Security Policy

Last updated 20th of December 2021

Money transfer has never been more straightforward, but that doesn’t mean it shouldn’t be secure. Our primary goal is to build a genuinely accessible and secure marketplace for social transactions from day one.

We built Vendly to help you send money while engaging with social media without worrying about creating a new account and filling in new information. With Vendly, all you need is an authenticated Twitter handle, and you can send or receive money into your wallet address.

We implemented end-to-end encryption during data exchannge because you use Vendly for financial transactions. Vendly utilizes several tools like Firebase to encrypt sensitive details like bank accounts, Twitter tokens and critical personal data.

1.0 Security

Any of these means of verification validates payments, in order to ensure maximum security

  • 1.1 You are required to set up your device security with either Face ID, Touch ID, or PIN entry enabled. Enabling any or all of these will help in securing your device.
  • 1.2 Please enable two-factor authentication to protect your social media account and ensure optimal security
  • 1.3 Anonymity is fully implemented by Vendly.
  • 1.4 A password is required to unlock Vendly after a certain number of uses.
  • 1.5 A Twitter bot sniffs for legitimate vends and automatically likes or comments on them. Users are advised to look out for reactions towards a received vend from @vendlyBot and from our official handle @vendly on Twitter (named Chidera) to ascertain genuineness.
  • 1.6 A second-level vend check is also implemented immediately after authentication to ensure that no part of the vend has been faked/spoofed/imitated/cloned.
  • 1.7 Vends are tied to immutable identities/records provided by social media platforms. E.g., Twitter IDs as against Twitter handles.
  • 1.8 Security rules provided by firebase guarantee that users only have access to as minimum data as required per session.
  • 1.9 Maximum 6 minute time out that wipes out all user details from browser once it elapses.
  • 1.1.0 Our social media integration will continuously poll data to ensure that fake vends aren't created with look-alike domains. To ensure that you don't get baited with incorrect links, below are the domains that Vendly communicates as legitimate:
  1. Vend.money
  2. Vend.gift
  3. Vend.gifts
  4. Super.vend.money
  5. Vend.me
  6. Vend.ly
  7. Vendly.com

2.0Encryption

We protect all your data using the AES encryption

  • 2.1 Every transaction is End-to-end encrypted. End-to-end encryption makes sure that only you and the person on the other end of the transaction have the key to encrypt and decrypt every transaction.
  • 2.2 Phone numbers are fully masked and encrypted on the browser side.
  • 2.3 Twitter tokens are fully encrypted on the browser side using (AES) asymmetric encryption /decryption
  • 2.4 We use the secure OAuth 2.0 flow to log users into their Vendly accounts.
  • 2.5 Senders do not have access to receivers' details in any form (this does not mean there can not be an audit in the event of a fraud).

3.0 Wallet/Account Details

Connect your account details seamlessly.

  • 3.1 Fund your account to either send or receive a vend

4.0 Account Notification

  • 4.1 Enable Push, email, text notification to get information about every transaction carried out on your account.

5.0 Disable Anytime

  • 5.1 We provide a quick way for the author to stop claims on all vends if they suspect any illegitimate transactions. The author needs to click the "stop a vend" button

6.0 Fraud Detection

  • 6.1 Claim sessions also last a maximum of 6 minutes.
  • 6.2 Every vend has a validity period to ensure that unlikely activities do not ensue.
  • 6.3 A quick URL check confirms that nefarious persons have not spoofed the vend.

7.0 Complaints

In a case of urgency, complaints, or inquiry, we've got you covered.

  • 7.1 We process reversals no later than 24hrs.
  • 7.2 Reach us via email: hello@vendly.com or Twitter @Vendly

In summary, you're in control of your data, how it's managed, and you can disable transactions when you choose to.

Vendly promises to keep you updated on the state of every transaction. And in cases where you as an author/vendor choose to stop a vend as a result of fraudulent activity, you can do that with the click of a button

Vendly is AES (Advanced Encryption Standard) compliant. Your payment information is encrypted and saved securely in a case of an audit.

As a receiver, you do not have to worry about the sender having access to your details. We want to make sure that you understand how your funds are managed and secured and that this information will guide you to make the right decisions as you use Vendly.

This list will constantly be updated and communicated to platform users.

Copyright © 2021 Vendly Inc.