Terms of Service

1. Who we are

VendoReport ("we") provides vendor risk reports as described on this site. VAT registration is in progress; this page will be updated with the full registered details once complete. Contact: info@vendoreport.com.

By placing an order you accept these terms.

2. The service

For each vendor domain you submit, we produce a risk report based on an external, passive analysis of publicly accessible information, reviewed by an analyst before delivery. The report includes a risk score, technical findings with evidence, a mapping to NIS2 obligations, and remediation guidance.

The service is intended for business customers. By ordering, you confirm you are acting for business purposes and not as a consumer.

3. Ordering and payment

Orders are placed through the checkout on this site and paid via Stripe. The price depends on the number of vendors and is shown before payment. Prices are in euros. An invoice is issued automatically; you can add a VAT ID at checkout.

The contract is concluded when your payment is confirmed.

4. Delivery

Reports are delivered by email to the address you provide at checkout, within 24 hours of payment confirmation. If we cannot meet that window for a specific order, we will tell you promptly and you may cancel for a full refund.

Make sure the email address is correct: delivery to the address you provided counts as delivery.

5. Money-back guarantee

Every order is covered by a 14-day money-back guarantee. If you are not satisfied, write to info@vendoreport.com within 14 days of delivery and we refund the full amount, no questions asked. Refunds are issued through Stripe to the original payment method.

6. Acceptable use

You agree to:

• submit only domains of vendors, suppliers or counterparties you have a legitimate business interest in assessing;
• use reports for your internal risk management and compliance purposes, including sharing them with your auditors, advisors or supervisory authorities;
• not use reports to harm, harass or publicly discredit the assessed company, and not resell or republish them.

7. Nature of the report

Each report is a point-in-time assessment based exclusively on information observable from outside, without access to the assessed company's internal systems. It is verified by an analyst, but we cannot guarantee that it is complete or free of errors, because the underlying public sources can be incomplete or outdated.

The report is not a certification, not a security audit of internal systems, and not legal advice. It supports your NIS2 supplier-risk documentation; it does not by itself make you or your vendor NIS2 compliant, and it does not guarantee the outcome of any audit.

8. Liability

To the maximum extent permitted by law, our total liability for any claim connected to an order is limited to the amount you paid for that order. We are not liable for indirect damages such as lost profits or business interruption.

Nothing in these terms excludes or limits liability that cannot be excluded under applicable law, including liability for wilful misconduct or gross negligence.

9. Intellectual property

Reports, their format and the underlying methodology remain our intellectual property. With your order you receive a non-exclusive licence to use the reports inside your organisation and to share them with your auditors, advisors and authorities. Public redistribution or resale requires our written consent.

10. Privacy

How we handle personal data is described in the Privacy Policy on this site.

11. Changes to these terms

We may update these terms for future orders. The version in force when you place an order is the one that applies to it.

12. Governing law and disputes

These terms are governed by Italian law. Any dispute will be brought before the competent court identified under applicable law. Before going to court, we both agree to try to resolve the matter in good faith via info@vendoreport.com.