Last updated: March 2026

Privacy Policy

How we collect, use, share, and safeguard your information on oilflow.us.

We collect

Account info, trade profile, verification docs, technical & usage data

We use it for

KYC verification, deal matching, market intel, payments, compliance

We never

Sell your data, use tracking cookies, or let AI train on your information

1. Information We Collect

  • Account informationName, email, company name, country, role
  • Trade profileProduct preferences, volume ranges, payment terms, corridors
  • Verification documentsRegistration certificates, director ID, trade references
  • Technical dataIP address, browser type, device information
  • Usage dataLogin frequency, feature usage, listing activity

2. How We Use Your Information

  • Verify identity and conduct KYC/AML due diligence
  • Match verified buyers with verified sellers
  • Deliver market intelligence and price benchmarks
  • Process membership and transaction fee payments
  • Communicate deal notifications and platform updates
  • Improve matching algorithms and platform functionality
  • Comply with legal and regulatory obligations

2A. Lawful Basis for Processing (GDPR)

Contractual necessity (Art. 6(1)(b))Account, membership, matching, payments
Legal obligation (Art. 6(1)(c))KYC/AML, sanctions screening, data retention
Legitimate interests (Art. 6(1)(f))Security, fraud prevention, service improvement
Consent (Art. 6(1)(a))Marketing communications — withdrawable at any time

3. Information Sharing

We do not sell your personal data. We share only when necessary:

  • Matched counterpartiesLimited info shared after both parties verified and confirm interest
  • Sanctions screeningNames checked against OFAC, UN, EU, UK lists
  • StripeBilling information for payment processing
  • SupabaseDatabase hosting (encrypted at rest)
  • AnthropicAI services — data not retained for training
  • Law enforcementWhen required by law or to prevent fraud

4. Data Retention

  • Verification records5 years after end of business relationship (AML requirement)
  • Transaction records6 years (tax and compliance)
  • Account dataDeleted on request, subject to legal retention above
  • Usage and technical dataUp to 2 years

5. Data Security

  • TLS encryption on all data in transit
  • Row-level security and role-based access controls
  • Regular security reviews of infrastructure and code
  • Verification documents stored with restricted access

For technical security details, see our Security page.

6. Your Rights

AccessRequest a copy of data we hold about you
CorrectionRequest correction of inaccurate data
DeletionRequest deletion, subject to legal retention
PortabilityRequest data in a structured, machine-readable format
Withdraw consentWhere processing is consent-based, withdraw at any time

EU/UK residents: You may lodge a complaint with your local supervisory authority. See edpb.europa.eu.

6A. California Privacy Rights (CCPA)

Right to knowCategories and specific pieces of personal information collected
Right to deleteRequest deletion, subject to legal retention
Right to opt out of saleWe do not sell personal information
Non-discriminationWe will not discriminate for exercising CCPA rights

CCPA requests: privacy@oilflow.us. Response within 45 days.

6B. Kenya Data Protection Act

Your data is processed per the Kenya Data Protection Act 2019. Complaints may be directed to the Office of the Data Protection Commissioner (ODPC).

7. Sub-processors

ProviderPurposeLocation
SupabaseDatabase & authUnited States
StripePaymentsUnited States
AnthropicAI matching & intelUnited States
ResendEmail deliveryUnited States
OpenSanctionsSanctions screeningEuropean Union

8. International Data Transfers

Your data may be processed in the United States. For EEA/UK transfers, we rely on Standard Contractual Clauses (Decision 2021/914) and the UK IDTA. Copies available at privacy@oilflow.us.

9. Cookies

We use only session and security cookies — no advertising, no cross-site tracking.

10. EU Representative

EU representative details will be published here once appointed. Inquiries: privacy@oilflow.us.

11. Changes to This Policy

Material changes notified by email at least 30 days before taking effect.

12. Contact

OilFlow Network

privacy@oilflow.us · oilflow.us

We respond to all privacy requests within 30 days.

Platform Security →Terms of Service →