ChatWMS Privacy Policy

Cellaware Technologies, LLC (“Cellaware,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy describes how we collect, use, process, and protect information in connection with our cloud-based software platform, including ChatWMS and related services (the “Platform”).

 

1. Scope and Role

​

Cellaware provides a cloud-based Software-as-a-Service (SaaS) platform designed for commercial warehouse operators and enterprise customers.

In providing the Platform:

​

• Cellaware acts as a data processor on behalf of its customers (the “Customer”), who act as data controllers.

• We process data only in accordance with Customer instructions and applicable agreements.

​

If you are an end user of the Platform, your organization controls your data and is responsible for your personal information.

​

​

2. Information We Collect

​

We intentionally limit the data we collect to what is necessary to operate the Platform.

​

2.1 Account Information (Provided by Customer)

​

While a user account is active, we process:

​

• User email address

• Username

• User ID

​​

This information is provisioned via the Customer’s identity provider (e.g., Single Sign-On).

​

2.2 Customer Data Processed Through the Platform

​

In providing the Platform’s functionality, we process warehouse and operational data submitted by or on behalf of Customers, including:

​

• Warehouse Management System (WMS) data

• User prompts and queries

• Generated responses and outputs

​​

Temporary Raw Data Processing

​

• Raw WMS data may be processed for report generation or alerting

• Retained for no more than 3 days

​​

Summarized Data (Quality Assurance)

​

For service improvement and reliability:

​

• Summarized and/or obfuscated WMS data

• Summarized user interaction data

​

Retained for no more than 90 days

​

2.3 Usage Data (Aggregated and Obfuscated)

​

We collect limited usage and performance data to improve the Platform. This data:

​

• Does not include IP addresses

• Does not include device or browser fingerprinting

• Is aggregated and obfuscated

• Cannot reasonably identify individuals

​

2.4 What We Do Not Collect

​

We do not:

​

• Use cookies or tracking technologies

• Collect IP addresses or device-level identifiers

• Collect sensitive personal data (e.g., health, financial account data, precise location)

​

3. How We Use Information

​

We process data strictly for the following purposes:

​

• Account authentication and authorization (via Customer SSO)

• Providing and operating the Platform

• Customer support and issue resolution

• Quality assurance and system reliability

• Product improvement and performance optimization

​

We do not use Customer data for advertising or marketing purposes.

​

4. Data Sharing and Disclosure

​​

We do not sell, rent, or trade personal data.

We do not share Customer data with third parties except as necessary to provide the Platform.

​

4.1 Subprocessors

​

We use a limited number of subprocessors to operate the Platform:

​

• Microsoft Azure (cloud infrastructure – Central US by default)

• OpenAI (AI processing of prompts and WMS data)

• Browserless.io (automation services)

​

Where subprocessors are used:

​

• Data is processed strictly for service delivery

• Contracts include appropriate data protection obligations

​

4.2 AI Processing

​

To enable natural language functionality:

​

• We send:

  • User prompts

  • Raw and/or aggregated WMS data

​

OpenAI processing is configured such that:

​

• No data is used for training

• No data retention is enabled beyond processing requirements

​​

5. International Data Transfers

​

Cellaware operates globally.

​

• Primary data hosting: Microsoft Azure (Central United States)

• Customers may request regional hosting options

​

For transfers outside the European Economic Area (EEA) or United Kingdom:

​

• We rely on Standard Contractual Clauses (SCCs) or equivalent safeguards

​

6. Data Retention

​​

We retain data only as long as necessary:

​​​​

• Account data is retained until account deletion.

• Raw WMS data used for reports or alerts is retained for up to 3 days.

• Summarized or quality assurance data is retained for up to 90 days.

• Aggregated and obfuscated usage data is retained indefinitely as it does not identify individuals.

​​​

​​​

Customer Termination

​

• Upon termination, data is retained for a 90-day grace period

• After this period, data is securely deleted unless otherwise required by law

​

7. Data Security

​

We maintain a strong security posture aligned with industry standards:

​

• ISO/IEC 27001 certified, with annual audits

• Encryption:

  • Data at rest (modern encryption standards)

  • Data in transit (TLS 1.3)

• Role-based access controls (RBAC)

• Customer-managed authentication via SSO

• Access is restricted based on least privilege principles

​

Additional details are available at:
http://trustcenter.cellaware.com

​

8. User Rights and Requests

​

Because Cellaware acts as a data processor, requests should generally be directed to your employer or organization (the Customer).

​

Customers may request on behalf of users:

​

• Access to personal data

• Correction or deletion of data

​

Requests can be submitted to: privacy@cellawaretech.com

​

9. Communications

​

We do not send marketing communications to end users.

​

We may send:

​

• Service-related communications

• Security alerts

• Outage notifications

• Important operational updates

​

10. Children’s Privacy

​

The Platform is not intended for individuals under 18 years of age.
We do not knowingly collect personal data from minors.

​

11. Changes to This Policy

​

We may update this Privacy Policy from time to time.
Updates will be posted on this page with a revised effective date.

​

12. Contact Us

​

If you have questions about this Privacy Policy or our data practices, contact us:

​

privacy@cellawaretech.com

​

13. Governing Law

​

This Privacy Policy is governed by the laws of the State of Texas, United States, without regard to conflict of law principles.