Privacy Policy

1. Introduction

Petroleum Directory is a South Africa-focused petroleum supplier directory and business lead platform that connects verified suppliers with verified business buyers. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you use our website, dashboards, directory, verification features, messaging features, RFQ tools, and related services (“Platform”).

By using the Platform, you acknowledge that you have read this Privacy Policy.

2. Scope

This Privacy Policy applies to personal information collected through:

• the public website;
• supplier, client, and admin dashboards;
• account registration and login;
• verification and onboarding workflows;
• supplier directory listings;
• RFQ submission tools;
• in-platform messaging;
• support communications; and
• any related interactions with Elaney.

3. Who We Collect Information From

We may collect information from:

• website visitors;
• guest users;
• supplier applicants and supplier account holders;
• client applicants and client account holders;
• authorised representatives, directors, employees, and contact persons linked to business accounts;
• users who submit RFQs, messages, support requests, or verification documents; and
• administrators reviewing verification cases.

4. Information We Collect

Depending on how you use the Platform, we may collect the following categories of information.

5. How We Collect Information

We collect information:

• directly from you when you register, log in, complete forms, upload documents, create profiles, submit RFQs, send messages, or contact support;
• from your business representatives or team members using the account;
• automatically through cookies, analytics, logs, and security systems;
• from admins and internal reviewers during the verification process; and
• from service providers that support hosting, storage, authentication, email, and analytics. Your MVP stack includes Supabase Auth, Supabase Postgres, Supabase Storage, WordPress/WPGraphQL, Resend, Google Analytics, and Vercel-hosted infrastructure.

6. Why We Use Personal Information

We may use personal information to:

• create and manage user accounts;
• authenticate users and secure access;
• operate supplier, client, and admin dashboards;
• review verification applications and assign tiers;
• publish and manage supplier directory listings;
• enable verified users to send RFQs and messages;
• send RFQ emails and service notifications;
• provide customer support;
• monitor abuse, fraud, suspicious activity, and policy breaches;
• generate audit trails for admin decisions;
• improve the Platform, content, workflows, and security;
• comply with legal and regulatory obligations; and
• enforce our Terms and platform policies.

7. Verification Documents and Sensitive Information

Some information you provide may be sensitive or confidential, especially verification documents. Elaney’s platform is designed so that supplier and client verification documents are stored in a private storage bucket, with access restricted through role-based controls and short-lived signed URLs issued only after authorisation checks. Sensitive user-data tables are intended to be protected through Row Level Security and explicit admin access rules.

We use this information only for purposes such as:

• verifying identity and business legitimacy;
• reviewing compliance and quality evidence;
• handling disputes, complaints, or re-verification;
• maintaining review records and audit trails; and
• protecting users and the Platform from fraud or misuse.

8. When We Share Information

We do not sell personal information to advertisers. We may share personal information only where necessary and appropriate, including:

9. Public vs Private Information

Some information is public by design, while other information is private.

10. Cookies, Analytics, and Similar Technologies

We may use cookies, analytics tools, and similar technologies to:

• keep users signed in;
• understand usage patterns;
• improve performance and usability;
• measure traffic and marketing effectiveness; and
• support security, diagnostics, and abuse prevention.

Your MVP stack includes Google Analytics and Google Search Console for measurement and SEO support.

You may be able to control cookies through your browser settings. A separate Cookie Policy or cookie notice may also apply.

11. Security Measures

We take reasonable technical and organisational measures to protect personal information.

Based on your platform design, these measures may include:

• private storage buckets for sensitive documents;
• short-lived signed URLs for document access;
• role-based access control;
• Row Level Security on relevant data tables;
• server-side authorisation checks;
• validation of file types and upload sizes;
• input validation on write endpoints;
• rate limiting on sensitive endpoints;
• secure headers;
• audit logging for admin actions;
• monitoring of suspicious activity.

No system is completely secure, and we cannot guarantee absolute security.

12. Retention of Information

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• maintain active accounts;
• administer verification and re-verification;
• preserve audit trails;
• manage disputes and support queries;
• comply with legal obligations; and
• protect the Platform from abuse or fraud.

We may retain some records after account closure where necessary for compliance, evidence, fraud prevention, security, or legitimate business recordkeeping.

13. Cross-Border Storage and Processing

Your information may be stored or processed on infrastructure or by service providers located inside or outside South Africa, depending on the systems used to run the Platform.

Where cross-border processing occurs, we will take reasonable steps to ensure appropriate protection of personal information in line with applicable law.

14. Your Rights

Subject to applicable law, including POPIA where applicable, you may have rights to:

• request access to personal information we hold about you;
• request correction of inaccurate or incomplete information;
• object to certain processing;
• request deletion where legally permitted;
• withdraw consent where processing is based on consent; and
• lodge a complaint with the relevant regulator.

We may need to verify your identity before acting on a request.

15. Your Responsibilities

You are responsible for:

• ensuring that information you submit is accurate and lawful;
• uploading documents only where you are authorised to do so;
• keeping your account credentials secure;
• informing us of material changes to your business or verification details; and
• ensuring that people whose information you upload or submit have been properly authorised where required.

16. Children

The Platform is intended for business use and is not directed at children. We do not knowingly collect personal information from children.

17. Third-Party Links and Services

The Platform may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of third parties, and you should review their policies separately.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be posted on the Platform with a revised effective date. Continued use of the Platform after an update takes effect will be treated as acceptance of the revised policy, to the extent permitted by law.