ESC

What are you looking for?

Newsletter image

Subscribe to our Newsletter

Join 10k+ people to get notified about new posts, news and updates.

Do not worry we don't spam!

Select theme:

Privacy Policy

Effective date: March 1, 2025  ·  Last updated: March 1, 2025

Chemflo ("we", "our", or "us") operates a cloud-based Customer Relationship Management (CRM) platform purpose-built for the chemical industry. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our platform, website, and related services (collectively, the "Services"). Please read this policy carefully. By using the Services, you agree to the practices described herein.

Our platform handles sensitive business data unique to the chemical sector — including customer formulation histories, Safety Data Sheets (SDS), regulatory compliance records, and supply chain information. We take our obligations as a data processor and controller seriously and maintain industry-appropriate standards to protect this data.

1. Information We Collect

We collect information you provide directly, information generated through use of the Services, and certain technical data automatically.

1.1 Account and Contact Information

  • Name, job title, and business email address of account holders and team members
  • Company name, industry segment (e.g., specialty chemicals, polymers, agrochemicals), and billing address
  • Phone numbers and communication preferences
  • Authentication credentials (stored as cryptographic hashes — we never store plain-text passwords)

1.2 CRM and Business Data

  • Customer and prospect records, including contact details and interaction histories
  • Sales pipeline data, deal values, and transaction records
  • Product catalogues, pricing tiers, and order histories
  • Chemical product data including formulations, specification sheets, and Safety Data Sheets (SDS/MSDS) that you upload or enter
  • Regulatory compliance documents (REACH registrations, GHS classifications, EPA submissions) that you store within the platform
  • Notes, tasks, emails, and call logs associated with customer accounts

1.3 Usage and Platform Data

  • Features accessed, workflows used, and frequency of use
  • Search queries and filters applied within the platform
  • Reports generated and dashboards configured
  • API calls and integration activity if you connect third-party tools

1.4 Technical Data

  • IP address, browser type and version, operating system
  • Device identifiers and session tokens
  • Log files including timestamps, pages visited, and error reports
  • Cookie data and similar tracking technologies (see Section 9)

2. How We Use Your Information

We use the information collected for the following purposes:

  • Providing the Services: Operating, maintaining, and improving the Chemflo CRM platform and all associated features
  • Account management: Creating and managing user accounts, processing subscriptions, and handling billing
  • Customer support: Responding to enquiries, troubleshooting issues, and providing technical assistance
  • Product development: Analysing aggregate usage patterns to improve platform functionality and develop new features relevant to chemical industry workflows
  • Security and compliance: Detecting fraud, monitoring for unauthorised access, maintaining audit logs, and meeting our legal obligations
  • Communications: Sending service notifications, product updates, security alerts, and (with your consent) marketing communications
  • Analytics: Generating anonymised, aggregate statistical insights about platform performance and usage trends

3. Chemical Industry Data Handling

We recognise that chemical businesses entrust us with commercially sensitive and safety-critical data. The following principles govern how we handle industry-specific information:

  • Formulation confidentiality: Product formulations, composition data, and proprietary blend information you store in Chemflo are treated as strictly confidential. We do not use this data for any purpose other than providing the Services to you.
  • SDS and regulatory documents: Safety Data Sheets, hazardous substance records, and regulatory filings stored on our platform are accessible only to authorised users within your organisation and our support staff when required to resolve a service issue (with your permission).
  • Supply chain data: Supplier and customer commercial data, pricing arrangements, and logistics information you enter are not shared with third parties or used to train models without your explicit written consent.
  • Hazardous substance records: We maintain appropriate security controls around any data involving chemicals classified under GHS, REACH, or similar regulatory frameworks, recognising the potential safety implications of unauthorised disclosure.

4. Legal Bases for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we process personal data under the following legal bases:

  • Contract performance: Processing necessary to deliver the Services under our subscription agreement with you
  • Legitimate interests: Security monitoring, fraud prevention, product improvement, and direct marketing to existing customers (where you have not opted out)
  • Legal obligation: Processing required to comply with applicable law, including data retention requirements and regulatory requests
  • Consent: Marketing communications to new contacts and the use of non-essential cookies, where we obtain your explicit consent

5. Data Sharing and Disclosure

We do not sell your personal data or your CRM data to third parties. We may share information in the following limited circumstances:

  • Service providers: Trusted sub-processors who assist us in delivering the Services (e.g., cloud hosting, payment processing, email delivery). All sub-processors are contractually bound to process data only on our instructions and to maintain appropriate security measures.
  • Integration partners: If you choose to connect Chemflo with third-party tools (e.g., ERP systems, laboratory information management systems, logistics platforms), data shared via those integrations is governed by the third party's own privacy policy.
  • Legal requirements: If required by law, court order, or governmental authority, we may disclose information. Where legally permissible, we will notify you before doing so.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to the same privacy protections described in this policy.
  • With your consent: In any other circumstance, only with your explicit prior consent.

6. Data Security

We implement technical and organisational measures appropriate to the sensitivity of chemical industry data, including:

  • Encryption of all data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256
  • Role-based access controls and the principle of least privilege
  • Multi-factor authentication (MFA) support for all user accounts
  • Regular penetration testing and vulnerability assessments
  • Audit logging of all access to sensitive records
  • 24/7 security monitoring and incident response procedures
  • Annual security training for all Chemflo employees with data access

Despite these measures, no system can guarantee absolute security. If you become aware of any security incident or unauthorised access to your account, please contact us immediately at security@chemflo.io.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. Specifically:

  • Active accounts: All CRM data is retained for the duration of your subscription
  • After account closure: We retain your data for 90 days to allow account reactivation or data export. After this period, data is permanently deleted unless we are required by law to retain it longer.
  • Regulatory compliance records: Where you use Chemflo to store records subject to statutory retention requirements (e.g., REACH dossiers, chemical inventory records), you are responsible for ensuring your data retention settings comply with applicable law. We provide configurable retention policies to support this.
  • Backup copies: Encrypted backup copies may persist for up to 30 days after deletion from the live system, after which they are overwritten.
  • Billing records: Financial transaction records are retained for 7 years in accordance with accounting regulations.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data, subject to our legal retention obligations
  • Portability: Receive your data in a structured, machine-readable format (CSV or JSON export available directly from the platform)
  • Restriction: Request that we limit processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests, including for direct marketing
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact our Data Protection Officer at privacy@chemflo.io. We will respond within 30 days. If you are located in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Strictly necessary cookies: Essential for platform functionality, session management, and security. These cannot be disabled.
  • Performance cookies: Collect anonymised data about how users interact with the platform to help us improve performance and usability.
  • Functional cookies: Remember your preferences (e.g., language, theme, dashboard layout) to personalise your experience.
  • Analytics cookies: Help us understand aggregate usage patterns. We use privacy-preserving analytics tools and do not share this data with advertising networks.

You can manage cookie preferences through the cookie settings banner shown on your first visit, or by adjusting your browser settings. Disabling strictly necessary cookies may impact platform functionality.

10. International Data Transfers

Chemflo stores and processes data in data centres located in the European Union (primary) and the United States (disaster recovery). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Agreement (IDTA).

Customers with specific data residency requirements (e.g., GDPR Article 46 obligations) should contact privacy@chemflo.io to discuss available options, including EU-only data processing configurations.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA, including the right to know what personal information we collect and how it is used, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. To submit a request, contact us at privacy@chemflo.io.

12. Children's Privacy

The Chemflo platform is a B2B service intended solely for use by businesses and professionals. It is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

13. Third-Party Links and Integrations

The platform may contain links to third-party websites or support integrations with external tools such as ERP systems, chemical databases, or logistics providers. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party service you connect to Chemflo.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you via email and by displaying a prominent notice within the platform at least 14 days before the changes take effect. Your continued use of the Services after that date constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Last updated: March 1, 2025