Privacy Policy

Account information: Name, email address, company name, role, phone number, country, and profile photo when you register.

Trade and deal data: Documents you create or upload, deal terms, counterparty information, and messages within deal rooms.

Compliance data: Names and entities you submit for sanctions screening.

Provenance data: Commodity origin, chain-of-custody records, and compliance checklist responses.

Usage data: Log data, IP addresses, browser type, pages visited, and actions taken on the platform.

Payment information: Billing details are processed by our payment provider and are not stored on our servers.

• To provide and maintain the TradeFlow OS platform and its features.
• To process transactions and send related information.
• To run sanctions screening checks against third-party lists (OFAC SDN, UN, EU, UK OFSI).
• To generate AI-assisted trade documents and deal analysis.
• To send transactional emails (invitations, document shares, notifications).
• To calculate and display your TradeFlow Score.
• To detect, investigate, and prevent fraud or illegal activities.
• To improve our services through aggregated analytics.

Under the EU General Data Protection Regulation (EU 2016/679), we process your personal data only when we have a valid legal basis.

We do not sell your personal data to third parties.

We may share your information with:

• Service providers: Supabase (database and authentication), Resend (email delivery), Anthropic (AI), Stripe (payments).
• Counterparties you invite: Your name and company name are visible to counterparties in shared deal rooms.
• Public discover network: If you enable your public profile, your company name, TradeFlow Score, and commodity focus are visible to other users.
• Legal obligations: When required by law, regulation, or valid legal process.

Your personal data may be transferred to, stored in, and processed in countries outside the European Union and European Economic Area (EU/EEA). When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

You may request a copy of the safeguards we use for international transfers by contacting us at privacy@tradeflow-os.com.

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting us. Some data may be retained for compliance, legal, or accounting purposes even after deletion.

We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

If you are located in the EU/EEA, the General Data Protection Regulation grants you the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data. You can also update your information directly in your Settings.
• Right to erasure: Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
• Right to data portability: Request an export of your data in a structured, commonly used, machine-readable format.
• Right to restriction of processing: Request that we limit how we use your data in certain circumstances.
• Right to object: Object to processing of your personal data based on legitimate interests, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

We will respond to all data subject requests within 30 days of receipt. Self-service data export and account deletion are available in your account Settings. For all other requests, contact us at privacy@tradeflow-os.com.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours of discovering the breach, in accordance with GDPR Article 33. Notification will be sent via the email address associated with your account. Where required, we will also notify the relevant supervisory authority within the same timeframe.

TradeFlow OS is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at privacy@tradeflow-os.com.

For any data protection inquiries, concerns about how your personal data is handled, or to exercise your rights under GDPR, you may contact our Data Protection Officer at privacy@tradeflow-os.com.

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can control cookie settings through your browser, though disabling essential cookies may affect platform functionality. For more details, please see our Cookie Policy.

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice on the platform. Continued use after changes constitutes acceptance of the updated policy.

For privacy inquiries, data requests, or complaints, contact us at: