Privacy Policy

Effective date: June 7, 2026

This Privacy Policy explains how Oak Grove Data (“we,” “our,” or “us”) collects, uses, and shares information when you use the Main Street Commodities Intelligence Platform at dashboard.mscip.com (the “Service”).

1. Who we are

Oak Grove Data is a sole proprietorship operating in Virginia, United States. We operate the MSCIP commodity intelligence dashboard and are the controller responsible for the personal information you provide to us.

Contact for privacy matters: [email protected]

2. Information we collect

We collect the following information when you use the Service:

Information you provide directly:

  • Email address (when you subscribe to a paid plan, sign in, or contact us)

Information collected automatically:

  • IP address and request metadata (collected by Cloudflare, our infrastructure provider, for security and operational purposes)
  • Authentication session identifiers (set by Cloudflare Access when you sign in)
  • Browser type and access timestamps (in server logs)

Information collected by third parties on our behalf:

  • Payment information (collected by Stripe; we do not see or store your full payment card details)
  • Email delivery metadata (collected by Resend when we send you transactional emails)

We do not collect:

  • Information about your race, ethnicity, religion, political views, sexual orientation, health, biometric identifiers, or other special categories of sensitive personal data
  • Information about minors. The Service is not intended for users under 18, and we do not knowingly collect information from anyone under that age
  • Behavioral tracking data through analytics tools
  • Location data (beyond approximate geographic information derivable from IP address)

3. How we use information

We use the information we collect for the following purposes:

  • To provide the Service: authenticating your access, granting you the features of your subscription tier, displaying commodity data on your account
  • To process payments: through Stripe, which charges your subscription and manages billing
  • To send transactional communications: welcome emails, payment receipts, subscription notices, security notifications, and responses to your requests
  • For security and fraud prevention: detecting and preventing unauthorized access, abuse, and security threats
  • To comply with legal obligations: tax reporting, responding to lawful requests from authorities, retaining records as required by applicable law

We do not sell your personal information. We do not share your personal information with advertisers or marketing partners.

For users in the United States, our processing is governed by applicable US federal and state laws. Where the General Data Protection Regulation or UK Data Protection Act applies to your information, we rely on the following lawful bases:

  • Contract: processing necessary to provide the subscription service you purchased
  • Legitimate interests: security, fraud prevention, service improvement, and infrastructure operation
  • Legal obligation: tax records, regulatory reporting, responding to lawful requests

5. Who we share information with

We share information with the following service providers, each of whom processes data on our behalf:

Cloudflare, Inc. (San Francisco, CA, USA)
Provides infrastructure (Pages hosting, Workers, KV storage, R2 storage, D1 database, Access authentication), security, and content delivery. Cloudflare may process personal data including IP addresses, session identifiers, and content stored in our database.
Privacy notice: cloudflare.com/privacypolicy

Stripe, Inc. (San Francisco, CA, USA)
Processes subscription payments and stores payment method information. We do not see or store your full payment card details.
Privacy notice: stripe.com/privacy

Resend (San Francisco, CA, USA)
Delivers transactional email on our behalf. Resend processes your email address and message content for delivery.
Privacy notice: resend.com/legal/privacy-policy

We may also share information when required by law (subpoena, court order, lawful request) or to protect the safety and rights of users, third parties, or ourselves.

6. International data transfers

We are based in the United States. Our infrastructure providers operate globally, and your information may be processed in the United States and other countries. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to the United States, our processors rely on transfer mechanisms such as the EU-US Data Privacy Framework, the UK Extension to the DPF, and Standard Contractual Clauses.

7. How long we keep information

We retain personal information only as long as necessary for the purposes described in this policy:

  • Account information: while your account is active, and up to 30 days after you delete it
  • Subscription and payment records: for at least 7 years to comply with US tax and financial recordkeeping requirements
  • Server logs and security data: typically up to 90 days, in line with Cloudflare’s retention policies
  • Email delivery logs: typically up to 12 months at Resend

We may retain anonymized or aggregated data indefinitely for analytics and service improvement.

8. Your rights

Depending on where you reside, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you
  • Correction: ask us to correct inaccurate information
  • Deletion: ask us to delete your personal information (subject to legal retention requirements such as tax records)
  • Portability: request your information in a portable format
  • Objection: object to processing based on legitimate interests
  • Restriction: request that we limit how we process your information

California residents have additional rights under the California Consumer Privacy Act, including the right to know what categories of information we collect, the right to delete information (subject to exceptions), and the right to non-discrimination for exercising privacy rights. We do not sell personal information.

To exercise your rights, email [email protected] from the email address associated with your account. We will respond within 30 days (or up to 45 days where allowed under applicable law if your request is complex). We may need to verify your identity before fulfilling certain requests.

9. Cookies and similar technologies

The Service uses only strictly-necessary cookies for:

  • Authentication: Cloudflare Access sets a session cookie when you sign in. This cookie is required to keep you signed in
  • Security: Cloudflare sets bot-management and security cookies to protect the Service from abuse
  • Payment session: Stripe sets cookies during the checkout process

We do not use analytics, advertising, or marketing cookies. No tracking pixels. No third-party advertising trackers.

10. Data security

We take reasonable measures to protect personal information:

  • All data is transmitted over TLS-encrypted connections
  • Authentication is handled by Cloudflare Access with industry-standard security
  • Payment data is processed exclusively by Stripe, a PCI-certified payment processor
  • Access to production systems is limited to authorized personnel

No system is completely secure. If we become aware of a security incident that affects your personal information, we will notify you and applicable authorities as required by law.

11. Service availability

The Service is offered to users in the United States. We do not actively market the Service in the European Economic Area, United Kingdom, or other jurisdictions outside the United States. If you access the Service from outside the United States, you do so at your own initiative and are responsible for compliance with local laws.

12. Children’s privacy

The Service is not intended for, and we do not knowingly collect information from, anyone under 18 years of age. If you believe a minor has provided us with personal information, contact [email protected] and we will delete the information promptly.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service before the changes take effect. Continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

14. Contact us

If you have questions about this Privacy Policy or our privacy practices, contact us at [email protected].