Privacy Policy

Last updated: February 2026

Overview

WarpWare ("we," "us," or "our") operates an order management automation platform for third-party logistics providers (3PLs) and e-commerce businesses. This Privacy Policy describes how we collect, use, store, and protect information when you use our platform and services. By using WarpWare, you agree to the practices described in this policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Name, email address, and company name
  • Login credentials (passwords are hashed using bcrypt and never stored in plain text)
  • Role and organization assignments

Integration Credentials

To connect your sales channels and warehouse systems, we store API credentials including OAuth tokens, API keys, and webhook secrets. All integration credentials are encrypted with AES-256 before storage and are never stored in plain text.

Order Data

We process order data from your connected platforms, which may include customer names, shipping addresses, email addresses, phone numbers, product details, and order amounts. This data is processed to route and fulfill orders per your configured rules.

Usage Data

We collect logs of platform activity including login events, configuration changes, API requests, and admin dashboard interactions. This data is used for security auditing, troubleshooting, and platform improvement.

How We Use Your Information

  • Order processing: To receive, transform, route, and submit orders to your warehouse management system
  • Platform operation: To maintain integrations, execute automation rules, and sync inventory and fulfillment data
  • Security and auditing: To log administrative actions, detect unauthorized access, and maintain audit trails
  • Notifications: To send alerts about order failures, integration errors, and system events via your configured channels (email, Slack, webhooks)
  • Support: To diagnose issues and provide technical assistance
  • Platform improvement: To analyze usage patterns and improve performance and reliability

Data Security

We implement the following security measures to protect your data:

  • AES-256 encryption for all stored API credentials and tokens
  • TLS encryption for all data in transit
  • Bcrypt password hashing with high cost factor
  • Role-based access control with organization-scoped data isolation
  • Audit logging of all administrative and data-modifying operations
  • Session management with configurable idle and absolute timeouts
  • Invite-only account provisioning (no open self-registration)

Multi-Tenant Data Isolation

WarpWare is a multi-tenant platform. Your data is isolated at the database level using organization-scoped access controls. Each query is scoped to your organization, and database-enforced boundaries prevent cross-tenant data access. Your order data, rules, configurations, and credentials are never visible to other tenants.

Data Retention

We retain data according to the following schedule:

  • Activity and webhook logs: 30 days
  • Rule execution logs: 60 days
  • Order audit trail: 90 days
  • Compliance and organization audit logs: 180 days
  • Order records: Retained for the duration of your service agreement
  • Account information: Retained until account deletion or service termination

Third-Party Data Sharing

We do not sell your data. We share data only in the following circumstances:

  • Your connected platforms: Order and fulfillment data is transmitted to and from your configured integrations (Shopify, Amazon, WMS, etc.) as required to process orders
  • Infrastructure providers: We use cloud hosting and database services to operate the platform. These providers process data on our behalf under data processing agreements
  • Legal requirements: We may disclose data if required by law, court order, or government request

GDPR & Data Subject Rights

WarpWare supports GDPR compliance for customer data processed through our platform. We implement data redaction handlers that can scrub personally identifiable information from order records upon request. If you or your customers need to exercise data rights, we support:

  • Data access requests: Export of all data associated with a customer
  • Data deletion/redaction: PII fields (email, phone, name, addresses) redacted from order records
  • Shop deactivation: Full data cleanup when a merchant disconnects

All GDPR actions are logged in an audit trail for compliance documentation.

Cookies & Tracking

The WarpWare admin dashboard uses httpOnly session cookies for authentication. We do not use third-party advertising trackers or cross-site tracking cookies. Our marketing website may use basic analytics to understand page traffic.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at our contact page or email us at [email protected].