Vendra is a cloud-based business management platform built for Kenyan SMEs. We provide subscription-based ERP software including invoicing, inventory, accounting, and related business tools. References to "Vendra", "we", "us" or "our" mean the Vendra platform and its operators.
By registering for or using Vendra you confirm that:
You are responsible for maintaining the security of your account credentials. Do not share your password. Notify us immediately at [email protected] if you suspect unauthorised access. We are not liable for losses caused by unauthorised use of your account where you failed to take reasonable precautions.
Each account is for a single business entity. Creating multiple accounts to circumvent subscription limits is not permitted.
Vendra operates on a prepaid subscription model. Access to your system is granted for the period covered by your payment. When your subscription expires, access to your system is suspended until renewed.
Your business data belongs to you. We store it on your behalf to provide the service. We do not sell, share, or analyse your business data for commercial purposes beyond operating and improving the service.
If you delete your account, your data — including your Vendra system database — is permanently and irreversibly deleted. We recommend exporting any data you need before deleting your account.
You agree not to use Vendra to:
We aim to keep Vendra available at all times but do not guarantee 100% uptime. Scheduled maintenance, infrastructure issues, or circumstances beyond our control may result in temporary downtime. We will endeavour to notify users of planned maintenance in advance.
The Vendra platform, brand, and software are owned by us. You are granted a limited, non-exclusive, non-transferable licence to use the service during your active subscription. You retain full ownership of all data and content you input into the system.
To the maximum extent permitted by Kenyan law, Vendra shall not be liable for indirect, incidental, or consequential damages arising from your use of the service, including but not limited to loss of profits, loss of revenue, loss of business data, or business interruption — whether arising from software errors, system downtime, data loss, security incidents, or any other cause.
Our total aggregate liability to you in connection with any claim shall not exceed the amount you paid for the service in the three (3) months immediately preceding the event giving rise to the claim. Where a claim relates specifically to loss of data or a data security incident, our liability shall be further limited to the value of your single most recent subscription payment at the time of the incident, regardless of the nature or extent of the loss.
These limitations apply whether the claim is based on contract, tort (including negligence), statute, or any other legal theory, and even if Vendra has been advised of the possibility of such damages.
Vendra uses cloud infrastructure and third-party services to store and process your data. While we apply industry-standard security measures, no system can guarantee absolute data security or continuity.
Data loss: We are not liable for loss of your business data arising from: infrastructure or hardware failure at our hosting providers; your own actions (including accidental deletion, misconfiguration, or sharing of account credentials); force majeure events including but not limited to natural disasters, acts of government, cyberattacks beyond reasonable preventive measures, or telecommunications outages; or failures of third-party services such as Safaricom M-Pesa, Paystack, or cloud infrastructure providers. In the event of data loss caused solely by Vendra's systems, our liability is capped at the value of your most recent subscription payment — we will not be liable for the value of the business data lost, lost profits, or costs of reconstructing records.
Data backups: You are responsible for maintaining your own backups of critical business data. We recommend regularly exporting records from your Vendra system. We provide data export tools for this purpose. We do not guarantee point-in-time recovery or restoration of deleted data.
Security breaches: In the event of a confirmed breach of our systems that affects your account data, we will notify you by email to your registered address within 72 hours of discovery. Our notification will describe the nature of the incident, what data was affected, and the steps we have taken. We will also notify the Office of the Data Protection Commissioner of Kenya as required by law. Our liability arising from a security breach caused by our own systems shall be limited to the value of your most recent subscription payment. We are not liable for breaches caused by your own failure to protect your account credentials, third-party provider incidents outside our control, or unauthorised access you facilitated.
Compensation: Any compensation Vendra agrees to pay in connection with a data loss or data breach claim shall not exceed the value of your last subscription payment made to Vendra. This is the maximum compensation you may claim from Vendra regardless of the severity of the incident or the value of data affected. This limitation does not affect any rights you may have against your own insurers or any third-party providers directly responsible for an incident.
Either party may terminate the agreement at any time. You may delete your account from your profile settings. We may suspend or terminate accounts that violate these terms, with or without prior notice depending on the severity of the violation. Upon termination, your data will be deleted.
We may update these terms from time to time. We will notify active users by email at least 14 days before material changes take effect. Continued use of the service after that date constitutes acceptance of the updated terms.
These terms are governed by and construed in accordance with the laws of Kenya. Any disputes shall be subject to the exclusive jurisdiction of the Kenyan courts.
For questions about these terms, contact us at [email protected].
When you create an account and use Vendra we collect:
We do not use your business data for marketing, profiling, or any purpose beyond operating the service.
We work with the following third parties who may process your data as part of delivering the service:
We do not sell your data to any third party.
Your data is stored on cloud infrastructure. Your data may be stored and processed outside Kenya. We ensure appropriate safeguards are in place for any such transfers in compliance with the Kenya Data Protection Act 2019. We apply industry-standard security measures including encrypted connections (TLS), access controls, and regular security reviews. Despite these measures, no system is completely secure. We encourage you to use a strong password and keep your credentials confidential.
Security incident response: In the event of a confirmed security breach affecting your personal or business data, we will notify you by email to your registered address within 72 hours of becoming aware of the incident. The notification will include: what happened, the categories of data affected, what we have done to address it, and any recommended steps you should take. We will also report the breach to the Office of the Data Protection Commissioner of Kenya as required under the Kenya Data Protection Act 2019. Our liability in connection with any security incident is limited as described in our Terms of Service — compensation shall not exceed the value of your most recent subscription payment.
We retain your account data for as long as your account is active. If you delete your account, all associated data including your system database is permanently deleted within 24 hours. We may retain anonymised usage statistics that cannot identify you.
Payment transaction references may be retained for up to 7 years to comply with Kenyan financial record-keeping requirements.
Under the Kenya Data Protection Act 2019 you have the right to:
To exercise any of these rights, contact us at [email protected].
The Vendra dashboard uses session tokens stored in your browser's local storage for authentication. We do not use tracking cookies or advertising cookies.
Vendra is a business platform and is not directed at persons under 18 years of age. We do not knowingly collect data from children.
We may update this Privacy Policy periodically. Material changes will be communicated by email at least 14 days before they take effect. Continued use of the service constitutes acceptance of the updated policy.
For privacy questions or data requests, contact us at [email protected].