Vend

0

Vend is an online and iPad based Point of Sale (POS) & inventory management system. Vend is based in Auckland, New Zealand and has been providing its cloud service since 2010. With Vend, you’re able to contact real, live, people through their online support portal, email, Twitter, or Facebook. Vend encrypt all data in transit between your computer and their servers, but they may not encrypt your data while it is on their servers. Vend’s servers are located in Chicago in a data centre operated by Rackspace. Rackspace adheres to stringent security measures and has been independently audited to ensure your data is stored securely while still being easily available to you. These measures help Vend maintain its expected availability of over 99% (the Vend service is expected to be inaccessible less than 1% of the time). Vend allows you to import and export your data in a common, easily used format. Also, Vend claims no rights over the information or content uploaded by its users. Vend deletes all of your information immediately upon termination of your account.

This disclosure was provided by Vend and researched by Arrowrock. Sources are cited where possible.

Please report any inaccuracies in this report by leaving a reply below or sending us a private message. Thank you!

Company Identity

Trading Name Vend
Company Website http://www.vendhq.com/
Company Phone Number +64 (9) 889-0189
Company Email Address theteam@vendhq.com
Physical Address Level 3
12 Heather Street
Parnell
Auckland
New Zealand

What services does this disclosure apply to?
Vend – Online POS Software
http://www.vendhq.com/

What country holds legal jurisdiction over the service(s)?
New Zealand

How long has your company been operating?
Since April 2009.

How long has your company been providing the service(s) covered in this disclosure?
September 2010

Is your company currently profitable?
Not available

return to the top

Customer Support and Service Level Agreement

What are your standard customer support hours?
NZ business hours (UTC +12) 7am-7pm Monday to Friday

What channels are available for communication with clients?
Depends on type of communication. However we are happy to engage with customers from any platform.

Sales:
sales@vendhq.com

Customer support/help:
Online Support Tickets (http://support.vendhq.com)
Email (support@vendhq.com)

Twitter:
@vendhq

Facebook:
https://www.facebook.com/Vend.POS

Which is your preferred channel for client communications?
Depends on type of communication. However we are happy to engage with customers from any platform.

Sales:
sales@vendhq.com

Customer support/help:
Online Support Tickets (http://support.vendhq.com)
Email (support@vendhq.com)

Twitter:
@vendhq

Facebook:
https://www.facebook.com/Vend.POS

Do you collect any information from client communications?
In order to use the Services, all Users will need to submit certain personal information such as their email address, name, address, telephone number, gender and date of birth. Users may be asked to submit further information from time to time.

The personal information that Users provide will only be used in connection with the Services offered by Vend, to communicate with Users in relation to the Services or to co-operate with any government, industry or regulatory authorities. Vend reserves the right to use data (on an anonymous basis) in relation to Users’ use of the Services for marketing purposes.

Vend will securely store Users’ personal information in New Zealand or in any other country which Vend may from time to time offer its Services. Users’ personal information may therefore be transferred outside of New Zealand.

https://secure.vendhq.com/privacy

What is your standard response time for customer support inquires?
Standard support: Reply to 85% of queries within 8hours, during NZ business hours.

Premium support: Reply to 85% of queries within 2hours, during NZ business hours.

Targeted response times for support requests logged outside of NZ business hours will commence at the start of the next NZ business day. Please note, these reply targets do not include public forum posts.

Do you proactively communicate information about future planned outages and maintenance to clients?
Vend communicates all planned outages via Twitter (@VendHQ & @VendOps), Facebook, and community forums. We include outage times/dates and predicted resolution times.

Do you proactively communicate information about current unscheduled outages and incidents to clients?
Vend communicates all unplanned outages via Twitter (@VendHQ & @VendOps), Facebook, and our community forums. We will regularly update affected customers via the support desk and Twitter – and any other current lines of communication.

Do you make incident reports available to clients after major incidents?
Yes. These reports are available from our Knowledgebase. http://support.vendhq.com/forums/20486913-Important-Notices

What is the expected uptime of the service?
>99%

Has the service experienced any outages in the last 12 months?
Yes, we have experienced 1 unplanned outage, and 2 planned. All outages were resolved within 20 minutes.

Does the SLA guarantee service uptime?
Not available

return to the top

Security

Are logs kept of client logins and locations?
No.

Does your service support password/account recovery?
Vend offers a secure password reset options for customers who have forgotten their login details. account login page – only works for email that setup account. admin account holder

Does the service monitor for any suspicious account activity?
Yes. database analytics monitored by engineers daily. Clients are notified immediately blah blah

Does your service offer two-step or multi-factor authentication?
No.

Does your service offer login via other services?
No.

Does your service secure all client data in transit?
Yes.
Our servers have SSL Certificates signed by global leaders in certificates, COMODO, so all data transferred between the users and the service is encrypted. The encryption is the same as that used for internet banking.
http://support.vendhq.com/entries/20789598-How-secure-is-my-data-

Does your service secure client data at rest?
Yes.

Does your service allow clients to collaborate with 3rd parties?
Yes. We have an API for integrations and 3rd party add-ons.
Transfer of data to any third parties can only occur with your consent and to organisations that provide adequate data protection.
http://support.vendhq.com/entries/20789598-How-secure-is-my-data-

Does your primary system reside in a data center with a security certification?
Yes.
Our servers are located within Rackspace tier-one, enterprise grade hosting facilities. Access is restricted to authorised Rackspace staff by a combination of biometric systems and 24/7 onsite security guards, and is continually audited to meet SAS 70 Type II standards.
http://support.vendhq.com/entries/20789598-How-secure-is-my-data-

Does your backup/disaster recovery system reside in a data center with a security certification?
Yes
Our servers are located within Rackspace tier-one, enterprise grade hosting facilities. Access is restricted to authorised Rackspace staff by a combination of biometric systems and 24/7 onsite security guards, and is continually audited to meet SAS 70 Type II standards.
http://support.vendhq.com/entries/20789598-How-secure-is-my-data-

return to the top

Data Ownership

Do you claim ownership of any client data or information uploaded to your service?
Vend claims no intellectual property rights in relation to the information or content uploaded to the Website by Users.

Does the client retain full ownership of any data of information transmitted or stored via upstream providers?
Yes.

Does client use of your service generate any metadata or other statistical information?
Yes. Statistical data is charted to provide resources for customers. i.e. Optimum acceptable margins; average price of coffee; peak sales times, etc. Graphs and infographics are the property of Vend.

return to the top

Data Location

Where are the primary systems that host client data located?
Chicago, ORD1

Where are the backup/disaster recovery systems that host client data located?
Not available

Are there any other systems that host client data on behalf of your service?
Not available

return to the top

Data Access and Use

Does the client have full access to their data during the service contract period?
Yes.

Can the client freely download their data from the service during the contract period?
Yes. Inventory, products and customer information can all be downloaded at any time in a CSV file. These files are easily editable for repurposing into other apps, or reporting tools.

Can the client easily import/upload their data from a competing service provider into your service?
Yes. The files may need to be reformatted to fit our CSV templates, but this is a very simple process with even basic spreadsheet skills.

Does your services include an API to access client data?
Yes. We have an open API for 3rd party integrations. Customers can also create their own code for customisation.

Following termination of the service, will the client be able to access their data?
No. All data will be deleted.
https://secure.vendhq.com/terms

Following termination of the service, is all client data deleted?
All of your data and content will be deleted from our systems immediately upon cancellation of your account. This content cannot be recovered once your account is cancelled. Vend is not liable for any loss or damage following, or as a result of, cancellation of your account, and it is your responsibility to ensure that any content or data which you require is backed-up or replicated before cancellation.
https://secure.vendhq.com/terms

Does anyone in your organization (including contractors and upstream providers) have the ability to directly access client data?
No. No direct access.

Does your company use client data or information for any business function (other than the provision of the service)?
No.

Does your company use client data or information to generate revenue (other than the provision of the service)?
No.

Do you access client data in any additional circumstance not yet specified in this disclosure?
No.

return to the top

Data Breach Notification

Do you have a policy in place for dealing with data loss or breach?
Not available

Do you notify clients if their data has been lost or compromised?
Yes. We’ll notify all affected customers immediately via email/phone.

return to the top

Backup and Maintenance

Does your service support data versioning?
Histories are retained until deleted by client.

How often are service/client data backups performed?
All customer data is backed up daily. We also run a continuous off site data back-up service into a second Rackspace facility for further real-time data protection.
http://support.vendhq.com/entries/20789598-How-secure-is-my-data-

What method is used to perform service/client data backups?
We also run a continuous off site data back-up service into a second Rackspace facility for further real-time data protection.

How long is backup data retained for?
Until next backup.

return to the top

Disclaimer

The information in this report is provided “AS IS” without warranty of any kind, express or implied. Please use good judgement and verify the information you consider important before basing any decisions on it.