Privacy Policy & Terms of Service


The Privacy Notice (“Notice”) explains how VTEX, including our affiliated companies, as pointed out at the end of the Notice (“VTEX”, “We”), processes Personal Data and also describes our practices regarding the Personal Data collected on our website, platform, applications, software, and HTML-formatted email messages (collectively referred to as “Services”).

We know you care about how your Personal Data is processed and shared, so we take privacy very seriously.

This Notice applies to the processing of Personal Data on the website and the platform (collectively referred to as “Platform”) and through all products and services offered by VTEX, mainly when VTEX acts as the processor.

Please remember that when using VTEX Services, you are always subject to the terms of our Agreements. Any terms from the Notice that are not herein defined will be duly defined in the Terms and Conditions.

VTEX knows how important it is to protect personal data. Therefore, we act in accordance with current global privacy and personal data protection laws.

We also wanted to provide a channel where anyone could access our notices and find information about how we process personal data.

As proof of our commitment to gaining and increasing our clients’ trust and confidence, VTEX has drawn up some privacy statements, which are available here, such as the Data Processing Addendum, Privacy Notices, Cookie Policy, among others.

VTEX is a global company. As such, we are constantly updating our personal data security and privacy procedures to follow all applicable data protection laws in the countries where our company operates. VTEX has also obtained all the most relevant high-level certifications to guarantee that the personal data we process is safe.

When acting as a Personal Data Processor, VTEX always takes the necessary steps to ensure its platform is secure and compliant with data protection laws. On the other hand, when acting as the Personal Data Controllers, our clients also need to take some actions to comply with the applicable laws. Here, you can find some guidelines that will help you understand the requirements you must comply with. Please remember that these are just general guidelines. The regulations that apply to you may contain other provisions and obligations.

What is the GDPR?

The GDPR is a data protection and privacy regulation for all individuals within the European Union. It also addresses the export of personal data outside the EU.

As stated in its article on Territorial Scope, the “Regulation applies to the processing of personal data in the context of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.”

Commitment to the Principles of the GDPR

VTEX policies and agreements cover all GDPR principles.

  1. Lawfulness, Fairness, and Transparency: VTEX abides by the law and the fair use of the personal data collected to provide the services offered transparently.
  2. Purpose Limitation: The subjects’ data is only used for the purpose established.
  3. Data Minimization: VTEX collects only the minimum amount of data necessary to process the orders received.
  4. Accuracy: The data collected and processed by VTEX is necessarily accurate and current.
  5. Storage Limitation: VTEX only stores the subjects’ data while it is necessary for the processing of the service provided.
  6. Integrity and Confidentiality: VTEX will always do whatever is within its reach, based on standards and best practices, to take appropriate measures to ensure personal data security.

Commitment to the Controllers

VTEX always works hard to offer the best value possible so its tenants’ efforts will translate into profitable and efficient commerce operations.

This principle translates into the constant creation and evolution of tools that, regardless of the comprehensiveness of our current Admin GUI and APIs, will progressively and constantly make it easier and more seamless for our tenants – the Controllers – to comply with the GDPR.

VTEX’s Commitment

At VTEX, we follow the most effective security practices and measures, ensuring that accesses are controlled and data is safe and secure. To get more details on our Security strategy, please read our statement.

This document provides an overview of our security strategy, programs, and controls, and explains how our values drive our commitment to providing the safest environment possible to our clients. We are reliable, scalable, and secure. We understand that our clients depend on the security, performance, and transparency of our systems and services.

The content of this document is intended as a kickoff for broader and deeper security discussions.

Remember #WeAreTrusted.

NIT 901.144.198-6