Order Flow Simple
Log inStart free

Legal

Privacy Notice

Last updated: May 2026

1. Who we are

This Privacy Notice is issued by XANA GROUP EE ("we", "us", "our"), trading as Order Flow Simple. We act as the data controller for personal data processed in connection with the Order Flow Simple service.

2. Personal data we collect

  • Account data: name, email address, login credentials.
  • Business data: company name, supplier and product information you enter.
  • Support data: messages you send to our support team.
  • Usage and telemetry: log data, device identifiers, IP address, browser type.
  • Cookies and similar technologies for essential functionality and analytics.

3. Purposes and legal basis

  • Provide and operate the service (contract performance).
  • Authenticate users and secure accounts (legitimate interests, legal obligation).
  • Customer support and communications (contract performance, legitimate interests).
  • Improve and develop our product (legitimate interests).
  • Comply with tax, accounting, and other legal obligations (legal obligation).

4. Sharing of personal data

We share personal data with:

  • Paddle.com Market Limited — our Merchant of Record, which handles checkout, payments, subscription billing, sales tax, invoicing, and refunds. Paddle processes payment data and related personal information as an independent controller.
  • Service providers and subprocessors (cloud hosting, analytics, customer support tooling).
  • Professional advisers (legal, accounting) where necessary.
  • Authorities and regulators where required by law.

5. International transfers

Where personal data is transferred outside your country of residence, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Data retention

We retain personal data only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. When no longer needed, data is deleted or anonymised.

7. Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent. EEA/UK users also have the right to lodge a complaint with their supervisory authority. We respond to verified requests within one month.

8. Security

We apply appropriate technical and organisational measures, including encryption in transit, access controls, and ongoing monitoring, to protect personal data.

9. Cookies

We use essential cookies for authentication and session management, and may use analytics cookies to understand product usage. You can manage cookies through your browser settings.

10. Contact

For privacy questions or to exercise your rights, contact us at hello@supplierflow.app.