Privacy Policy

1. Who we are

Individual Entrepreneur Melnychuk Vasyl operates Vemlyx. This Privacy Policy explains how we process personal data when you use our website, apps, service center catalog, and related services.

Questions can be sent to [email protected]. Our legal address is Radekhiv, Lviv, 80200 Ukraine.

2. Data we collect

• Account and profile data, including email, username, password hash, authentication provider, profile details, locale, and preferences.
• Security and session data, including refresh-token records, IP address, user agent, device ID, and session activity timestamps.
• Workspace and business data, including workspace name, legal name, contact details, membership roles, addresses, location data, and working hours.
• Vehicle, fleet, and trip data, including VIN, plate number, odometer data, trip notes, waypoint details, coordinates, and place references.
• Financial and insurance data, including transactions, currencies, fuel, maintenance, fines, insurance records, and related attachments.
• Files and image metadata, including avatars, logos, transaction photos, MIME type, size, storage provider, and storage keys or URLs.
• Public Service Center (STO) data: information you explicitly choose to publish in our public directory, such as business description, website, public emails, public phones, service pricing lists, working hours, and location data.
• Billing and invoice data, including provider customer IDs, subscription IDs, invoice data, webhook payloads, and payment metadata returned by providers.
• Cookie and analytics data, including authentication cookies, preference cookies, consent cookies, and analytics events after consent where required.

3. How we collect data

If a workspace owner or administrator invites other users to a workspace, we may also receive and process invited-user data such as email address, workspace role, invitation status, and related access-management information.

The person or organization sending such invitations must have an appropriate legal basis and authority to provide that data and manage invited users' access.

• Directly from you when you register, create a workspace, upload files, publish listings, or enter vehicle, trip, transaction, or service center data.
• Automatically from your browser, device, and session when you use the Service.
• From third-party providers such as Google when you choose external sign-in.
• From payment providers when subscription, invoice, or webhook events are sent to us.

4. Why we use data

• To create accounts and authenticate users.
• To provide workspace, fleet, trip, finance, service center, and export functionality.
• To secure the Service, detect abuse, prevent fraud, and investigate incidents.
• To monitor errors, troubleshoot failures, and improve stability through error-monitoring tools such as Sentry.
• To optimize, store, and moderate uploaded images.
• To process subscriptions, invoices, and payment events.
• To display public service center listings that you choose to make visible.
• To send verification, password reset, billing, and service communications.
• To comply with legal, accounting, tax, and regulatory obligations.
• To analyze product usage through Google Analytics where consent is required and granted.

5. Legal bases

• Performance of a contract when we provide the Service you request.
• Legitimate interests to secure, maintain, improve, and defend the Service.
• Consent for analytics cookies and other consent-based processing.
• Legal obligation where retention, disclosure, or compliance is required by law.

6. Image moderation and automated checks

Where image moderation features are used in the Service, uploaded images may be checked by providers such as Google Cloud Vision or AWS Rekognition to detect unsafe or inappropriate content.

We may reject, remove, or restrict content that violates our rules, provider requirements, or applicable law.

7. Cookies and analytics

We use cookies for authentication, security, consent management, and product preferences. We also use Google Analytics after consent where required by law.

Current implementation includes cookies such as "refreshToken", "sidebar_state", and "ga_consent". See the Cookie Policy for more detail.

8. Sharing of data

We may share data with hosting, storage, moderation, analytics, authentication, communication, payment, and advisory providers where needed to run the Service.

All payment processing is handled securely by our Merchant of Record (PayPro Global). We do not collect, process, or store your full credit card information or raw banking details on Vemlyx servers.

Providers visible in the current implementation may include Google, AWS, Cloudflare, Sentry, PayPro Global, Brevo, and geocoding providers.

9. Third-party privacy notices

Some third-party services used with the Service have their own privacy notices. You can review them here:

• Google Privacy Policy
• How Google uses information from sites or apps that use its services
• PayPro Global Privacy Policy
• Sentry Privacy Policy
• Brevo Privacy Policy

10. International transfers

Your data may be processed in countries other than your own where our providers operate. Where required, we will use appropriate safeguards for international transfers.

11. Retention

We retain data for as long as needed to provide the Service, protect the platform, meet legal obligations, resolve disputes, and enforce our agreements.

Account data is generally retained for the duration of the account and for a limited period afterwards where needed for legal compliance, dispute handling, fraud prevention, or enforcement.

Billing and invoice records may be retained for up to 7 years where required by accounting, tax, or similar legal obligations.

Revoked session records may be deleted within 30 days of revocation or within another reasonable period required for security and audit purposes.

12. Your rights

Requests can be sent to [email protected]. The Service also includes some self-service controls, such as account deletion, session revocation, and CSV export for selected workspace data.

• Access your data.
• Correct inaccurate data.
• Delete data where applicable.
• Object to or restrict certain processing.
• Receive a portable copy of certain data.
• Withdraw consent where processing depends on consent.
• File a complaint with a competent data protection authority.

13. Account deletion and shared workspace data

If you delete your account, we may anonymize or deactivate some account-level data instead of keeping it in an identifiable form.

Some workspace records may remain where required for shared workspace integrity, audit history, legal compliance, or other users' data continuity. If you own a workspace with active paid subscriptions, deletion may be blocked until those subscriptions are canceled.

14. Public listings, directory data, and isolation

The Service includes a feature allowing Workspace STO (Service Center) administrators to publish a public-facing business profile.

If you explicitly choose to publish a service center listing, the specific data you provide for this purpose, such as your business name, public address, public phone numbers, working hours, and service prices, will be visible to anyone on the internet and may be indexed by search engines such as Google to help customers find your business.

We strictly separate your public directory profile from your internal management tools. Your internal workspace data, including private fleet records, client vehicle data, financial analytics, and internal trip notes, is strictly confidential and will never be published or shared in the public catalog.

You are responsible for ensuring that public content is accurate and lawful. You maintain full control and can unpublish or hide your public listing at any time through your workspace settings.

15. Children

The Service is intended for users aged 18 and older. We do not knowingly collect personal data from minors.

16. Security

We use reasonable technical and organizational measures intended to protect personal data. No system is perfectly secure, and we cannot guarantee absolute security.

17. Changes

We may update this Privacy Policy from time to time. The updated version will be posted with a new last-updated date.

For material changes, we will notify users by email or through an in-app notice at least 14 days before the change takes effect.

18. Contact

Privacy questions and requests: [email protected]

Legal address: Radekhiv, Lviv, 80200 Ukraine