Winmore, Inc. (“Winmore,” “we,” “us,” or “our”) provides a pricing and process optimization software platform (the “Services”). This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights available to you under applicable United States privacy laws.
This Policy applies to visitors of our website at winmore.io and to users of our products and services. It does not apply to information we process on behalf of our business customers as a service provider, which is instead governed by the data processing terms in our customer agreements.
1. Scope of This Policy
This Policy describes our privacy practices for personal information collected through our website, our marketing activities, and our Services, as the controller or business with respect to that information.
If you are an authorized user of the Services through a Winmore business customer, your use of the Services may also be subject to your organization’s own policies. Information that our customers submit to or generate within the Services about their own customers, employees, or contacts is processed by Winmore as a service provider, under the terms of our agreement with that customer, and is not governed by this Policy.
2. Information We Collect
We collect the following categories of information:
2.1 Account and contact information
- Name, business email address, phone number, job title, and company name
- Account credentials, such as username and password
- Billing or account contact details you provide when you create an account or contact us
2.2 Usage and technical data
- Log data, including IP address, browser type, device identifiers, and operating system
- Pages viewed, features used, click activity, session duration, and referring/exit pages
- Timestamps, diagnostic data, and error reports
This usage and technical data is collected solely to operate, secure, and improve the Services — for example, to diagnose performance issues, detect unauthorized access, and understand feature adoption. It is distinct from, and does not include, the shipment, lane, pricing, or supply-chain content that customers submit to the Services, which is addressed in Section 1 and governed by the applicable customer agreement.
2.3 Communications
- Information you provide when you contact us for support, sales inquiries, or feedback
- Records of correspondence if you communicate with us via email, chat, or contact forms
2.4 Information from cookies and similar technologies
We and our service providers use cookies, pixels, and similar technologies to collect usage and technical data automatically. See Section 5 for details.
3. How We Use Information
We use the information described above to:
- Provide, operate, maintain, and improve the Services and our website
- Create and manage user accounts, and authenticate access
- Respond to inquiries, provide customer support, and communicate with you about the Services
- Send administrative information, service updates, security alerts, and, where permitted, marketing communications
- Monitor usage, diagnose technical issues, and maintain the security and integrity of our systems
- Analyze trends and usage patterns to improve functionality and user experience
- Comply with legal obligations, enforce our agreements, and protect our rights and the rights of others
3.1 AI, machine learning, and model training
We do not use a customer’s proprietary or confidential data — including pricing, rates, lanes, margins, or other shipment and supply-chain content submitted to the Services — to train, fine-tune, or improve any machine learning or optimization model in a way that benefits or is shared with any other customer or tenant. Each customer’s data remains logically isolated for these purposes, as described in Section 7.
Where we use de-identified or aggregated usage data to improve the general performance, reliability, or functionality of the Services, that data is processed in a manner designed to prevent re-identification of any individual customer, shipment, or pricing detail.
6. Data Retention
We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of information and the purpose for which it was collected. When information is no longer needed, we take reasonable steps to delete, anonymize, or securely dispose of it.
7. Data Security
We maintain administrative, technical, and physical safeguards designed to protect personal information and customer data against unauthorized access, disclosure, alteration, and destruction. These safeguards include:
- Encryption — encryption of data in transit, and encryption of data at rest using industry-standard methods.
- Logical multi-tenant isolation — each customer’s data is logically segregated within our multi-tenant architecture, with access controls designed to prevent one customer or tenant from accessing another customer’s pricing, lane, shipment, or other proprietary data.
- Access controls — role-based access limited to authorized personnel on a need-to-know basis, with authentication controls on all administrative access.
- Monitoring and incident response — continuous monitoring of our systems and a documented incident-response process.
- Independent assurance — Winmore maintains a SOC 2 Type II (or equivalent) program; current certification status and reports are available to enterprise customers upon request and under NDA.
8. Your Privacy Rights
Depending on your state of residence, you may have the right to:
- Know/Access — request information about the personal information we have collected about you and how it has been used and shared
- Delete — request deletion of personal information we have collected from you, subject to certain exceptions
- Correct — request correction of inaccurate personal information
- Non-discrimination — not be discriminated against for exercising your privacy rights
- Appeal — appeal a decision we make in response to your request, where applicable
To exercise these rights, contact us using the information in Section 13. We will verify your request using information associated with your account or other reasonably available means before responding. You may also designate an authorized agent to submit a request on your behalf, subject to our ability to verify the agent’s authority.
9. State-Specific Disclosures
This section provides additional disclosures required under certain U.S. state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and comparable laws in other states.
9.1 Categories of personal information collected
In the preceding 12 months, we have collected the categories of personal information described in Section 2, which generally correspond to identifiers, account information, and internet or network activity information under applicable state law definitions.
9.2 Sources of information
We collect information directly from you, automatically through your use of our website and Services, and from service providers acting on our behalf.
9.3 Purposes of collection and disclosure
We collect and disclose personal information for the business and commercial purposes described in Sections 3 and 4.
9.4 Sale or sharing of personal information
We do not sell personal information for monetary consideration. We do not “share” personal information for cross-context behavioral advertising as defined under the CCPA, except to the extent our use of analytics or advertising cookies described in Section 5 may be interpreted to constitute sharing under applicable law. Where applicable, you may opt out using the contact details in Section 13.
9.5 Sensitive personal information
We do not collect sensitive personal information beyond account credentials necessary to provide the Services.
9.6 Right to opt out of automated decision-making
We do not currently use personal information to make decisions that produce legal or similarly significant effects through automated processing without human involvement.
10. International Users
Winmore’s customers and authorized users include organizations and individuals located outside the United States, including in the European Union and United Kingdom. If you access our website or Services from the EU, UK, or another jurisdiction with its own data protection law, the following applies in addition to the rest of this Policy:
- We act as a processor with respect to customer data submitted to the Services by our business customers, and as a controller with respect to account, contact, and usage data described in Section 2.
- Where required, we rely on appropriate cross-border transfer mechanisms — such as Standard Contractual Clauses or successor frameworks — to transfer personal information to the United States. Details of the applicable mechanism are set out in our Data Processing Agreement.
- For EU customers we are fully GDPR compliant and adhere to the Standard Contractual Clauses (SCCs).
11. Data Transfers
Winmore is based in the United States, and information we collect is processed and stored in the United States. If you access our website or Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, which may have data protection laws different from those of your jurisdiction.
12. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated Policy on this page and revise the “Last Updated” date above. Material changes will be communicated as required by applicable law.
13. Contact Us
If you have questions about this Policy or wish to exercise your privacy rights, please contact us:
Winmore, Inc.
1390 Market Street, Suite 200, San Francisco, CA 94102, United States
Email: isg@winmore.app
Website: https://winmore.io