Privacy Policy
Effective Date: April 29, 2026
Avendi Pte. Ltd. ("Avendi Local," "Avendi," "we," "our," or "us") operates the hotel-integrated local gifting marketplace at avendi.me and its city subdomains (collectively, the "Service"). This Privacy Policy explains what information we collect when travelers, hotel partners, and vendors use the Service, how we use it to fulfill same-day hotel delivery, and the choices you have. We are committed to handling your information in line with Singapore's Personal Data Protection Act (PDPA), applicable Nepal data protection rules, and GDPR principles for travelers visiting from the EU/UK.
1. Who we are and how to contact us
The data controller is Avendi Pte. Ltd., a company registered in Singapore, registered office: 68 Circular Road #02-01, Singapore (049422). For privacy questions, data subject requests, or to withdraw consent, contact privacy@avendi.me or our general inbox info@avendi.me.
2. What we collect
Avendi Local is a guest-checkout marketplace โ most travelers do not create a password-based account. We still collect a small amount of information needed to deliver your order to your hotel.
- Order information you provide: name, email, mobile number, hotel name and room number (or alternate delivery address within the city), check-in / check-out dates where you choose to share them, and any special delivery instructions.
- Payment information: processed by our payment partners (Stripe and regional equivalents). Avendi Local does not store full card numbers, CVV codes, or bank credentials. We retain a payment reference ID, the last four digits of the card, and the card issuer for receipt and dispute purposes.
- Order content and history: the products you ordered, prices, delivery confirmation, and any support communications related to the order.
- Device and usage data: IP address, browser type, operating system, referring URL, pages visited, session duration, and approximate location derived from IP. Collected automatically when you visit the Service.
- Cookies and similar technologies: see Section 5 below.
- Communications: messages you send via support@avendi.me, the contact form, and (if you opt in) email newsletters.
- Guest identifier: a randomly generated, locally stored ID your browser keeps in
localStorageso we can match cart and order history across sessions on the same device. It is not linked to a real-world identity unless you place an order.
3. How and why we use your information
We process your information for the following purposes, on the legal bases listed in brackets where GDPR applies:
- To fulfill your order โ confirm stock with the vendor, arrange same-day local courier, deliver to your hotel front desk, and provide tracking [contract performance].
- To process payments and refunds via our payment providers [contract performance, legal obligation].
- To handle disputes, returns, and replacements โ including investigating quality, authenticity, or delivery issues [contract performance, legitimate interests].
- To communicate with you about your order, support tickets, and operational notices (e.g., delivery delays, hotel coordination) [contract performance].
- To send you marketing emails about Avendi Local, only if you opted in [consent โ you can unsubscribe at any time via the link in every email or at /unsubscribe].
- To improve and secure the Service โ analytics, A/B testing, fraud detection, abuse monitoring, and debugging [legitimate interests].
- To comply with law โ tax reporting, anti-money-laundering checks on vendors (KYB), and legal requests [legal obligation].
4. Who we share it with
We share the minimum information necessary, in these categories:
- Vendors (local makers): the items ordered, your name, hotel name, and delivery date โ needed for them to prepare and hand off the parcel. We do not share your email, phone number, or full payment details.
- Local couriers: hotel name, room number (where given), delivery window, contact phone for delivery coordination.
- Hotel partners: only the parcel reference and recipient name for front-desk drop-off; no order content or payment details.
- Payment processors: Stripe and regional equivalents process card transactions under their own privacy terms.
- Service providers: hosting (AWS), email delivery, customer support tooling, analytics (Google Analytics 4, Google Tag Manager, Hotjar, Meta/Facebook Pixel where consent applies), and error monitoring. They are bound by contract to use your data only for the services they provide to us.
- Legal and safety: when required by law, court order, or to protect the rights, property, or safety of Avendi Local, our travelers, vendors, or hotel partners.
- Corporate transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.
We do not sell your personal information.
5. Cookies and analytics
We use cookies and similar technologies for three purposes:
- Strictly necessary โ cart contents, guest identifier, session integrity, fraud prevention. Cannot be disabled without breaking the Service.
- Analytics โ Google Analytics 4 and Hotjar, used in aggregated form to understand which pages travelers find useful and where the flow breaks. Active in production only; we apply IP truncation where available.
- Marketing โ Meta/Facebook Pixel and Google Ads, used in production and only where consent regulations permit. Helps us measure campaign effectiveness; we do not run remarketing without consent.
You can clear or block cookies through your browser settings; doing so may break parts of the checkout. Where required by law, we present a cookie consent prompt before non-essential cookies are set.
6. International transfers
Avendi Local is operated from Singapore with regional teams in Nepal (and other cities as we expand). Your information may be transferred to, stored in, and processed in Singapore, Nepal, the United States (where some service providers are based), and the European Economic Area. Where transfers leave a jurisdiction with strict cross-border rules, we rely on adequacy decisions, Standard Contractual Clauses, or your explicit consent, as applicable.
7. How long we keep it
- Order, payment, and tax records: 7 years (Singapore tax retention) or as required by local law in the operating city.
- Marketing preferences: until you unsubscribe or withdraw consent, plus a short suppression record so we do not re-contact you.
- Customer support tickets: 24 months from resolution.
- Analytics data: typically 14 months in aggregated form (GA4 default).
- Account-related data on request for deletion: removed within 30 days, except where retention is legally required (orders, tax, fraud).
8. Your rights
Depending on where you reside, you may have the right to:
- access the personal information we hold about you;
- request correction of any inaccurate or incomplete data;
- request deletion of your data (subject to retention obligations under tax, fraud, or legal hold);
- object to or restrict certain processing;
- withdraw consent for marketing or non-essential cookies;
- request a portable copy of the data you provided.
To exercise any of these rights, email privacy@avendi.me. We will respond within 30 days. Singapore residents can also lodge a complaint with the Personal Data Protection Commission; EU/UK residents with their local supervisory authority.
9. Security
We use TLS in transit, encrypted storage at rest, scoped IAM access, audit logging, and dependency monitoring. Payment card data is handled exclusively by PCI-DSS compliant processors and never touches Avendi Local servers. No system is perfectly secure; we will notify affected users and regulators of a material data breach within the timelines required by applicable law.
10. Children
Avendi Local is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact privacy@avendi.me and we will delete it.
11. Third-party links
The Service links to third-party sites (hotel partners, vendor profiles, social media). Their privacy practices are their own and are not covered by this policy.
12. Changes
We may update this Privacy Policy as the Service evolves. We will update the Effective Date at the top, and where changes are material we will notify active users by email or in-app notice before they take effect.