Privacy Policy
Last updated: July 2026
This policy explains what personal data we process when you use openflow.network, why we process it, and what rights you have. We do not require accounts, names, or email addresses to use the site.
1. Data we process
The table below lists each category of data, its source, purpose, and the legal basis we rely on under GDPR. We do not use data for advertising or profiling, and we do not knowingly process data of children.
2. Wallet data and blockchain transparency
Wallet addresses can be personal data where they can be linked to you. Open limit orders are queryable by wallet address on the portfolio page — anyone who knows your address can see associated open orders. Do not place orders from a wallet whose association with your identity you wish to keep private. Trades executed on public blockchains are publicly visible independent of OpenFlow.
3. Cookies and analytics
We use Vercel Analytics, which is designed to work without cookies and without persistent cross-site identifiers. It collects page views and technical metadata to derive aggregate statistics. The site does not set advertising or cross-site tracking cookies. Whether Vercel Analytics requires opt-in consent under ePrivacy rules in marketed EU member states is pending counsel determination — a consent mechanism will be implemented if required.
4. Processors and recipients
We use the following service providers: Vercel (web hosting and analytics), Amazon Web Services (backend compute, container registry, secrets management), Supabase (managed Postgres database), and public Solana RPC providers or Helius (blockchain read/submit). Each acts under contract as a processor where applicable. We may disclose data if required by law or in a corporate transaction. We do not sell personal data.
5. International transfers
Our providers may process data in the United States and other countries. Where GDPR applies, transfers rely on adequacy decisions or Standard Contractual Clauses — the specific mechanism per provider will be confirmed once data-processing agreements are in place.
6. Retention
Open limit and DCA orders are retained until executed, cancelled, or expired. Executed and cancelled order and swap records are retained for the period required for fee accounting and applicable audit obligations (specific periods to be set with counsel). IP-based rate-limit counters are transient. Analytics data is retained in aggregate form per Vercel's retention policy. A formal retention schedule and deletion mechanism are pending implementation.
7. Your rights
Depending on where you live, you may have rights to access, rectify, erase, restrict, or object to processing, to data portability, and to withdraw consent. We cannot erase data recorded on public blockchains. You may also complain to your data-protection authority.
8. Contact
To exercise your rights or ask questions, use our support page and include the wallet address concerned. We may ask you to prove control of the wallet before acting on a request.
9. Security
Backend secrets are stored in a managed secrets service and access to production systems is restricted. No internet service is perfectly secure; use of the site is at your own risk.
10. Changes
We will post changes on this page with an updated effective date and, for material changes, provide additional notice where required by law.
11. Controller identity
The data controller is the OpenFlow operating entity (pending formation — see the Imprint page). Until the entity is formed, use the support page for privacy enquiries.