strictly prohibits the ingestion, processing, or dissemination of data obtained through illegal hacking, unauthorized data breaches, corporate espionage, or violations of third-party terms of service.
7. AUDIT RIGHTS AND TRANSPARENCY
We believe that trust is built on transparency and verifiable security practices. - Client Audits: Enterprise clients holding valid agreements have the right to request comprehensive compliance documentation, security architecture overviews, and summaries of our annual third-party penetration tests and SOC 2 audits. - Regulatory Audits: Vendoram maintains organized, auditable records of data processing activities and platform operations to facilitate rapid and transparent responses to inquiries from regulatory bodies or data protection authorities.
8. COMPLIANCE INQUIRIES
For any questions regarding our compliance posture, to request security documentation, or to report a potential compliance violation, please contact our Chief Compliance Officer at legal@vendoram.com.