VenVenBack to VenVen

Privacy Policy

Last updated: March 10, 2026

Wooden Cow Labs ("we," "us," or "our") operates VenVen ("Service"), a business management platform for coffee cart and trailer operators. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, and profile data when you create an account (including via Google OAuth).
  • Business information: Business name, location, service area, logo, menu items, pricing, equipment details, and ingredients.
  • Payment information: Payment details are collected and processed directly by Polar and Stripe. We do not store your credit card numbers.
  • Commissary Match data: If you use our Commissary Match service, we collect your name, email, phone number, location, business type, and specific needs.
  • Communications: If you contact us, we retain the content of your messages.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, and interactions within the Service.
  • Device information: Browser type, operating system, and IP address.
  • Cookies and local storage: We use cookies for authentication (via Supabase) and local storage for preferences such as sidebar state, checklist progress, and tool settings. See Section 8 for details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Generate AI-powered content on your behalf (see Section 4)
  • Provide location-specific market intelligence (weather, pricing data, competitor information)
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Detect and prevent fraud or abuse

3. Third-Party Services

We share data with the following third-party services to operate the Service. Each processes data according to their own privacy policies:

3.1 Infrastructure & Hosting

  • Vercel (vercel.com): Hosts our website. Processes your IP address and request data. Privacy Policy
  • Supabase (supabase.com): Database and authentication provider. Stores all account data, business data, and handles login sessions. Privacy Policy

3.2 AI Services

  • Anthropic (anthropic.com): Powers our AI Outreach email generation tool. When you use this feature, your business name, location, owner name, menu items, and the recipient's name/company are sent to Anthropic's API to generate email content. Anthropic's API does not use this data to train their models. Privacy Policy

3.3 Payment Processing

  • Polar (polar.sh): Processes subscription payments for VenVen Pro. Your email address and payment details are handled directly by Polar. We do not store payment card details. Privacy Policy
  • Stripe (stripe.com): Processes one-time payments for Commissary Match. We do not store payment card details; Stripe handles all payment information directly. Privacy Policy

3.4 Email

  • Resend (resend.com): Sends transactional emails (Commissary Match results). Your email address and name are shared with Resend for delivery. Privacy Policy

3.5 Analytics & Error Monitoring

  • Plausible Analytics (plausible.io): Privacy-friendly website analytics. Plausible does not use cookies, does not collect personal data, and is fully GDPR compliant. Only aggregate page view data is collected. Privacy Policy
  • Sentry (sentry.io): Error monitoring and performance tracking. When an error occurs, Sentry receives technical diagnostic data including the error message, stack trace, browser type, and IP address (which is not stored). No personal business data is sent to Sentry. Privacy Policy

3.6 Market Data & Location Services

  • Google Places API (Google):Used for competitor mapping in Market Intelligence. Your selected business location/state is sent to Google. Data is displayed in accordance with Google's attribution requirements. Privacy Policy
  • Open-Meteo (open-meteo.com):Provides weather forecast data based on your state/location. No personal data is sent; only geographic coordinates.
  • Bureau of Labor Statistics (BLS) (bls.gov):Public U.S. government API for consumer price data. No personal data is sent.
  • FRED / Federal Reserve (fred.stlouisfed.org):Public U.S. government API for wholesale price trends. No personal data is sent.
  • U.S. Census Bureau ACS (census.gov):Public U.S. government API for household income data by ZIP code, used in smart pricing suggestions. Only ZIP codes are sent; no personal data is transmitted.
  • U.S. Energy Information Administration (EIA) (eia.gov):Public U.S. government API for regional gas prices, used in all-in margin calculations. No personal data is sent.

3.7 Authentication

  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not access any other Google account data.

4. AI-Generated Content

Our AI Outreach tool uses Anthropic's Claude to generate email content. When you use this feature:

  • Your business name, location, contact details, menu items, and ingredients may be included in the AI prompt.
  • The recipient's name and company name are included to personalize the email.
  • Generated content is provided as-is. You are responsible for reviewing and editing AI-generated content before sending it.
  • Anthropic processes this data under their API privacy policy, which does not use API data for model training.

5. Information Sharing

We do not sell, trade, or rent your personal information. We share your information only:

  • With the third-party service providers listed in Section 3, as necessary to operate the Service
  • With your consent
  • To comply with legal obligations or valid legal processes
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with prior notice)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption in transit (HTTPS/TLS)
  • Row Level Security (RLS) in our database ensuring users can only access their own data
  • Server-side authentication for all API endpoints
  • Environment variables for all API keys and secrets (never exposed to the browser)

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account.
  • Business data: Retained until you delete your account or remove the data.
  • Commissary Match leads: Retained for up to 12 months after submission, then deleted.
  • Cached market data: Weather (24 hours), pricing data (7 days), competitor data (7 days).

You may request deletion of your account and all associated data at any time through Settings or by contacting us.

8. Cookies & Local Storage

Essential Cookies

We use essential cookies for authentication. These are required for the Service to function and cannot be disabled. They are set by Supabase to maintain your login session.

Local Storage

We use browser local storage to save your preferences (sidebar layout, checklist progress, dismissed notices). This data stays on your device and is not sent to our servers. You can clear local storage through your browser settings.

Font Loading

Core application fonts are self-hosted and do not make external requests. The Menu Builder and Brand Kit tools load additional design fonts from Google Fonts (fonts.googleapis.com) when you use those features. This means Google receives your IP address during those sessions. See Google's Privacy Policy.

9. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent for optional data processing

To exercise any of these rights, contact us at [email protected].

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: You can request what personal information we collect, use, and disclose.
  • Right to Delete: You can request deletion of your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
  • No Sale of Data: We do not sell your personal information to third parties.

To submit a CCPA request, email [email protected] with the subject line "CCPA Request."

11. Children's Privacy

VenVen is designed for business use and is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Back to top