Privacy Policy

Last Updated: December 7, 2025

1. Introduction

OrderWeave is operated by Holocorp LTD (Company No: PVT-EYUD6EL), a company registered in Kenya with our registered office at Ground Floor, Longonot Place, Kijabe Street, Nairobi, Kenya (P.O. Box 12901 00100 Nairobi, Kenya). Throughout this policy, "we," "our," or "us" refers to Holocorp LTD and the OrderWeave service.

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-commerce synchronization and inventory management service.

By using OrderWeave, you consent to the data practices described in this policy.

2. Information We Collect

We do not sell your personal information. We collect only the minimum information necessary to provide and improve our services.

2.1 Information You Provide

  • Account Information: Name, email address, company name, billing address
  • Payment Information: Processed securely by Paddle.com (we do not store credit card details)
  • Integration Credentials: API keys and credentials for ERPNext and e-commerce platforms (encrypted at rest)
  • Support Communications: Information provided when contacting customer support

2.2 Business Data You Sync

Through our synchronization service, we process (but do not claim ownership of):

  • Product Data: Product information, prices, inventory levels from your ERPNext and e-commerce systems
  • Customer Data: Customer names and order information synced between systems
  • Synchronization Data: Sync events, errors, and transaction logs

Your data remains yours. We take steps to ensure that all source code, files, and data remain private and confidential. We access your business data only to provide synchronization services and technical support when you request it.

2.3 Information Collected Automatically

  • Usage Data: Log files, IP addresses, browser type, access times, pages viewed
  • Performance Metrics: Service usage statistics and performance data
  • Error Logs: Technical error information for debugging and service improvement

2.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze service usage and performance
  • Improve user experience

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our synchronization service
  • Process transactions and manage subscriptions
  • Send service-related notifications and updates
  • Provide customer support and respond to inquiries
  • Monitor and analyze usage trends and service performance
  • Detect and prevent fraud and security issues
  • Improve and optimize our services
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information to third parties. We share your information only with trusted service providers who help us deliver our services, and only to the extent necessary.

Third-Party Service Providers (Sub-Processors)

We use the following third-party services to operate OrderWeave:

Payment and Subscription Management:

  • Paddle.com: Payment processing, subscription billing, and customer records

Infrastructure and Hosting:

  • Amazon Web Services (AWS): Cloud hosting, database storage, and file storage
  • Cloudflare: CDN, DDoS protection, and DNS services

Monitoring and Analytics:

  • Sentry: Error tracking and application monitoring
  • Google Analytics: Website traffic and usage analytics (anonymized)

Communication:

  • Email Service Provider: Transactional emails and support communications

Your Third-Party Platforms

OrderWeave connects to platforms you configure:

  • Your ERPNext instance (as configured by you)
  • Your e-commerce platforms (WooCommerce, Shopify) as needed for synchronization

We access these platforms only using credentials you provide and only to perform synchronization services you've configured.

Legal Disclosure

We may disclose your information when required by law:

  • In response to legal process, court orders, or government requests
  • To protect our rights, property, or safety, or that of others
  • To prevent fraud, security threats, or illegal activity
  • To enforce our Terms of Service

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest (including API credentials)
  • Secure credential storage using industry best practices
  • Regular security audits and updates
  • Access controls and multi-factor authentication
  • Monitoring and logging of system access
  • Automated backup systems with encrypted storage

Employee Access and Confidentiality

We restrict access to your personal information to employees who need it to provide our services. All employees and contractors are:

  • Bound by strict confidentiality obligations
  • Required to sign non-disclosure agreements
  • Subject to disciplinary action, including termination, for privacy breaches
  • Trained on data protection and privacy best practices

However, no method of transmission or storage is 100% secure. While we cannot guarantee absolute security, we continuously work to enhance our security measures and respond promptly to any security incidents.

6. Data Retention and Deletion

We retain your data only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy.

Active Accounts

While your account is active, we retain:

  • Account information and billing records
  • Synchronized business data (products, inventory, orders)
  • Synchronization logs and error reports
  • Support communications and service interactions

After Account Deletion

All data will be deleted from our databases within 30 days of you deleting your account. This includes:

  • Personal account information
  • Business data (products, inventory, pricing)
  • Integration credentials and API keys
  • Synchronization history and logs

During the 30-day period, your data remains accessible for export purposes. After 30 days, all data is permanently deleted and cannot be recovered.

Legal Retention

We may retain certain information beyond 30 days when required by law, such as:

  • Financial records for tax and accounting purposes (as required by Kenyan law)
  • Records necessary to resolve disputes or enforce our agreements
  • Information required for legal proceedings or investigations

7. Your Privacy Rights

You have the following rights regarding your personal information:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Correction: Update or correct inaccurate or incomplete information
  • Right to Deletion: Request deletion of your data (subject to legal retention requirements)
  • Right to Data Portability: Download your data in a machine-readable, portable format (JSON/CSV)
  • Right to Withdraw Consent: Withdraw consent for data processing at any time
  • Right to Object: Object to processing of your data for specific purposes (e.g., marketing)
  • Right to Opt-Out: Unsubscribe from marketing communications via email links or account settings
  • Right to Transfer Data: Request that we transfer your data to another service provider

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days. Some requests may require verification of your identity to protect your privacy.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

9. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Company: Holocorp LTD (Company No: PVT-EYUD6EL)
  • Address: Ground Floor, Longonot Place, Kijabe Street, Nairobi, Kenya
  • P.O. Box: 12901 00100 Nairobi, Kenya
  • Phone: +254 732 03 03 03 or +254 752 03 03 03
  • Email: privacy@orderweave.com
  • Support Email: support@orderweave.com
  • Website: https://orderweave.com

13. GDPR Compliance (EU Users)

For users in the European Union, we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

  • Contract Performance: To provide our services
  • Legitimate Interests: For service improvement and security
  • Legal Compliance: To comply with applicable laws
  • Consent: For marketing communications (you may withdraw consent at any time)

Questions about our privacy practices?

Contact Support