Draft — pending legal review; not yet in force. This document is a working draft prepared for internal review and has not been reviewed or approved by legal counsel. It does not create binding obligations and should not be relied upon until finalized and executed.
Joint data controllers: Avenor SAS (France) and LBMGB LLC (North Carolina, US) — Effective March 1, 2026 (last updated June 16, 2026)
Avenor is a B2B SaaS platform for brand and e-commerce operations management, operated as joint controllers by Avenor SAS (France) and LBMGB LLC (North Carolina, US), together with their partners, subsidiaries, and associated entities (“Avenor”, “we”, “us”, or “our”). Our production platform is available at https://os.avenor-na.com. This Privacy Policy describes how we collect, use, store, and share information when you use Avenor, and covers both the main SaaS platform and our document-sharing surface at /d/[link] (the “Deck Viewer”), used to share confidential decks with prospects, clients, and partners. For data subjects in the EU/EEA, processing is governed by the GDPR (Regulation (EU) 2016/679); for data subjects in California, by the CCPA/CPRA. You have rights of access, correction, erasure, restriction, portability, and objection — contact privacy@avenor-na.com or use our self-serve erasure form.
We collect the following categories of information:
We engage the following sub-processors to operate the platform. Each is bound by appropriate data processing agreements.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, Authentication & File Storage | US (AWS us-east-1) |
| Vercel | Application Hosting & Edge Network | US (AWS), Global CDN |
| Resend | Transactional Email Delivery | US |
| Sentry | Error Tracking & Diagnostics | US |
| PostHog | Product Analytics & Session Recording | EU (Frankfurt) |
| Meilisearch | Full-Text Search | Self-hosted (US) |
| Upstash | Redis Cache & Rate Limiting | US |
| Anthropic | AI Processing (Claude API) | US |
| Inngest | Background Jobs & Workflow Automation | US |
| Arcjet | Rate Limiting & Bot Protection | US |
| Trigger.dev | Workflow Orchestration | US / EU |
The authoritative, always-current list is our subprocessor register.
Avenor connects to external platforms at your direction. All integrations require your explicit OAuth authorization. We only access data scopes you approve.
Avenor accesses order, product, customer, and revenue data via the Shopify Partner API. Access is granted only with your merchant authorization. Avenor is an independent application and is not affiliated with, endorsed by, or sponsored by Shopify Inc. Your Shopify data is used solely to display operational information within your Avenor dashboard.
Avenor accesses accounting, expense, invoice, and payroll data via Intuit OAuth. Avenor is an independent application and is not affiliated with, endorsed by, or sponsored by Intuit Inc. Data accessed from QuickBooks is used solely to display financial information within your Avenor dashboard and is never shared with third parties or used for any purpose other than providing the Avenor service.
Avenor accesses bank account balances and transaction history via the Mercury API. Banking data is read-only. It is never stored in our persistent database beyond your active session cache and is cleared when your session expires. Avenor is not affiliated with Mercury.
Avenor accesses bank account and foreign exchange data via the Revolut Business API. Banking data is read-only and receives the same session-only caching treatment as Mercury data. Avenor is not affiliated with Revolut.
We retain your account and organizational data for as long as your account remains active. If you close your account or request deletion, we will delete or anonymize your personal data within 90 days of account closure, except where we are required to retain data for legal or compliance purposes. Integration data cached in session storage is cleared at session expiration and is not stored persistently.
We implement industry-standard security measures to protect your data:
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
To exercise any of these rights, contact us at privacy@avenor-na.com. We will respond within 30 days.
Avenor uses the following types of cookies:
We do not use advertising cookies or sell cookie data to any third party.
Avenor is a business operations platform intended for use by professionals and organizations. It is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at privacy@avenor-na.com and we will promptly delete it.
We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 14 days before the change takes effect. Your continued use of Avenor after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.
For privacy inquiries, data requests, or to report a concern:
Avenor SAS (France) · LBMGB LLC (North Carolina, US) — joint data controllers
Email: privacy@avenor-na.com
Platform: https://os.avenor-na.com