Privacy Policy

Last updated: 20 April 2026

1. What Data We Collect

We collect information you provide when you create an account, use our services, or contact us. This includes:

  • Account information: name, email address, company name, phone number
  • Operational data: inventory records, warehouse locations, shipments, orders, invoices, and pallet information
  • Usage data: login times, feature usage, and actions performed within the platform
  • Technical data: IP address, browser type, device information, and cookies

2. How We Use Your Data

We use your data to:

  • Provide and maintain the WMS360 platform and services
  • Authenticate users and enforce role-based access controls
  • Generate invoices, reports, and other business documents
  • Send service-related communications (e.g. password resets, system notifications)
  • Improve our platform through aggregated analytics
  • Comply with legal obligations and enforce our terms of service

3. Data Storage and Security

We take the security of your data seriously. Our measures include:

  • All data is encrypted in transit using TLS 1.2 or higher
  • Passwords are hashed using industry-standard bcrypt
  • Authentication uses JWT tokens stored in HTTP-only, secure cookies
  • Role-based access control limits data visibility per user
  • Comprehensive audit logging tracks all critical operations
  • Account lockout protections prevent brute-force attacks
  • Regular security reviews aligned with SOC 2 compliance requirements

4. Third-Party Services

We use the following third-party services to operate and improve WMS360:

  • Vercel — application hosting and deployment
  • Cloudflare R2 — secure object storage for uploaded files and documents
  • Xero — optional accounting integration (only when enabled by you)

We only share the minimum data necessary with these providers, and each is contractually bound to protect your information.

5. Cookies

We use cookies for the following purposes:

  • Essential cookies: required for authentication and platform functionality (HTTP-only JWT cookies)
  • Analytics cookies: help us understand how you use the platform so we can improve it (can be opted out)

You can manage your cookie preferences via the cookie consent banner displayed on your first visit.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account data: retained until account deletion is requested
  • Audit logs: retained for a minimum of 12 months for compliance
  • Operational data (inventory, shipments, invoices): retained for the duration of your subscription
  • After account deletion, data is permanently removed within 30 days, except where legal retention requirements apply

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of Access: request a copy of all data we hold about your company (available via Settings > Data Management > Export)
  • Right to Correction: update or correct inaccurate data through the platform or by contacting us
  • Right to Deletion: request permanent deletion of all company data (available to company owners via Settings or by contacting us)
  • Right to Data Portability: export your data in a standard JSON format
  • Right to Object: object to certain processing activities by contacting us

8. Contact Information

If you have any questions about this privacy policy or wish to exercise your data rights, please contact us: