Privacy Policy

1. Overview

VendorBenchmark.com ("VendorBenchmark," "we," "us," or "our") operates an enterprise software pricing intelligence platform serving Fortune 500 IT procurement teams, CFOs, CIOs, and private equity operating partners. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our platform services.

By using VendorBenchmark, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please do not use our platform.

2. Information We Collect

2.1 Account and Contact Information

When you register for a free trial, request a demo, or subscribe to our services, we collect:

• Full name and job title
• Business email address (we do not accept personal email addresses for platform accounts)
• Company name, size, and industry
• Phone number (optional, for enterprise accounts)
• Billing address and payment information (processed via PCI-compliant payment processors)

2.2 Platform Usage Data

When you use the VendorBenchmark platform, we collect:

• Vendor benchmark queries and search history
• Reports viewed, downloaded, or shared
• Proposal submissions and associated deal metadata
• Feature usage patterns and session data
• IP address, browser type, and device information

2.3 Vendor Proposal and Benchmark Data

When you submit vendor proposals for benchmarking, we collect contract details, pricing information, and deal terms. This data is subject to our NDA protections as described in Section 5 below.

2.4 Communications

When you contact us via form, email, or live chat, we retain the content of those communications to provide support and improve our services.

3. How We Use Your Information

We use collected information to:

• Deliver benchmark reports and platform services you have requested
• Process payments and manage your account
• Send transactional emails (report delivery, account updates, security alerts)
• Send marketing communications about new research and platform features (you may opt out at any time)
• Improve our benchmark data quality and platform functionality
• Comply with legal obligations and protect against fraud
• Conduct aggregate analysis to improve pricing intelligence accuracy

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information with:

4.1 Service Providers

We engage trusted third-party service providers who assist in operating our platform, including cloud hosting providers (AWS), payment processors, email delivery services, and analytics providers. All service providers are contractually obligated to protect your data and use it only for the purposes for which they were engaged.

4.2 Legal Requirements

We may disclose information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of VendorBenchmark, our clients, or others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

5. Benchmark Data and NDA Protections

Our benchmark database is built from anonymized, aggregated deal data. When you submit a vendor proposal:

• Your company identity is never disclosed to any other party
• Deal terms are aggregated with peer data before analysis
• Identifying contract provisions are stripped before data enters our benchmark pool
• Our analysts access your raw data only under confidentiality obligations

This NDA protection is why Fortune 500 procurement teams trust us with their most sensitive vendor contracts. For full NDA terms, visit our NDA Center.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

6.1 Essential Cookies

Required for the platform to function — authentication, security, and session management. Cannot be disabled.

6.2 Analytics Cookies

We use privacy-respecting analytics to understand how users interact with our platform. This helps us improve report quality and navigation. You may opt out via your browser settings or our cookie preference center.

6.3 Marketing Cookies

We may use cookies to measure the effectiveness of our marketing campaigns. We do not allow third-party advertising networks to set cookies on VendorBenchmark.com for the purpose of serving targeted advertising.

7. Data Security

VendorBenchmark maintains a comprehensive information security program that includes:

• SOC 2 Type II certification (audited annually by an independent third party)
• AES-256 encryption for data at rest; TLS 1.3 for data in transit
• Role-based access controls limiting analyst access to client data
• Annual penetration testing by accredited third-party security firms
• 24/7 security monitoring and incident response procedures
• Employee security training and background checks

While we implement industry-leading security measures, no system can guarantee 100% security. In the event of a data breach affecting your information, we will notify you as required by applicable law. Full security details are available at our Security page.

8. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request that we restrict processing of your data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for direct marketing

Our legal basis for processing personal data is: performance of a contract (platform services), legitimate interests (platform improvement, fraud prevention), and consent (marketing communications).

To exercise any of these rights, contact our Data Protection Officer at privacy@vendorbenchmark.com. We will respond within 30 days.

9. CCPA Rights (California Users)

California residents have the following rights under the California Consumer Privacy Act:

• Know: Request disclosure of personal information collected about you in the past 12 months
• Delete: Request deletion of personal information we have collected from you
• Opt-Out: Opt out of the "sale" of personal information (we do not sell personal data)
• Non-Discrimination: You will not be discriminated against for exercising these rights

To submit a CCPA request, contact us at privacy@vendorbenchmark.com or use our contact form.

10. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations:

• Active account data: retained for the duration of your subscription plus 3 years
• Benchmark submission data: retained in anonymized, aggregated form indefinitely for database accuracy; identifiable raw data deleted within 90 days of report delivery
• Marketing contact data: retained until you unsubscribe or request deletion
• Security logs: retained for 24 months

11. Children's Privacy

VendorBenchmark is an enterprise B2B platform not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 30 days before taking effect. The "Last Updated" date at the top of this page will always reflect the most recent revision. Continued use of VendorBenchmark following notification of changes constitutes acceptance of the revised policy.

13. Contact Us