Privacy Policy
Last updated: March 18, 2026
Warden Technologies ("Company," "we," "us," or "our") operates WardenIQ, including the web dashboard, Outlook Add-in, desktop application, and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect your information when you use the Service.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your name, email address, company name, and job title (if provided).
1.2 Billing Information
When you subscribe to the Service, payment information (credit card number, billing address) is collected and processed by our payment processor, Stripe, Inc. We do not store your full credit card number on our servers. We receive and store only a truncated card number (last four digits), card brand, expiration date, and billing address for record-keeping purposes.
1.3 Email Data (Outlook Add-in)
When you use the WardenIQ Outlook Add-in, the add-in reads the subject, body, and sender information of the email you are currently viewing. This data is transmitted to our servers over encrypted connections (HTTPS/TLS) solely to parse and extract structured freight information, including origin and destination cities, equipment types, pickup dates, and rate information.
Important: The Outlook Add-in processes emails only when you actively invoke it on a specific email. It does not run in the background, does not scan your mailbox, and cannot access other emails, contacts, calendar, or any other mailbox data. Complete email content is not permanently stored; we extract and retain only structured freight data, and only when you explicitly click "Send to Dashboard" to create a quote request.
1.4 Email Credentials (IMAP/SMTP)
If you choose to connect an email account via IMAP/SMTP for automatic quote monitoring, your email credentials are encrypted using Fernet symmetric encryption before storage. Credentials are decrypted only at the time of use to connect to your email server and are never stored in plaintext.
1.5 Quote and Business Data
We store freight quotes, rates, carrier pay, lane information, customer and carrier data, outcome data (won/lost), rate sheets, and other business data that you enter or import through the Service.
1.6 Usage Data
We collect basic usage information such as login timestamps, IP addresses, browser type, operating system, features accessed, and actions taken within the Service. We use this data to maintain security, diagnose technical issues, and improve the Service.
2. How We Use Your Information
- To provide, operate, and maintain the Service, including freight quote parsing, pricing intelligence, AI-powered rate recommendations, and dashboard features.
- To authenticate your identity, manage your account, and enforce subscription limits.
- To process payments and send billing-related communications.
- To analyze quoting patterns and improve pricing recommendations and AI features.
- To communicate with you about your account, service updates, security alerts, and support requests.
- To detect, prevent, and address technical issues, fraud, and security threats.
- To comply with legal obligations and enforce our Terms of Service.
- To generate aggregated, anonymized analytics and benchmarks that cannot identify you or your business (see Section 2.1).
2.1 Aggregated and Anonymized Data
We may create aggregated, anonymized, and de-identified datasets derived from usage of the Service for product improvement, analytics, market benchmarking, and development of new features. Aggregated data cannot reasonably be used to identify you, any individual, or your business. Our use of aggregated data is described in our Terms of Service.
2.2 AI Features & Third-Party AI Processing
We do not use your individual Customer Data to train general-purpose AI models that are shared across customers. AI features that provide rate recommendations use your data only within the scope of your account to improve recommendations specific to your business. Aggregated, anonymized data (as described in Section 2.1) may be used to improve the overall accuracy of pricing models.
Certain intelligence features (such as natural language data queries) use third-party AI services (Anthropic, PBC) to process your requests. When you use these features:
- Only the text of your query and relevant lane data (origin, destination, equipment type) is sent to the AI provider.
- No personally identifiable information (PII), customer names, contact information, or financial details are shared with the AI provider.
- The AI provider does not retain your data or use it to train their models (per Anthropic's commercial API terms).
- AI-powered features are rate-limited to prevent abuse and manage costs.
2.3 Lane Scoring & Analytics
WardenIQ analyzes your quote history to generate lane-level scores across four dimensions: supply-demand balance, consistency over time, momentum (trend direction), and timing alignment. These scores are derived entirely from your own account's data and are used to help you assess lane profitability.
Scores are displayed across multiple surfaces in the Service, including the lane map, pending quotes, quote detail view, customer detail, dashboard overview, shipments view, and the Outlook Add-in. Scores are cached server-side for up to 15 minutes per tenant to improve performance, and caches are refreshed when you record new outcomes.
When exact city-level data is insufficient, the scoring engine falls back to broader geographic aggregations (freight market, state, or regional level) using only data from within your own account. No cross-tenant data is used in individual lane scores.
3. Data Storage and Security
Your data is stored on secure servers hosted on DigitalOcean, LLC infrastructure in the United States. We implement the following security measures:
- Encryption in transit: All data transmitted between your browser, Outlook, or desktop application and our servers is encrypted via TLS/HTTPS.
- Encryption at rest: Sensitive credentials (email passwords) are encrypted using Fernet symmetric encryption. Account passwords are hashed using bcrypt.
- Access controls: Server access is restricted to authorized personnel via SSH key authentication. Database access is limited to application processes.
- Network security: Firewalls (UFW), intrusion detection (Fail2Ban), rate limiting, and DDoS mitigation are in place.
- No method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee absolute security.
4. Data Sharing and Third Parties
4.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information or business data to third parties. We do not share your personal information for cross-context behavioral advertising.
4.2 Sub-Processors
We use the following third-party service providers to operate the Service:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| DigitalOcean, LLC | Cloud infrastructure, database hosting | All Service data | United States |
| Stripe, Inc. | Payment processing | Billing information, transaction data | United States |
| Let's Encrypt (ISRG) | TLS/SSL certificate issuance | Domain name only | United States |
| Microsoft Corporation | Outlook Add-in platform (Office.js) | Add-in metadata only | United States |
| Anthropic, PBC | AI-powered intelligence query processing | Anonymized query text, lane data (origin/destination/equipment). No customer PII is sent. | United States |
We do not share your business data (freight quotes, rates, customer information, carrier data) with any sub-processor beyond what is strictly necessary for hosting, infrastructure, payment processing, and AI-powered features.
4.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to: (a) comply with applicable law; (b) protect the rights, property, or safety of Company, our users, or the public; or (c) detect, prevent, or address fraud, security, or technical issues.
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.
5. Outlook Add-in — Detailed Data Practices
The WardenIQ Outlook Add-in requests ReadItem permission only. This means:
- The add-in can read the subject, body, and sender of the email you are currently viewing — and only when you actively open the add-in.
- The add-in cannot read other emails in your mailbox.
- The add-in cannot send emails on your behalf.
- The add-in cannot modify, move, or delete emails.
- The add-in cannot access your contacts, calendar, or any other mailbox data.
Email content is transmitted to our servers solely for freight data extraction. We do not store complete email messages. Structured freight data is retained only when you explicitly choose to create a quote request.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of active account + 90 days after cancellation |
| Quote and business data | Duration of active account + 90 days after cancellation |
| Email-extracted freight data | Duration of active account + 90 days after cancellation |
| Email credentials (IMAP/SMTP) | Deleted immediately upon disconnection or account cancellation |
| Billing records | 7 years (as required for tax and accounting compliance) |
| Usage logs and IP addresses | 90 days |
After the 90-day post-cancellation retention period, Customer Data is permanently deleted upon request. If no deletion request is received, data may be deleted at Company's discretion after the retention period.
7. Your Rights
7.1 All Users
- Access: You may request a copy of the personal information we hold about you.
- Correction: You may update or correct your account information through the dashboard or by contacting us.
- Deletion: You may request deletion of your account and all associated data by contacting us at [email protected].
- Data Export: You may request an export of your data in a standard, machine-readable format (CSV or JSON).
We will respond to all rights requests within thirty (30) days. We may verify your identity before fulfilling a request.
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is no need to opt out, but you may contact us to confirm.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond providing the Service.
To exercise any of these rights, contact us at [email protected]. We will respond within forty-five (45) days as required by CCPA.
7.3 Categories of Personal Information Collected (California Disclosure)
| Category (per CCPA) | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address | Yes |
| Commercial information | Subscription plan, billing history | Yes |
| Internet/electronic activity | Login timestamps, features used | Yes |
| Professional information | Company name, job title | Yes |
| Geolocation | IP-derived approximate location | Yes |
| Financial information | Last four digits of payment card (via Stripe) | Yes |
| Biometric information | N/A | No |
| Sensory data | N/A | No |
| Protected classifications | N/A | No |
We do not sell any of the above categories of personal information. We do not share personal information for cross-context behavioral advertising.
8. Cookies and Local Storage
The Service uses browser localStorage to store your authentication token. We do not use tracking cookies, third-party analytics cookies, or advertising cookies. No cookie consent banner is required because we do not use cookies for tracking or advertising purposes.
9. Children's Privacy
The Service is designed for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
10. International Data Transfers
The Service is operated from and data is processed in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
11. Data Breach Notification
In the event of a data breach that affects your personal information or business data, we will:
- Notify affected accounts by email within seventy-two (72) hours of confirming the breach.
- Include in the notification: the nature of the breach, the categories of data affected, the approximate number of affected accounts, the likely consequences, and the measures taken or proposed to address the breach.
- Notify applicable regulatory authorities as required by law.
12. Compliance
We process data under applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA). While we are not currently subject to the EU General Data Protection Regulation (GDPR), we apply data protection principles consistent with GDPR standards, including data minimization, purpose limitation, storage limitation, and the right to deletion. If you have specific compliance requirements (including GDPR, SOC 2, or industry-specific requirements), please contact us.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) sending an email to the address associated with your account; and (b) posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
Warden Technologies
Email: [email protected]
Privacy inquiries: [email protected]
Web: wardeniq.com/support