Privacy Policy
Last updated: May 2026
Arodus Inc. ("Arodus," "we," "our," or "us") operates arodus.com and the Arodus vendor risk intelligence platform. This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding your data. By using Arodus, you agree to the practices described here.
What we collect
We collect three categories of information. Account information you provide when registering: your name, work email, company name, and job title. ERP data we access when you connect your ERP system, specifically your vendor master list and bill-level payment records only. Usage data including pages visited, features used, and session timestamps to operate and improve the platform. We also retain standard server logs including IP addresses and browser type for security purposes.
ERP data scope
When you authorize an ERP connection, Arodus is granted read-only access to your accounts payable data. We read two object types only: vendor records (name, category, contact information) and bill records (vendor reference, amount, payment date, payment status). We do not access payroll data, income statements, bank accounts, employee records, or any data outside accounts payable. Connection credentials are encrypted at rest and never logged in plain text. You can revoke ERP access at any time from within your ERP settings or from your Arodus account page, and syncing stops immediately.
How we use your information
Account information is used to create and manage your account and communicate with you about the service. ERP data is used exclusively to generate vendor risk scores and surface intelligence within your Arodus dashboard. We do not sell your ERP data, use it for purposes other than providing the service, or share it with other customers in identifiable form. Aggregated, de-identified signals may contribute to the peer review network that improves risk scoring for all customers. Your individual company data always remains isolated.
How we share your information
We do not sell personal data. We share data only in three limited circumstances: with service providers who process data on our behalf (cloud infrastructure, database services) under strict confidentiality agreements; in connection with a business transfer such as a merger or acquisition, subject to this policy; and when required by law, court order, or to protect the rights and safety of Arodus or others. We do not share your data with advertisers, data brokers, or other customers.
Data retention
Account information is retained for the duration of your subscription and deleted within 30 days of cancellation. ERP data is retained only while your connection is active and purged within 30 days of connection revocation or account cancellation. Usage logs are retained for up to 12 months for security and debugging purposes. You may request deletion of your data at any time by emailing privacy@arodus.com.
Security
All data in transit is encrypted using TLS 1.2 or higher. All data at rest is encrypted using AES-256. ERP credentials are stored in encrypted secrets management infrastructure. Access to production systems is restricted to authorized personnel on a need-to-know basis. We conduct regular security reviews and penetration testing. In the event of a data breach affecting your data, we will notify you within 72 hours of becoming aware of the incident.
Cookies and analytics
Arodus.com uses essential cookies required for the site to function. We use first-party analytics to understand aggregate usage patterns and improve the product. We do not use third-party advertising cookies or sell browsing data. You can disable non-essential cookies in your browser settings without affecting your ability to use the core platform.
Your privacy rights
Depending on your location, you may have rights to access, correct, delete, or export your personal data, or to restrict or object to certain processing. California residents have additional rights under the CCPA. EEA residents have rights under GDPR; our legal basis for processing is contract performance for account and ERP data, and legitimate interests for usage analytics. To exercise any right, email privacy@arodus.com. We respond within 30 days.
International data transfers
Arodus is based in the United States. If you access the platform from outside the US, your data may be transferred to, stored, and processed in the US. For transfers of personal data from the EEA, we rely on Standard Contractual Clauses as the legal transfer mechanism.
Children's privacy
Arodus is a business-to-business platform not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a minor, contact privacy@arodus.com and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we update the date at the top of this page and notify active users by email at least 14 days before changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
Contact
Privacy questions? Email privacy@arodus.com. We aim to respond within 5 business days. For formal written notices: Arodus Inc., Attn: Privacy, Delaware, United States.
© 2026 Arodus. All rights reserved.