Privacy Policy
Effective Date: March 3, 2026 ยท Last Updated: March 3, 2026
This Privacy Policy describes how Villanueva Ventures LLC ("Company," "we," "us") collects, uses, and protects information when you use Vexlink (the "Platform"). By using the Platform, you consent to the practices described herein.
1. Information We Collect
1.1 Information You Provide
| Data Type | When Collected | Purpose |
|---|---|---|
| Email address | Account registration, purchasing | Authentication, transactional emails, support |
| Display name & bio | Seller profile creation | Public seller profile |
| Password (hashed) | Account registration | Authentication only โ stored via Supabase Auth |
| Listing content | Creating a Setup listing | Display on marketplace |
| Profile picture | Optional upload | Display on seller profile |
1.2 Information Collected Automatically
- API usage data: API calls, credit consumption, endpoint activity
- Transaction data: Purchase history, payment amounts, download tokens
- Technical data: IP address, browser type, operating system (via standard server logs)
1.3 Information We Do NOT Collect
- Credit card numbers (processed entirely by Stripe)
- Social Security numbers or government IDs
- Tracking cookies or advertising pixels
- Biometric data
2. How We Use Your Information
- To create and manage your account
- To process purchases and deliver Setups
- To send transactional emails (purchase confirmations, download links, payout notices)
- To display public seller profiles and listings
- To operate, maintain, and improve the Platform
- To detect and prevent fraud, abuse, and Terms violations
- To respond to support requests
- To comply with legal obligations
We do not use your information for advertising, marketing to third parties, or behavioral profiling.
3. Information Sharing
We do not sell, rent, or trade your personal information. We share information only in these circumstances:
- Stripe: Payment processing. Stripe receives your email and payment details to process transactions. See Stripe's Privacy Policy.
- Supabase: Database and authentication hosting. Data is stored securely in Supabase's infrastructure (AWS us-west-2). See Supabase's Privacy Policy.
- Legal requirements: If required by law, subpoena, court order, or regulatory demand.
- Safety: If necessary to protect the rights, safety, or property of the Company, our users, or the public.
- Business transfer: In the event of a merger, acquisition, or sale of Company assets, user data may be transferred to the acquiring entity.
4. Data Security
- All data transmitted to and from the Platform is encrypted via HTTPS/TLS
- Passwords are hashed using industry-standard algorithms (bcrypt via Supabase Auth)
- API keys are generated with cryptographically secure random bytes
- Database access is restricted to authenticated server-side processes
- We conduct regular security reviews of our codebase and infrastructure
No system is 100% secure. We encourage you to use strong, unique passwords and enable any available security features on your account.
5. Cookies & Local Storage
Vexlink uses minimal cookies and local storage for Platform functionality only:
- Session token (sessionStorage): Used to maintain your login session. Cleared when browser is closed.
- Theme preference (localStorage): Stores your dark/light mode choice.
- Onboarding state (localStorage): Tracks whether you've completed the welcome tour.
We do not use analytics cookies, advertising cookies, or third-party tracking pixels.
6. Data Retention
- Account data: Retained as long as your account is active, plus 30 days after deletion request
- Transaction records: Retained for 7 years per financial recordkeeping requirements
- API logs: Retained for 90 days for debugging and abuse prevention
- Listing content: Retained while active; removed within 30 days of deletion
7. Your Rights
Depending on your jurisdiction (including California residents under CCPA), you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Receive your data in a structured, machine-readable format
- Opt-out: We do not sell personal information; no opt-out is necessary under CCPA's sale provisions
To exercise any of these rights, email support@vexlink.io. We will respond within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information we collect and how it is used
- The right to request deletion of your personal information
- The right to non-discrimination for exercising your privacy rights
- We do not sell personal information as defined under CCPA
9. Children's Privacy
Vexlink is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, contact support@vexlink.io.
10. International Users
Vexlink is operated from the United States. If you access the Platform from outside the US, your information will be transferred to and processed in the United States. By using the Platform, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision.
12. Contact
Villanueva Ventures LLC
Chula Vista, CA 91913
Email: support@vexlink.io
For privacy-specific inquiries, please include "Privacy" in the subject line.
ยฉ 2026 Villanueva Ventures LLC. Vexlinkโข is a trademark of Villanueva Ventures LLC. All rights reserved.