Vendor Oversight Made Easy
Ready to simplify vendor management?
Discover how streamlined vendor oversight leads to safer communities and smoother operations.
Privacy Policy
Privacy Policy
Effective date: August 11, 2025 | Last updated: August 11, 2025
This Privacy Policy explains how Spotlight Vendor (“Spotlight Vendor,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit https://spotlightvendor.com or use our products and services. Our software helps senior living and care providers manage vendors, track compliance, and run procurement workflows. If you do not agree with this policy, please do not use our services. This template is a starting point and does not constitute legal advice.
Who We Are
Spotlight Vendor provides a vendor management and procurement platform for senior living and care providers.
When we determine the purposes and means of processing personal information on our website and for our own account administration, we act as a controller.
When we process personal information on behalf of our business customers inside their workspaces, we act as a processor or service provider.
Scope
This policy applies to personal information we collect:
- On our website and in our app
- When you create an account, join a customer workspace, or use features such as compliance tracking, RFPs, proposals, and the vendor directory
- In emails, forms, meetings, and support channels
- From third parties that integrate with or support our services
This policy does not apply to third-party websites, services, or vendors that we do not control.
Information We Collect
1) Information you provide to us
- Account and profile details such as name, job title, company, facility, email, password, and phone number
- Business and vendor profile details such as company name, addresses, tax IDs, service categories, service areas, references, and public-facing descriptions
- Compliance and procurement documents such as W-9s, Certificates of Insurance, workers’ compensation certificates, licenses, and project contracts
- RFP and proposal content such as scopes, timelines, pricing, and attachments
- Payment and billing information handled by our payment providers
- Communications with us including support requests, satisfaction surveys, and feedback
2) Information collected automatically
- Usage data such as pages viewed, features used, clicks, search queries, and session events
- Device and technical data such as IP address, browser type, operating system, device identifiers, and crash or performance logs
- Cookies and similar technologies as described in the Cookies and Tracking section
3) Information from third parties
- Integrations and partners that you choose to connect
- Identity, security, or compliance services that help verify documents or reduce fraud
- Public sources and business directories
Do not submit patient information or protected health information.
Spotlight Vendor is not intended to store or process PHI. If you believe PHI was uploaded by mistake, contact us at hi@spotlightvendor.com.
How We Use Information
We use personal information to:
- Provide, operate, and maintain the platform
- Create and manage accounts, workspaces, roles, and permissions
- Facilitate vendor discovery, directory listings, RFPs, bidding, proposals, and contract workflows
- Track compliance documents and send reminders for expirations and renewals
- Provide customer support and respond to requests
- Monitor service performance, fix issues, and enhance security
- Analyze usage to improve features, usability, and reliability
- Personalize in-app experiences such as saved views or recommendations
- Send service notifications and administrative messages
- Send marketing communications where permitted. You can opt out at any time
- Comply with legal obligations and enforce agreements
Legal Bases for Processing in the EEA and UK
If you are in the EEA or UK, our legal bases include:
- Contract. Processing is necessary to provide the services you requested
- Legitimate interests. For example, to secure the platform, understand usage, and improve features
- Consent. For placing certain cookies and sending marketing where required by law
- Legal obligation. To keep records and comply with requests from authorities
How We Share Information
We share personal information in these situations:
- Service providers. Vendors that perform services for us such as hosting, storage, analytics, communications, customer support, billing, identity verification, and security
- Your organization and invited users. Administrators and authorized users in your workspace can access information according to configured roles
- Marketplace and directory visibility. If you create a vendor profile intended to be discoverable, information on that profile may be visible to other customers according to your settings
- Integration partners. When you connect third-party tools, you direct us to share relevant data with them
- Professional advisors and auditors
- Legal and safety. To comply with law, enforce our agreements, or protect rights and safety
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets
We do not sell personal information. We also do not share personal information for cross-context behavioral advertising.
Data Retention
We keep personal information for as long as needed to provide the services, to comply with legal and accounting obligations, to resolve disputes, and to enforce our agreements. Compliance documents and records may be retained for longer periods where required by law or by your organization’s policies. When retention is no longer necessary, we delete or de-identify information.
Security
We use administrative, technical, and physical safeguards designed to protect personal information. Examples include encryption in transit, access controls, and regular monitoring. No method of transmission or storage is fully secure. We cannot guarantee absolute security.
International Transfers
We may transfer, store, and process information in countries other than your own. When we transfer personal information from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses and additional measures where needed.
Your Choices
- Account settings. You can update certain profile, organization, and vendor directory details in your account
- Cookies. You can manage cookie preferences through your browser and any consent tools we provide
- Marketing emails. You can opt out using the unsubscribe link in our emails. You will still receive service and transactional messages
- Access and deletion. See Your Privacy Rights below
Your Privacy Rights
Depending on your location, you may have the right to:
- Request access to the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of personal information
- Object to or restrict certain processing
- Request portability of personal information
- Withdraw consent where we rely on consent
How to exercise your rights
- Submit a request to hi@spotlightvendor.com
- We may ask you to verify your identity and your relationship to a customer account
- If you submit a request on behalf of someone else, we may require proof of authorization
California residents
- We act as a service provider under the California Consumer Privacy Act as amended by the CPRA when we process customer data on behalf of our business customers
- You have the rights listed above and the right to limit the use and disclosure of sensitive personal information if applicable
- We do not sell personal information and we do not share personal information for cross-context behavioral advertising
Children’s Privacy
Our services are intended for business use by adults. We do not knowingly collect personal information from children under 16. If you believe a child provided us personal information, contact us at hi@spotlightvendor.com so that we can take appropriate action.
User-Generated Content and Uploads
You are responsible for the information you submit to the platform, including documents and attachments.
- Do not upload content that you are not authorized to share
- Do not upload patient information or protected health information
Cookies and Tracking
We use cookies and similar technologies to make the site and app work, to remember your preferences, to analyze usage, and to improve our services.
- You can control cookies through your browser settings and through consent tools we make available
- If you block or delete cookies, some features may not function properly
Third-Party Links and Services
Our site and app may link to third-party sites or services. Their privacy practices are not controlled by us. Review their policies before providing information.
Role-Based Data Access in Customer Workspaces
Customer administrators control who in their organization can access data. They also control which vendors and documents are visible to others. If you have questions about access inside your organization’s workspace, contact your administrator.
Your Organization’s Responsibilities
If you use Spotlight Vendor as part of a business customer account, your organization is responsible for configuring retention settings, access controls, and directory visibility to match its policies and legal obligations. We offer tools to help but cannot manage these settings for you.
Data Processing Addendum
We make a Data Processing Addendum available for customers that need it to meet GDPR or similar requirements. Contact hi@spotlightvendor.com to request a copy.
Changes to This Policy
We may update this Privacy Policy from time to time.
- If we make material changes, we will post the updated policy on this page and update the Effective Date
- We may also notify you by email or through the service
- Your continued use of the services after an update means you accept the revised policy
Contact Us
Spotlight Vendor
Attn: Privacy
Email: hi@spotlightvendor.com
Postal address: [Insert company mailing address]
Region-Specific Notices
EEA and UK representative or DPO
If required by law, we will identify our EU or UK representative and Data Protection Officer here. To reach our privacy team, use hi@spotlightvendor.com.
Brazil (LGPD)
You can exercise LGPD rights by emailing hi@spotlightvendor.com. Where applicable, we process your data based on contract, legitimate interests, consent, and legal obligation.
Supplemental Disclosures About Platform Features
Compliance tracking
We process and store vendor compliance documents such as W-9s, Certificates of Insurance, workers’ compensation certificates, licenses, and expiration dates to help you stay compliant. You can configure reminders and expirations in your account.
RFPs and proposals
When you create RFPs, invite vendors, submit proposals, or award jobs, we process the related content and metadata to enable these workflows and to show status, win rate, and completion metrics in your dashboard.
Vendor directory
If you publish a vendor profile intended to be discoverable, parts of that profile may be visible to other business customers. You can edit visibility settings in your account or contact support for help.