Privacy Policy

This Privacy Policy explains how Origin Trading Pte. Ltd. ("Origin Trade", "we", "us", or "our") collects, uses, discloses, and protects information when you use the Origin Trade Platform — an AI-powered operating system for physical commodity trading and brokerage. The Platform processes sensitive commercial information (e.g., trade terms, invoices, packing lists, shipping documents), AI-generated content (e.g., contract drafts, deal insights, smart reminders), digitally signed documents, and personal data (e.g., staff contact details, counterparty contacts, signatory information).

Related: Terms and Conditions.

1. Roles: Controller vs. Processor

• Customer Content: For Trade Data and documents uploaded by a Customer, Origin generally acts as a service provider / processor on the Customer’s instructions.
• Platform Operations: For account creation, authentication, billing/admin, fraud prevention, and platform security, Origin may act as a controller of certain personal data.

2. Information We Collect

2.1 Account and Identity Data

• Name, email address, phone number, job title/role, organization identifiers.
• Authentication signals (e.g., OTP verification events) and account settings.

2.2 Business and Trade Workflow Data

• Company profiles, counterparties, contacts, and relationship metadata.
• Trade capture: commodity, quantity, unit, incoterms, payment terms, prices, formulas, tolerances, laycan windows, and notes.
• Subcontracts, contract status, generation and delivery events.
• Logistics data: ports, shipments, vessel details, ETD/ETA, tracking events, documents, and operational fields (e.g., demurrage, laytime).
• Invoices, invoice numbers, tax/GST classification where applicable, and supporting documentation.
• Commission tracking: salesperson/referral agent identifiers and computed commission entries.

2.3 Document Generation Data

• Inputs used to generate commercial invoices, proforma invoices, packing lists, credit/debit notes, and contract PDFs (e.g., line items, quantities, pricing, banking details, shipping marks).
• Generated document metadata: document type, generation timestamps, version history, and distribution records.
• Template selections, clause choices, and formatting preferences used during document creation.

2.4 Digital Signing Data

• Signatory information: names, email addresses, job titles, and organizational affiliations of persons invited to sign documents.
• Signing events: timestamps, IP addresses, completion status, and access logs for each signing session.
• Document state: signed/unsigned status, signing order, and sealed document records.

2.5 AI and Insights Data

• Inputs to AI features: trade data, deal parameters, and natural language queries submitted through the dashboard or WhatsApp.
• AI-generated outputs: contract drafts, risk scores, deal analysis narratives, actionable insights, and executive summaries.
• Smart reminder triggers: deadline dates, certification expiry dates, payment due dates, demurrage thresholds, and the reminder/alert events generated from them.
• Conversation history for WhatsApp AI interactions (stored per-user within the organization's tenant).

2.6 Compliance and Verification Data (if enabled)

• KYC/KYB information such as identification documents, beneficial ownership information, and screening outcomes where required for compliance.

2.7 Technical and Usage Data

• Device and browser metadata, IP address, timestamps, and basic telemetry logs.
• Security logs and audit events (e.g., login attempts, permission changes, document access) to protect the Platform.

3. How We Use Information

• Provide the Services: operate trade workflows, generate documents (invoices, packing lists, contracts, credit/debit notes), and enable collaboration with counterparties.
• Document Generation: populate and render invoices, packing lists, and other commercial documents from your Trade Data inputs.
• Digital Signing: facilitate electronic signature workflows, authenticate signatories, record signing events, and maintain audit trails.
• AI Features: generate contract drafts, deal risk analysis, actionable insights, and smart reminders from your organization's data. Your data is processed within your tenant and is not used to train models for other customers.
• Smart Reminders: monitor deadlines, certification expirations, payment due dates, and operational thresholds to proactively generate alerts and notifications.
• Security and fraud prevention: detect abuse, protect accounts, and maintain audit logs.
• Support: respond to requests and troubleshoot issues.
• Compliance: meet legal obligations (e.g., AML/CTF, sanctions, record-keeping) where applicable.
• Improve the Platform: debug, test, and improve performance and usability (using aggregated, anonymized data where possible).

4. Legal Bases (where applicable)

Depending on your jurisdiction, we may process personal data based on one or more of the following legal bases: performance of a contract, legitimate interests (e.g., platform security), compliance with legal obligations, and/or consent (where required).

5. How We Share Information

We do not sell personal data. We may share information as follows:

• With counterparties: sharing trade documents and contact details required to execute the specific trade workflow you initiate.
• With vendors/processors: hosting, storage, messaging/email delivery, analytics/monitoring, and verification providers under confidentiality and data processing obligations.
• For legal reasons: when required by law, regulation, court order, or to protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets (subject to appropriate safeguards).

6. Data Retention

We retain data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain business records. Trade and invoice records may be retained for extended periods due to commercial and regulatory requirements.

7. Security

We use administrative, technical, and organizational safeguards designed to protect data, including:

• Multi-tenant data isolation (each organization's data is architecturally separated).
• Role-based access controls and permission management.
• Encryption in transit (TLS) and at rest for sensitive data.
• Audit logging of document access, signing events, and administrative actions.
• Secure signing links with unique tokens for counterparty document access.
• Session management and automatic session expiration.

No method of transmission or storage is completely secure; you should also use strong credentials and appropriate internal access controls.

7a. AI Data Processing

The following principles govern how we handle data in connection with AI Features:

• Tenant Isolation: AI Features operate exclusively on your organization's data within your tenant. Your Trade Data is never shared with, visible to, or used to improve services for other customers.
• No Cross-Tenant Training: We do not use your Content or Trade Data to train machine learning models for other organizations.
• Third-Party AI Providers: Some AI capabilities may use third-party language model providers. When third-party AI services are used, data is transmitted securely and subject to data processing agreements that prohibit the provider from retaining or training on your data.
• AI Output Retention: AI-generated outputs (insights, risk scores, contract drafts) are stored within your tenant and subject to the same data retention and deletion policies as other Content.
• Human Oversight: AI Features are designed to augment, not replace, human decision-making. All AI outputs require user review before action.

8. International Transfers

Your data may be processed in countries other than where you are located. Where required, we implement appropriate safeguards for cross-border transfers.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of personal data, and to request portability.

Because much of the Platform content is business/trade data controlled by the Customer, requests may need to be handled via your organization’s administrator.

10. Cookies and Similar Technologies

We may use cookies or similar technologies for session management, security, preferences (e.g., theme), and basic analytics. You can control cookies through your browser settings, but some features may not function properly.

11. Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal data from children.