Privacy Policy

1. Data controller

The data controller responsible for your personal data is OrderSilo, operator of the OrderSilo platform and website at https://ordersilo.app.

For privacy-related questions, requests to exercise your rights, or complaints, contact us using the Send us a message form on this website.

2. Scope of this Policy

This Policy applies to visitors of our marketing website, prospective customers, account holders, authorized users under your workspace, and individuals whose data you submit to the platform in connection with COD order operations (for example end-customer names, phone numbers, and delivery addresses).

If you use OrderSilo on behalf of a business, you act as an independent controller (or processor, as applicable) for end-customer data you upload. We process that data on your documented instructions as part of providing the Service, as described in our Terms of Service and, where required, a Data Processing Agreement.

3. Personal data we collect

Depending on how you interact with OrderSilo, we may collect the following categories of data:

• Account and identity data: name, email address, company name, password (stored in hashed form), billing contact details, and communication preferences.
• Workspace and configuration data: domains, courier settings, API keys, pixel identifiers, country and currency settings, and audit logs of configuration changes.
• Order and operational data: order references, product details, amounts, statuses, courier AWB numbers, fraud scores, attribution metadata, and notes you or your team add in the dashboard.
• End-customer data submitted by you: names, phone numbers, delivery addresses, and related fields required to fulfil COD operations — processed solely to provide the Service to you.
• Technical and usage data: IP address, browser type, device information, pages viewed, referral URLs, cookie identifiers, and server logs used for security, analytics, and service improvement.
• Support and sales communications: messages you send to us, demo requests, early-access sign-ups, and records of our responses.

4. How we use your data and legal bases

We use personal data only where we have a valid legal basis under GDPR:

• Providing and operating the Service (performance of a contract — Art. 6(1)(b) GDPR).
• Account administration, authentication, billing, and customer support (contract; legitimate interests in running our business — Art. 6(1)(b) and (f)).
• Security, fraud prevention, abuse detection, and platform integrity, including cross-tenant fraud signals where configured (legitimate interests — Art. 6(1)(f); vital interests or legal obligations where applicable).
• Product analytics and service improvement on our website and platform (legitimate interests — Art. 6(1)(f); or consent where required for non-essential cookies).
• Marketing communications about OrderSilo where permitted (consent — Art. 6(1)(a); or legitimate interests for B2B outreach where applicable law allows).
• Compliance with legal obligations, tax, and regulatory requests (legal obligation — Art. 6(1)(c)).

5. Cookies and similar technologies

We use cookies and similar technologies on our website for essential functionality, analytics, and advertising measurement. Details are set out in our Cookies Policy. Where required by law, we request your consent before placing non-essential cookies.

6. Sharing and recipients

We do not sell your personal data. We may share data with:

• Infrastructure and hosting providers located in the European Economic Area (EEA) or countries with adequate safeguards.
• Payment processors, email delivery providers, and customer support tools bound by data processing agreements.
• Courier and integration partners only to the extent necessary to sync orders, AWBs, or statuses you have configured.
• Advertising and analytics partners (for example Google and Meta) when you or we enable measurement pixels — subject to your settings and applicable consent requirements.
• Professional advisers, auditors, or authorities when required by law or to protect our legal rights.

7. International transfers

We primarily store and process data in the EEA. If we transfer personal data outside the EEA, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or rely on an adequacy decision, unless a specific derogation applies.

8. Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Account data is generally retained for the duration of your subscription and for a limited period thereafter (typically up to 24 months) unless a longer period is required by law or legitimate business needs (for example billing records).

You may request deletion of your account data subject to exceptions where we must retain certain records by law.

9. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, tenant isolation between customer workspaces, logging, and regular review of our security practices. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Your rights

If you are in the EEA, UK, or another jurisdiction with similar rights, you may have the right to access, rectify, erase, restrict processing, object to processing, data portability, and withdraw consent where processing is based on consent.

You may lodge a complaint with your local supervisory authority. In Romania, the supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

To exercise your rights, use the Send us a message form on this website. We respond within one month, subject to extension where permitted by law.

11. Children

OrderSilo is a B2B service not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe we have received such data, contact us and we will delete it promptly.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be notified by email or in-product notice where appropriate.