top of page

OrderTrace

Privacy Policy

Introduction

- OrderTrace (“we,” “us,” or “our”) provides software for managing orders, production, and logistics workflows across companies (traders, factories, clients, and logistics brokers).
- This Privacy Policy explains how we collect, use, share, and protect personal information when you use the OrderTrace mobile and web applications, and related services (collectively, the “Services”).

Information We Collect  

- Account and profile information: Name, email address, display name, role/permissions, company name and identifiers, and optional profile details you provide.
- Company and relationship data: Company identifiers, relationships between traders, clients, factories, and logistics brokers.
- Order and operations data: Order headers and line items, statuses, timestamps, dispatch orders, shipments, logistics assignments, and history records generated by activity in the system.
- Documents and files: PDFs and other files you upload or generate (for example, forwarding invoices).
- Authentication and security data: Login credentials (securely processed), session tokens, security logs (login attempts, token expiration).
- Support and communications: Messages, emails, and feedback you send to us.
- Usage and device data: App interactions, basic device and OS information, crash logs, and diagnostic data. We do not collect precise geolocation or unnecessary device data.

How We Use Information  

- Provide and operate the Services: Create and manage accounts, display company and order data, generate documents (e.g., invoices), and link dispatches and shipments.
- Improve and secure the Services: Debug, monitor performance, prevent fraud/abuse, and enhance features and reliability.
- Communications: Send service-related messages (e.g., authentication, changes to policies, operational notifications). We do not use your operational data for advertising.
- Compliance: Enforce terms, comply with legal obligations, and protect the rights, property, and safety of users and the public.

Legal Bases (GDPR / PDPO)  

• Performance of a contract (providing the Service to employees).  
• Legitimate interests (security, analytics, maintenance).  
• Consent (optional push notifications, marketing e-mails – none sent by default).  
• Compliance with legal obligations (safety, financial audit, data-retention rules).

How We Share Information  

- Service providers: We use reputable third-party processors to host, store, transmit, or process data on our behalf (for example, Supabase for authentication, database, and storage). These providers are bound by confidentiality and security obligations.
- Company-level access: Within your organization, authorized users and administrators may access data according to their roles and permissions you or your administrators configure.
- Business transfers: If we are involved in a merger, acquisition, or sale of assets, data may be transferred as part of the transaction, subject to this Policy.
- Legal requirements: We may disclose information if required by law, court order, or to protect rights and safety.

International Transfers  

- We may process and store data in regions outside your country. Where applicable, we use appropriate safeguards (such as Standard Contractual Clauses) to protect your information across borders.

Data Retention  

- We retain personal and operational data for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.
- You may request deletion of certain data, subject to legal or contractual retention requirements and technical feasibility.

Your Rights  

- Depending on your location, you may have rights to access, correct, delete, restrict, or export your personal data, and to object to certain processing.
- For EEA/UK users, you have the right to lodge a complaint with your data protection authority.
- For California residents (CCPA/CPRA): We do not sell or share personal information for cross-context behavioral advertising. You may request access or deletion of your personal information, subject to exceptions.

Security

We use TLS for all data-in-transit, AES-256 encryption at rest, minimum-privilege IAM, network firewalls, MFA for administrator accounts and regular penetration testing. No method of transmission or storage is 100 % secure, but we take industry-standard precautions.

Children

PenCheck is an internal enterprise tool and is not directed to anyone under 16. We do not knowingly collect personal data from children.

Changes to This Policy  

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the latest revision. Material changes will be notified via e-mail or in-app alert.

END OF POLICY

bottom of page