ChatWMS Privacy Policy

Adopted by Cellaware technologies, LLC as of January 1st, 2026

Cellaware Technologies, LLC (“Cellaware,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy describes how we collect, use, process, and protect information in connection with our cloud-based software platform, including ChatWMS and related services (the “Platform”).

1. Scope and Role

Cellaware provides a cloud-based Software-as-a-Service (SaaS) platform designed for commercial warehouse operators and enterprise customers.

In providing the Platform:

Cellaware acts as a data processor on behalf of its customers (the “Customer”), who act as data controllers.
We process data only in accordance with Customer instructions and applicable agreements.

If you are an end user of the Platform, your organization controls your data and is responsible for your personal information.

2. Information We Collect

We intentionally limit the data we collect to what is necessary to operate the Platform.

2.1 Account Information (Provided by Customer)

While a user account is active, we process:

User email address
Username
User ID

This information is provisioned via the Customer’s identity provider (e.g., Single Sign-On).

2.2 Customer Data Processed Through the Platform

In providing the Platform’s functionality, we process warehouse and operational data submitted by or on behalf of Customers, including:

Warehouse Management System (WMS) data
User prompts and queries
Generated responses and outputs

Temporary Raw Data Processing

Raw WMS data may be processed for report generation or alerting
Retained for no more than 3 days

Summarized Data (Quality Assurance)

For service improvement and reliability:

Summarized and/or obfuscated WMS data
Summarized user interaction data

Retained for no more than 90 days

2.3 Usage Data (Aggregated and Obfuscated)

We collect limited usage and performance data to improve the Platform. This data:

Does not include IP addresses
Does not include device or browser fingerprinting
Is aggregated and obfuscated
Cannot reasonably identify individuals

2.4 What We Do Not Collect

We do not:

Use cookies or tracking technologies
Collect IP addresses or device-level identifiers
Collect sensitive personal data (e.g., health, financial account data, precise location)

3. How We Use Information

We process data strictly for the following purposes:

Account authentication and authorization (via Customer SSO)
Providing and operating the Platform
Customer support and issue resolution
Quality assurance and system reliability
Product improvement and performance optimization

We do not use Customer data for advertising or marketing purposes.

4. Data Sharing and Disclosure

We do not sell, rent, or trade personal data.

We do not share Customer data with third parties except as necessary to provide the Platform.

4.1 Subprocessors

We use a limited number of subprocessors to operate the Platform:

Microsoft Azure (cloud infrastructure – Central US by default)
OpenAI (AI processing of prompts and WMS data)
Browserless.io (automation services)

Where subprocessors are used:

Data is processed strictly for service delivery
Contracts include appropriate data protection obligations

4.2 AI Processing

To enable natural language functionality:

We send:
- User prompts
- Raw and/or aggregated WMS data

OpenAI processing is configured such that:

No data is used for training
No data retention is enabled beyond processing requirements

5. International Data Transfers

Cellaware operates globally.

Primary data hosting: Microsoft Azure (Central United States)
Customers may request regional hosting options

For transfers outside the European Economic Area (EEA) or United Kingdom:

We rely on Standard Contractual Clauses (SCCs) or equivalent safeguards

6. Data Retention

We retain data only as long as necessary:

Account data is retained until account deletion.
Raw WMS data used for reports or alerts is retained for up to 3 days.
Summarized or quality assurance data is retained for up to 90 days.
Aggregated and obfuscated usage data is retained indefinitely as it does not identify individuals.

Customer Termination

Upon termination, data is retained for a 90-day grace period
After this period, data is securely deleted unless otherwise required by law

7. Data Security

We maintain a strong security posture aligned with industry standards:

ISO/IEC 27001 certified, with annual audits
Encryption:
- Data at rest (modern encryption standards)
- Data in transit (TLS 1.3)
Role-based access controls (RBAC)
Customer-managed authentication via SSO
Access is restricted based on least privilege principles

Additional details are available at:
http://trustcenter.cellaware.com

8. User Rights and Requests

Because Cellaware acts as a data processor, requests should generally be directed to your employer or organization (the Customer).

Customers may request on behalf of users:

Access to personal data
Correction or deletion of data

Requests can be submitted to: privacy@cellawaretech.com

9. Communications

We do not send marketing communications to end users.

We may send:

Service-related communications
Security alerts
Outage notifications
Important operational updates

10. Children’s Privacy

The Platform is not intended for individuals under 18 years of age.
We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time.
Updates will be posted on this page with a revised effective date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

privacy@cellawaretech.com

13. Governing Law

This Privacy Policy is governed by the laws of the State of Texas, United States, without regard to conflict of law principles.