This Privacy Policy explains how DispatchFlow ("we", "us") collects, uses, and protects information when you use our internal logistics and procurement platform ("Service"). It applies to workspace administrators, employees, and other users invited to an organization.
1. Information we collect
Account and profile
When you register or are invited, we process email address, display name, role, organization membership, and authentication identifiers managed through Supabase Auth.
Operational data
Data you enter in the course of operations, including procurement requests, dispatch records, inventory movements, branch assignments, comments, and status updates.
Technical data
We may collect logs, device/browser type, IP address, and timestamps for security, debugging, and abuse prevention. Session cookies are used to keep you signed in.
2. How we use information
- Provide, secure, and maintain the Service
- Enforce organization-scoped access via database Row Level Security
- Send in-app and email notifications you configure or that are operationally necessary
- Improve reliability, fix defects, and develop features
- Comply with legal obligations and respond to lawful requests
3. Legal bases (where applicable)
For users in jurisdictions requiring a legal basis (such as the EU/UK), we rely on contract performance (providing the Service), legitimate interests (security and product improvement), and consent where required (e.g., optional marketing emails).
4. Sharing and processors
We do not sell personal information. We share data with service providers who process it on our behalf under contractual safeguards, including:
- Supabase — authentication, Postgres database, and related infrastructure
- Hosting providers — application delivery (e.g., Vercel or equivalent)
- Email providers — transactional messages when enabled
Your organization's administrators control which users can see operational data within the workspace.
5. International transfers
Data may be processed in regions where our infrastructure providers operate. Where required, we implement appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
6. Retention
We retain information while your organization maintains an active workspace and as needed for legal, audit, or security purposes. Administrators may request deletion of user accounts; residual backups may persist for a limited period.
7. Security
We use industry-standard measures including TLS in transit, access controls, and organization-scoped Row Level Security. No method of transmission or storage is 100% secure; report concerns to support@dispatchflow.app.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing. Contact us to exercise these rights. You may also lodge a complaint with your local data protection authority.
9. Children
The Service is not directed to individuals under 16. We do not knowingly collect data from children.
10. Changes
We may update this Policy and will revise the "Last updated" date. Material changes will be communicated through the Service or email where appropriate.
11. Contact
Privacy inquiries: legal@dispatchflow.app. See also our Terms of Service.