VendMap Privacy Policy

Last Updated: November 14, 2025

This Privacy Policy explains how Veriris LLC ("Veriris," "we," "us," or "our") collects, uses, discloses, and protects information in connection with your use of the VendMap mobile application (the "App"). We are committed to protecting your privacy and handling your personal information in a transparent manner.

By downloading, installing, accessing, or using the App, you agree to the terms of this Privacy Policy and our Terms of Service. If you do not agree, please do not use the App.

Account Types and Guest Mode

VendMap offers two modes of use:

Guest Mode (Unauthenticated)

You may browse vending machine locations, view ratings, and navigate the App WITHOUT creating an account ("Guest Mode"). Guest Mode is view-only; you cannot add machines, submit ratings, verify locations, or submit reports.

Guest Data Collection: In Guest Mode, we collect:

  • Device identifier for session continuity and consent preferences
  • Location data (with your consent) for displaying nearby vending machines
  • Device information and analytics data (with your consent)
  • No personally identifiable information (name, email) is collected in Guest Mode

Guest Consent Management: Guest users can manage privacy preferences (analytics, location, advertising) through Settings. These preferences persist until you clear app data or convert to an authenticated account.

Guest to Authenticated Conversion: If you create an account after using Guest Mode, your consent preferences will be migrated to your authenticated account where feasible.

Authenticated Mode (Account Required)

Creating an account unlocks full App functionality: adding machines, rating and verifying locations, submitting reports, and managing your profile. Account creation requires authentication using Google Sign-In or Apple Sign-In.

Authenticated Data Collection: In addition to Guest Mode data, authenticated users provide:

  • Name and email address (via Google Sign-In or Apple Sign-In)
  • User ID (generated by VendMap)
  • User Contributions (VM locations, ratings, verifications, reports)
  • Account preferences and settings

1. What Information We Collect About You

We collect various types of information to provide and improve the VendMap App. This includes:

  • Identifiers:
    • Authenticated Users: Name (from Google Sign-In or Apple Sign-In), email address (from Google Sign-In or Apple Sign-In, which may include Apple's private relay email addresses if you choose to hide your email), unique user ID (generated by VendMap), device identifiers (such as advertising ID and device ID), IP addresses (collected by third-party service providers for analytics, crash reporting, and advertising). Users have the option to use an anonymous username within the App.
    • Guest Users: Guest device identifier, device identifiers (such as advertising ID if enabled with consent), IP addresses (collected by service providers for analytics, crash reporting, and advertising). No name or email collected.
  • Geolocation Data: Precise location data (with your permission) is collected and processed in the following ways:
    • Your current location: Used when you use the map to display nearby vending machines and calculate distances. This location data is not stored permanently.
    • Vending machine locations: When you add a new vending machine, the precise coordinates are stored permanently in our database as part of the community map.
    • Shared with mapping service providers: Your location coordinates are shared with mapping services (such as Google Maps) to convert between addresses and coordinates and to provide location-based functionality.
    • If GPS is unavailable, the App may use alternative location services to approximate your location.
    • You may choose to set a manual location in Settings instead of using your device's GPS. If you decline location permission or use a manual location, distance calculations to vending machines may be less accurate.
  • Internet or Other Electronic Network Activity Information: Interactions with the App (such as features accessed and usage patterns), performance data, information about your device (such as OS version and device model), advertising identifiers.
  • Diagnostics and Performance Data: Platform type, platform version, memory usage, network errors, performance metrics, error messages, stack traces, and app context. This information is shared with third-party service providers for crash reporting, performance monitoring, analytics, and advertising.
  • User Contributions:
    • Authenticated Users Only: Vending Machine locations you add or verify, ratings you provide (1-5 stars), issue reports (e.g., "out-of-stock," "payment failure"), comments, and other content you submit through the App. These contributions are linked to your user ID. We also log when you create a VM marker and when you remove your contributions (e.g., delete a rating or report).
    • Guest Users: No User Contributions collected (view-only access).
  • Inferences Drawn from Other Personal Information: Inferences drawn from the above categories to create a profile about a consumer reflecting the consumer's preferences (e.g., preferred VM types or locations).

2. Cookies, Tracking Technologies, and Advertising Identifiers

VendMap uses mobile advertising identifiers and local storage to collect information. Since VendMap is a mobile application, we do not use browser cookies.

  • Mobile Advertising Identifiers: We and our third-party service providers collect mobile advertising identifiers:
    • iOS: Identifier for Advertising (IDFA) - Control in Settings → Privacy → Tracking
    • Android: Google Advertising ID (GAID) - Control in Settings → Google → Ads
  • Purpose: These identifiers are used for analytics, advertising delivery, and measuring ad performance.
  • Local Storage: We store authentication tokens, user preferences, and app settings locally on your device.
  • Third-Party SDKs: We use Google Analytics for Firebase, Google Maps SDK, Google AdMob, Google Sign-In, and Apple Sign-In. Each SDK may collect information according to their respective privacy policies.

3. Sources of Personal Information

We collect information from the following sources:

  • Directly from You:
    • Authenticated Users: When you register for an account (via Google Sign-In or Apple Sign-In), voluntarily provide information (e.g., add a VM location, submit a report, choose an anonymous username).
    • Guest Users: Device identifier and consent preferences configured in Settings.
  • From Your Device: Information automatically collected from your mobile device through the App, such as device identifiers and precise geolocation (with your consent).
  • From Third-Party Service Providers: Authentication services, mapping services, analytics providers, crash reporting services, and advertising services.

4. How We Use Your Information

We process your personal information based on the following lawful bases under applicable privacy laws (including GDPR Article 6):

  • To Provide and Maintain the App & Services (Lawful Basis: Contract Performance): Necessary to fulfill our agreement to provide App functionalities (e.g., displaying VMs, enabling contributions).
  • To Personalize Your Experience (Lawful Basis: Legitimate Interest or Consent): To provide a more tailored user experience. Our legitimate interest is enhancing user satisfaction. In EU/EEA regions requiring opt-in, we rely on your explicit consent.
  • To Improve and Develop the App (Lawful Basis: Legitimate Interest): Analyzing usage patterns to enhance App features, performance, and user interface based on our legitimate interest in product development.
  • To Conduct Analytics and Research (Lawful Basis: Legitimate Interest or Consent): Understanding user behavior, error patterns, crash trends, and app stability metrics. Our legitimate interest is making informed business decisions. In EU/EEA regions requiring opt-in, we rely on your explicit consent.
  • To Display Advertisements (Lawful Basis: Consent): Delivering ads to support the Basic Tier, based on your explicit consent. In EU/EEA, ads are only displayed after you opt-in. You may withdraw consent at any time.
  • To Communicate with You (Lawful Basis: Contract Performance or Legitimate Interest): To send essential account-related communications (security alerts, policy updates, support responses). We do not send promotional marketing emails.
  • For Security and Fraud Prevention (Lawful Basis: Legitimate Interest): Protecting the integrity of the App and detecting/preventing fraudulent activities based on our legitimate interest in security.
  • To Comply with Legal Obligations (Lawful Basis: Legal Obligation): Adhering to applicable laws, regulations, and legal processes.

5. How We Disclose, Share, or Sell Your Information

We do not "sell" or "share" (as defined by the California Consumer Privacy Act, "CCPA") your personal information for cross-context behavioral advertising purposes. This means we do not sell your personal information to third parties for money, nor do we share it with third parties for cross-context behavioral advertising (advertising that tracks your activity across different businesses or apps to target ads).

California Residents - CCPA Disclosure: In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of third parties:

  • To Service Providers (Authentication, Mapping, Analytics, Crash Reporting, Advertising): Identifiers, Geolocation Data, Internet/Network Activity Information, Diagnostics and Performance Data, Inferences
  • To Affiliates: All categories of personal information listed in Section 1
  • For Business Transfers: All categories may be transferred in merger/acquisition scenarios
  • For Legal Compliance: Any category as required by law or legal process

We may disclose your personal information to the following categories of third parties:

Third-Party Data Protection: All third-party service providers with whom we share your personal information are contractually required to provide the same or equal level of protection for your data as stated in this Privacy Policy and to use your data only for the purposes for which it was disclosed.

  • Service Providers: We engage third-party service providers to facilitate our App and Services, perform App-related functions, or assist us in analyzing how our App is used. These service providers may receive your personal information to perform their services and include providers of authentication, mapping and location services, crash reporting, performance monitoring, analytics, and advertising services (such as Google).
  • Affiliates: We may share information with our current or future affiliates for purposes consistent with this Privacy Policy.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
  • Legal Obligations and Protection: We may disclose your information if required by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of Veriris LLC, prevent or investigate possible wrongdoing, protect the personal safety of users of the App or the public, or protect against legal liability.
  • With Your Consent: We may disclose your personal information for any other purpose with your explicit consent.

6. Regional Privacy Compliance and Consent Defaults

VendMap complies with privacy laws in your region, including the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States.

Regional Consent Defaults:

  • EU/EEA/UK/Switzerland/Brazil/Canada/Japan/South Korea: We use an OPT-IN model for advertising. Advertising consent is set to FALSE by default. You must explicitly grant consent to allow personalized advertising. Product analytics are always enabled to improve app stability and performance (legitimate business interest). We do not currently offer promotional emails or marketing communications.
  • United States (CCPA): We use an OPT-OUT model for advertising. Advertising consent is set to TRUE by default, with the ability to opt-out at any time through your privacy settings. Product analytics are always enabled (legitimate business interest). We do not currently offer promotional emails or marketing communications.
  • Other Regions: We use an OPT-OUT model for advertising. Advertising consent is set to TRUE by default, with the ability to opt-out at any time through your privacy settings. Product analytics are always enabled (legitimate business interest). We do not currently offer promotional emails or marketing communications.

Region Detection: We detect your privacy region using your device's locale settings (not IP address) to determine which privacy framework applies to you. This information is stored locally and used to set appropriate consent defaults when you create your account.

Changing Your Consent: You can change your consent preferences at any time by visiting the Privacy Settings screen in the App. Your consent choices will be honored immediately and apply to all future data processing activities.

7. Data Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Account Deletion: When you request account deletion:

  • We anonymize your User record by replacing your name and email with a randomly generated anonymous identifier
  • We delete your account credentials to prevent re-authentication
  • We delete personal data including preferences and favorites
  • Your contributions to the platform (machine locations, ratings, reports) remain in the system but are attributed to your anonymous identifier, not your personal information
  • Audit logs are retained under the anonymous identifier for up to 7 years as required by applicable law

This approach ensures data integrity for the community while honoring your right to be forgotten. Anonymization is legally equivalent to deletion under GDPR and CCPA. If you create a new account with the same credentials after deletion, you will receive a new anonymous identifier and will not be able to access or reclaim contributions from your deleted account.

Guest Data Retention

Guest Mode collects minimal data. Most guest data is retained only as necessary to provide the App experience and is deleted when you clear app data, uninstall the App, or convert to an authenticated account.

If you enable analytics or location services, that data is processed consistent with your consent choices and our general data retention practices described in this Privacy Policy.

8. International Data Transfers

Veriris LLC is based in the United States. If you are accessing the App from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws different from those in your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we ensure that any transfer of personal data outside these regions is conducted with appropriate safeguards in place, such as Standard Contractual Clauses (SCCs) and Adequacy Decisions.

9. Your Privacy Rights

Rights for Guest Users

Because Guest Mode collects minimal personal data, certain privacy rights have limited applicability:

Right to Access (GDPR/CCPA):

Guest users can access their data (device identifier and consent preferences) through the App's Settings screen.

Right to Deletion (GDPR/CCPA):

Guest users can delete guest data by:

  • Clearing app data via device settings
  • Uninstalling the App
  • Using the "Clear Guest Data" option in Settings (if available)

Right to Opt-Out:

Guest users can opt-out of:

  • Analytics and diagnostics (disabled by default, opt-in required)
  • Personalized advertising (disabled by default in regions requiring opt-in)
  • Location services (managed via device settings and in-app prompts)

Right to Data Portability (GDPR): Guest users have limited data portability rights because no User Contributions are collected in Guest Mode. Device identifier and consent preferences can be accessed via Settings.

Right to Object (GDPR): Guest users can object to processing by disabling specific consent categories in Settings or uninstalling the App.

Conversion to Authenticated Account: If you create an account after using Guest Mode, you will gain full privacy rights applicable to authenticated users.

Contact Us: To exercise any Guest user rights or for questions about Guest data handling, contact us at support@veriris.com. Please note we cannot verify your identity for Guest accounts without additional information.

Rights for Authenticated Users

You have certain rights regarding your personal information. We will respond to your request within the timeframes required by applicable law (e.g., 30 days for GDPR, 45 days for CCPA/CPRA). We will not discriminate against you for exercising your privacy rights.

How to Delete Your Account and Data:

You can delete your account and all associated data directly from within the VendMap app:

  1. Open the VendMap app
  2. Go to Settings
  3. Tap "Privacy Settings"
  4. Tap "Delete Account"
  5. Confirm deletion

Your account will be deleted immediately, and your personal data will be anonymized as described in Section 6 (Data Retention Periods).

How to Delete Specific Data Without Deleting Your Account:

You can selectively remove your contributions while keeping your account active:

  • Delete individual ratings: Go to a VM details page → Tap "Clear Rating" button
  • Delete individual reports: Go to a VM details page → Tap the trash icon next to your report
  • Remove verifications: Go to a VM details page → Tap the verify button (shows "You Verified This" when verified)
  • Remove monitoring (favorites): Tap "Monitoring" button on VM details page, or tap "Stop Monitor" on your Pro Dashboard

These actions remove the specific data items while preserving your account and other contributions.

Right to Opt-out of Targeted Advertising: You can opt-out of personalized or targeted advertising within the App by adjusting your device's advertising settings (e.g., "Reset Advertising Identifier" or "Limit Ad Tracking") or by following instructions provided by our advertising services. Please note that opting out will not stop all ads, but it will make them less relevant to you.

10. Security of Your Information

We implement reasonable and appropriate technical and organizational measures designed to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include, but are not limited to, encryption, access controls, and regular security assessments. While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. For material changes to this Privacy Policy, we will provide notice through the App or by other appropriate means before the changes take effect. For non-material changes, we will update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Continued use of the App after changes are posted constitutes your acceptance of the revised Privacy Policy.

12. Content Moderation and User Safety

  • Content Review: We may review user-generated content (VM locations, ratings, and reports) to ensure compliance with our Terms of Service and applicable laws.
  • Safety Measures: We implement measures to protect users, especially minors, from inappropriate behavior and ensure data accuracy.
  • Reporting: Users can report inappropriate content or behavior through our in-app reporting system.
  • Data Retention: Content that violates our policies may be removed and associated data may be retained for legal compliance purposes.
  • Moderation Data: We may collect and process data related to content moderation activities, including reports, flags, and actions taken to maintain a safe environment for all users.

13. Children's Privacy

Age Rating: VendMap is rated for ages 4+ in the Apple App Store and 3+ (Everyone) in Google Play Store. While the App is available to all ages, it is not specifically directed at children under 13 (or 16 in the European Economic Area/United Kingdom).

Age Restrictions: The App is not directed to children under 13 (or under 16 in the EEA/UK where applicable), and we do not knowingly collect personal information from children under these ages.

Guest Mode and Minors: Guest Mode's view-only nature and minimal data collection does not alter our age restriction. Users under 13 (or 16 in EEA/UK) may not use the App in any mode without verifiable parental consent, which we do not currently offer.

Account Creation: Google Sign-In and Apple Sign-In (required for authenticated accounts) have their own age restrictions which help enforce our policy.

If We Discover a Child's Information: If you believe a child under the applicable age has used the App or provided personal information, please contact us at support@veriris.com so we can take appropriate action, including deletion of any data collected. Parents have the right to review, request deletion, and refuse further collection of their child's information.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Veriris LLC
522 W Riverside Ave #7133
Spokane, WA 99201
Email: support@veriris.com
Phone: (769) 300-5335

For EU/EEA Users: For GDPR-specific questions, contact: support@veriris.com