Legal · Privacy

Privacy Policy

How Fynext Labs Pty Ltd (ABN 25 696 584 175), the Australian company behind the Vendora Genie B2B eCommerce platform, collects, uses, stores, discloses, transfers and protects your personal information.

Effective DD / MM / YYYY
Last updated DD / MM / YYYY

This Privacy Policy (“Policy”) describes how Fynext Labs Pty Ltd (ABN 25 696 584 175), incorporated under the laws of Australia, providing its service via its product/platform called “Vendora Genie”, a B2B eCommerce platform (“Company”, “Platform”, “we”, “our”, “us”) collects, uses, processes, stores, discloses, transfers, and protects personal information of users who access or use our website, applications, merchant tools, e-commerce infrastructure services, payment integrations, logistics integrations, APIs, and related services (collectively, the “Services”).

Our platform enables businesses, merchants, sellers, creators, and brands (“Merchants”) to create digital storefronts, manage online sales, process payments, interact with customers, and use various business tools. We may also process information relating to customers who purchase goods/services from merchants through stores hosted on our platform (“Customers”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

01 Applicability

This Policy applies to:

This Policy applies where we act as:

(a) Data Controller / Business / Data Fiduciary

Where we determine how personal data is processed.

(b) Data Processor / Service Provider

Where merchants control customer data and we process such information on their behalf.

Merchants remain independently responsible for maintaining their own privacy policies for customer-facing storefronts.

02 Applicable Privacy Laws

Depending on your location, your personal information may be protected under applicable privacy laws including:

Australia

United States

New Zealand

India

Where multiple laws apply, we will comply with the stricter applicable legal standard.

03 Information We Collect

A. Identity Information

B. Contact Information

C. Business Information

D. Transaction Information

E. Customer Data (Processed on behalf of Merchants)

F. Technical Information

G. Marketing Information

H. Support Communications

04 How We Collect Information

We collect data:

05 Purpose of Processing

We use personal information to:

06 Legal Basis for Processing

We process personal information only where we have a valid legal basis under applicable privacy laws. Depending on your jurisdiction, such legal bases may include:

Australia

For users located in Australia, we process personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We collect, use, and disclose personal information only where reasonably necessary for our business functions and activities, with consent where required for sensitive information or direct marketing communications.

United States

For users located in the United States, we process personal information in accordance with applicable federal and state privacy laws, including but not limited to the CCPA (as amended by the CPRA), the VCDPA, the CPA, and other applicable state laws. Processing may occur for business purposes, commercial purposes, contractual necessity, fraud prevention, legal compliance, and other legally permitted purposes.

New Zealand

For users located in New Zealand, we process personal information in accordance with the Privacy Act 2020 and the Information Privacy Principles (IPPs). We collect and use personal information only for lawful purposes connected with our business activities and where such collection is necessary for those purposes.

India

For users located in India, we process personal data in accordance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable rules thereunder. Processing may be based on:

Where laws of multiple jurisdictions apply simultaneously, we shall comply with the stricter applicable legal standard.

07 Payment Information

In connection with subscriptions, merchant fees, customer purchases, refunds, payouts, and other transactions conducted through the Platform, we may collect, process, facilitate, or transmit payment-related information through authorized third-party payment processors, payment gateways, banking partners, and financial institutions.

Such payment-related information may include, without limitation: billing name; billing address; payment card details; bank account details; UPI / payment wallet information; transaction identifiers; payment history; tax-related payment information.

We generally do not store complete debit card, credit card, CVV, or other sensitive payment authentication data on our servers unless expressly stated and permitted under applicable law and industry standards. Where payment card information is processed, such processing may be undertaken by third-party payment processors that maintain their own security standards, including compliance with applicable Payment Card Industry Data Security Standards (PCI-DSS) requirements.

Our third-party payment service providers may independently collect, process, retain, and share financial information in accordance with their respective privacy policies, terms of service, and regulatory obligations. Users are encouraged to review such third-party policies before completing transactions.

We may receive limited transaction-related information from payment processors for purposes including: payment verification; fraud prevention; chargeback management; refund processing; subscription billing; merchant settlement and payouts; regulatory compliance; financial reporting and auditing.

We shall not be responsible for any unauthorized access, data breach, service interruption, or misuse of financial information caused solely by third-party payment processors, banks, card networks, or payment gateway providers, except to the extent such liability arises due to our gross negligence, wilful misconduct, or violation of applicable law.

08 Merchant Customer Data

Our Platform enables independent merchants, sellers, brands, and businesses (“Merchants”) to create and operate online storefronts, process customer transactions, manage orders, and interact with their end customers (“Customers”). In connection with such services, we may process personal information relating to Customers on behalf of Merchants.

Customer information processed through merchant storefronts may include, without limitation: name; email address; phone number; billing and shipping address; order details; payment-related transaction information; purchase history; delivery preferences; customer support communications; and other information voluntarily provided during checkout or account creation.

In such circumstances, the relevant Merchant generally acts as the primary data controller / business / data fiduciary (as applicable under relevant law) with respect to customer personal information collected through its storefront, and determines the purposes and means of processing such information.

Our role is generally limited to acting as a data processor / service provider on behalf of the Merchant, solely for the purpose of: hosting merchant storefronts; facilitating transactions; processing orders; enabling payment integrations; managing shipping / logistics integrations; providing analytics tools; fraud prevention; customer support functionalities; and platform administration and security.

We process such Customer information only in accordance with our agreements with Merchants, applicable law, and documented instructions provided by Merchants, except where required for compliance with legal obligations, fraud prevention, platform security, or enforcement of our legal rights.

Merchants are solely responsible for: maintaining their own customer-facing privacy policies; obtaining required consents; providing legally required notices; responding to customer privacy requests; ensuring lawful processing of customer information; and complying with applicable consumer protection and privacy laws in relevant jurisdictions.

Customers who make purchases from merchant stores hosted on our Platform should review the applicable Merchant’s privacy policy. We are not responsible for a Merchant’s independent privacy practices, data handling activities, or legal compliance obligations where such activities occur outside the scope of our Services.

09 Cookies and Tracking Technologies

We use cookies, pixels, SDKs, web beacons, tags, scripts, and similar tracking technologies to operate, secure, analyze, and improve our Platform, merchant storefronts, applications, and related services.

These technologies may collect information such as IP address, browser type and settings, device identifiers, operating system, website usage activity, browsing behavior, referral URLs, session information, purchase behavior, advertising interactions, and location data (where permitted).

Categories of cookies

Where required under applicable laws — including the Privacy Act 1988 (Australia), applicable U.S. state privacy laws (including CCPA/CPRA where applicable), the Privacy Act 2020 (New Zealand), and the Digital Personal Data Protection Act, 2023 (India) — we obtain user consent prior to placing non-essential cookies or similar tracking technologies on user devices.

Users may manage, block, or delete cookies through browser settings, device settings, cookie consent banners / preference centers, or third-party opt-out tools where available. Please note that disabling certain cookies may affect website functionality, merchant storefront operations, checkout experiences, and other platform features.

For additional information regarding the specific cookies we use, their duration, purposes, and management options, please review our separate Cookie Policy, which forms part of this Privacy Policy.

10 Disclosure of Information

We may disclose data to: payment processors; shipping providers; cloud hosting providers; analytics providers; fraud prevention vendors; legal advisors; government authorities; business partners; affiliates / subsidiaries.

We do not sell personal information unless explicitly disclosed and legally permitted. For California residents, users may exercise “Do Not Sell or Share My Personal Information” rights where applicable.

11 International Data Transfers

Your data may be processed in multiple countries. By using our Services, you acknowledge cross-border data transfers. We implement safeguards including contractual protections, security controls, access restrictions, and vendor due diligence.

12 Data Retention

We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including providing and maintaining the Services, managing merchant accounts, processing transactions, facilitating customer orders, providing customer support, enforcing contractual obligations, preventing fraud, maintaining platform security, resolving disputes, conducting audits, and complying with applicable legal, regulatory, accounting, taxation, and reporting obligations under the laws of Australia, the United States, New Zealand, India, and other applicable jurisdictions.

The retention period may vary depending on the nature of the information, contractual requirements, applicable statutory limitation periods, regulatory obligations, ongoing investigations, litigation holds, or legitimate business needs. Upon expiry of the applicable retention period, we may securely delete, destroy, de-identify, anonymize, or aggregate such information in accordance with applicable law; provided, however, that we may retain certain information for longer periods where required or permitted by law, for evidentiary purposes, fraud prevention, enforcement of legal rights, or compliance with regulatory directives.

13 Data Security

We implement commercially reasonable technical, administrative, organizational, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, destruction, or accidental compromise. Such safeguards may include encryption of sensitive data during transmission and, where applicable, at rest; role-based access controls; multi-factor authentication; firewalls; intrusion detection and monitoring; secure hosting infrastructure; vulnerability assessments; backup protocols; restricted employee access on a need-to-know basis; confidentiality obligations imposed on employees, contractors, and service providers; and periodic review of our security practices.

No method of transmission over the internet, electronic storage system, or security framework is entirely secure or immune from risks, and therefore we cannot guarantee absolute security of personal information.

14 User Rights

Depending on jurisdiction, users may have rights to:

15 California Privacy Rights

California residents may request: categories of personal information collected; sources of data; business purpose of processing; deletion of personal information; correction of personal information; opt-out rights under CCPA / CPRA.

Requests may be submitted at: assistance@vendoragenie.com.

16 Australian Privacy Rights

Australian users may access personal data, correct inaccuracies, and file complaints with the Office of the Australian Information Commissioner. We comply with the Australian Privacy Principles.

17 New Zealand Privacy Rights

New Zealand residents may request access, request correction, and file complaints with the Office of the Privacy Commissioner. We comply with the Privacy Act 2020.

18 India Privacy Rights

Under India’s Digital Personal Data Protection Act, 2023, users may: access information; correct data; erase data; withdraw consent; nominate representatives; and file grievances. Users may contact the Data Protection Board of India where applicable.

19 Children’s Privacy

Our Platform and Services are not directed toward, and are not intended to knowingly collect personal information from, children or minors below the age threshold permitted under applicable law without obtaining legally required consent from a parent or legal guardian. Where we become aware that personal information of a child has been collected without appropriate authorization, we reserve the right to delete such information and restrict access to the relevant services. For users in the United States we comply with COPPA where applicable; for users in Australia, with the Privacy Act 1988 (Cth); for users in New Zealand, with the Privacy Act 2020; and for users in India, with the Digital Personal Data Protection Act, 2023, including obtaining verifiable parental consent where required.

20 Third-Party Links

Our platform may contain links to third-party websites, applications, and services. We are not responsible for their privacy practices.

21 Business Transfers

In the event of a merger, acquisition, consolidation, corporate restructuring, reorganization, financing transaction, sale of assets, sale of business operations, insolvency proceeding, bankruptcy, change in control, or any similar corporate transaction involving all or part of our business, personal information and other data held by us may be disclosed, transferred, assigned, or otherwise shared with potential or actual purchasers, investors, lenders, successor entities, professional advisors, or affiliated entities. Any such transfer shall be subject to appropriate confidentiality obligations and applicable data protection laws, and the receiving entity shall be required to process such personal information in a manner consistent with this Privacy Policy or as otherwise permitted or required under applicable law.

22 Data Breach Notification

In the event of any actual, suspected, or reasonably foreseeable unauthorized access, disclosure, alteration, loss, destruction, or compromise of personal information that constitutes a reportable data breach under applicable law, we shall take commercially reasonable steps to investigate, contain, mitigate, and remediate the incident in a timely manner.

Where required under applicable laws, we may notify affected individuals, regulatory authorities, law enforcement agencies, payment partners, merchants, or other relevant stakeholders. This includes compliance, where applicable, with Australia’s Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), New Zealand’s Privacy Act 2020, applicable U.S. federal and state data breach notification laws, and obligations under India’s Digital Personal Data Protection Act, 2023.

23 Your Responsibilities as a Merchant

Merchants using our platform must:

24 Changes to this Privacy Policy

We may update this Policy from time to time. Updated versions will be posted on our website with revised effective dates.

25 Contact Information

Privacy Officer

CompanyFynext Labs Pty Ltd
ABN25 696 584 175

26 Grievance Officer

Users may contact us regarding any privacy-related concerns, complaints, requests, or grievances using the contact details above. For users in Australia, complaints may be escalated to the Office of the Australian Information Commissioner (OAIC). For users in New Zealand, to the Office of the Privacy Commissioner. For users in the United States, under CCPA / CPRA and other applicable state laws. For users in India, complaints may be addressed to our designated Grievance Officer under the Digital Personal Data Protection Act, 2023.

27 Do Not Track Disclosure (US Users)

Certain web browsers may offer a “Do Not Track” (DNT) feature. Because there is currently no universally accepted standard for recognizing or responding to DNT signals, our Platform may not currently respond to such signals unless required under applicable law. Users located in jurisdictions that provide specific opt-out rights (including California) may exercise applicable privacy choices through our consent management tools, cookie settings, or by contacting us.

28 Consent

By accessing, using, registering for, or otherwise interacting with our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, disclosure, storage, transfer, and processing of your personal information in accordance with this Privacy Policy, to the extent such consent is required under applicable law. Where applicable laws require express consent for specific processing activities, such consent shall be obtained separately. Users who do not agree with this Privacy Policy should discontinue use of the Services.