VietConnect — Bridging Vietnam to the World

Privacy Policy

This policy explains what personal data VietConnect collects, why, who we share it with, and the rights you have — including GDPR rights for users in the EU/EEA.

Last updated: June 24, 2026

This is a working template provided for transparency and is pending review by qualified legal counsel. It is not legal advice and is not yet a binding agreement. For questions, contact us before relying on any term.

1. Who controls your data

VietConnect, operated by Trade With Viet Company Limited (Business Registration No. 3301750467), a company registered in Vietnam, is the controller of personal data processed through the Platform. For privacy questions or to exercise your rights, contact info@tradewithviet.com.

2. What we collect

  • Account data: name, email, password (stored by our authentication provider, never in plain text), company name, country, phone, and role (buyer or supplier).
  • Inquiry and RFQ data: the contact details and message content you submit when contacting a supplier or posting a request for quotation, including product interest, quantities, and destination.
  • Newsletter data: your email address if you subscribe.
  • Usage data: pages viewed and actions taken, collected via analytics (see our Cookie Policy). Analytics run only after you consent.
  • Technical data: IP address and device/browser information, used for security and rate limiting.

3. Why we use it

  • To operate the Platform and your account.
  • To deliver inquiries and RFQs to the relevant suppliers.
  • To send transactional emails and, with your consent, newsletters.
  • To secure the Platform, prevent abuse, and comply with legal obligations.
  • To understand and improve how the Platform is used (analytics, with consent).

4. Our legal bases for processing

As a Vietnamese company, we process personal data in line with Vietnam's personal data protection framework — Decree No. 13/2023/ND-CP on Personal Data Protection (the “PDPD”) and applicable Vietnamese personal data protection law. Under that framework we rely primarily on your consent, and otherwise on the limited grounds the law allows (such as performing a contract you have entered, meeting a legal obligation, or protecting our legitimate operation of the Platform). Where we rely on consent, you give it freely when you create an account, submit a form, or accept analytics, and you can withdraw it at any time.

For users in the EU/EEA, where the GDPR applies, our legal bases are: performance of a contract (operating your account and delivering your inquiries); your consent (newsletters and analytics cookies); our legitimate interests (security, fraud prevention, and improving the Platform); and compliance with legal obligations.

For users in the United States, including California residents under the CCPA/CPRA, we process personal data to provide and secure the service and, where required, on the basis of your consent. We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

5. How inquiries are shared

When you contact a supplier or submit an RFQ, the contact details and message you provide are shared with the relevant supplier so they can respond to you. This is core to the service. Do not include information in a message that you do not want shared with that supplier.

6. Service providers we use

We share data with vetted processors only as needed to run the Platform:

  • Supabase — database, authentication, and storage.
  • Stripe — payment processing for paid plans.
  • Resend — transactional and notification emails.
  • PostHog — product analytics (only after consent).
  • Vercel — hosting and content delivery.

7. International transfers

Several of our processors (for example Supabase, Stripe, and Vercel) store or process data on servers outside Vietnam. Because we are a Vietnamese company, any transfer of Vietnamese individuals’ personal data abroad is carried out in accordance with the cross-border transfer requirements of the PDPD, including maintaining the required transfer-impact documentation. For data covered by the GDPR, we rely on appropriate safeguards such as our processors’ standard contractual clauses and security commitments.

8. Retention

We keep personal data for as long as your account is active or as needed to provide the service, then for any period required to meet legal, tax, or security obligations. You can ask us to delete your account and associated data, subject to those obligations.

9. Your rights

You have the right to know what personal data we hold about you, to access and correct it, to ask us to delete it, to restrict or object to how we use it, to data portability, and to withdraw consent at any time. These rights are recognised under Vietnam's PDPD, the GDPR, and — for California residents under the CCPA/CPRA — the rights to know, delete, correct, and opt out of any “sale” or “sharing” of personal data, together with the right not to be discriminated against for exercising them. We do not sell your personal data.

To exercise any right, email info@tradewithviet.com; we will respond within the timeframe required by applicable law. If you believe we have mishandled your data, you may complain to the competent authority — in Vietnam, the Department of Cybersecurity and High-Tech Crime Prevention (A05) under the Ministry of Public Security; in the EU/EEA, your local data protection supervisory authority; in California, the California Privacy Protection Agency or the State Attorney General.

10. Security

We use technical and organisational measures — including encryption in transit, access controls, and rate limiting — to protect personal data. No system is perfectly secure, so we cannot guarantee absolute security.

11. Children

The Platform is a business tool intended for adults acting in a professional capacity. It is not directed at children, and we do not knowingly collect data from them.

12. Changes

We may update this policy. Material changes will be reflected by the “Last updated” date above and, where appropriate, by notice. Continued use after an update means you accept the revised policy.

Related documents