Privacy Policy.
Effective Date: July 7, 2026
Bullwhip, Inc. (“Bullwhip,” “we,” “us”) runs the website at bullwhip.so and the application at app.bullwhip.so. One policy covers both. It tells you what we collect, why we collect it, who handles it, and how to tell us to stop.
Our customers run real operations on Bullwhip: SOPs, verification records, team messages. We treat all of it as confidential operational data. This page is that commitment, in writing.
1. Who we are
Bullwhip, Inc.
1522 Western Ave, STE 82527
Seattle, Washington 98101, United States
privacy@bullwhip.so
We answer privacy inquiries within 10 business days, and formal rights requests within the timeframes the law sets.
2. What we collect
| Category | What | Why | How long |
|---|---|---|---|
| Account details | Name, email, organization, job title, preferred language. Your mobile number, if you turn on text messaging. | Creating and running your account, support, pilot requests | Life of your account, plus a short wind-down after termination or a verified deletion request |
| Sign-in | OAuth tokens, magic-link tokens, session cookies. Sign-in is single sign-on or an emailed magic link; we do not collect or store passwords. | Verifying it's you | Life of your account; sessions expire on schedule |
| Your content | SOP documents (PDF, DOCX, PPTX, images) and photos submitted for visual verification | The core service: document comprehension, answers, translation, verification | Until you delete it or your account is terminated |
| Messages | Content of SMS and WhatsApp exchanges with the service, delivery metadata, your opt-in record | So your team can ask and get answers by text (Section 4) | Life of your account; consent records as long as the law requires |
| People you loop in | Names, contact details, and replies of contacts your workspace designates | Routing questions to the person you name, following up, recording the answer | Life of the workspace; removal on request |
| Usage | Questions asked, answers received, documents viewed, verification results | Running and improving the service | Life of your account, plus a short wind-down |
| Site and network | Pages visited, browser type, referring URL, pseudonymous identifiers, IP address | Security, diagnostics, cookieless traffic measurement | Raw server logs are short-lived, held for days, not months. Analytics identifiers are discarded within a day; what remains is aggregate, with no personal identifiers. |
Everything above comes from you, your workspace, or your use of the service, with one exception: the contacts your workspace designates, whose details come from your workspace and whose replies come from them. If that's you and you want your information out, email privacy@bullwhip.so.
We do not request or intentionally collect sensitive personal information: no biometric identifiers, no precise geolocation, no data about race, ethnicity, religion, or sexual orientation. We do not collect or process consumer health data.
Photo verification compares images of fulfillment work (packaging, labeling, shipment prep) against your documented standards. It does not capture, extract, store, or analyze biometric identifiers. If a photo happens to include a person, we do not use it to identify, profile, or build a biometric template of anyone. And if your uploads incidentally contain sensitive details (a visible name badge, document metadata), we process them solely to provide the service.
3. How we process your content
When you upload SOPs, submit photos, or ask questions, we send that content to our AI processing providers via API and return the result to the application. Their terms and our configuration agree on the important part: your content is never used to train their models. Providers may hold API inputs and outputs for a limited period, currently up to 30 days, for service integrity and abuse prevention, then delete them. If that changes materially, this policy changes first, and you hear about it before it does.
To answer questions and keep your knowledge base searchable, we also store material derived from your content: extracted text, summaries, and numerical representations (embeddings).
Documents, derived data, and generated responses live in our database, isolated to your organization by row-level security policies. Every customer's data is separated the same way.
Bullwhip uses artificial intelligence to interpret SOPs, answer questions, translate, and check photos against your standards. Its outputs are informational and reviewed by your team. It sends outbound messages only to people your workspace designates, within the approval settings your workspace controls. It does not autonomously make employment, financial, or legal decisions about anyone.
4. Text messaging (SMS and WhatsApp)
Text messaging is optional and per person, with an affirmative opt-in that we record. Message frequency varies with your team's use. Message and data rates may apply. Reply STOP at any time to stop, or HELP for help.
SMS travels through our messaging provider and the telecommunications carriers between us and your phone. WhatsApp messages are delivered through the WhatsApp Business Platform and are also subject to WhatsApp's own terms and privacy policy.
We do not share mobile phone numbers or opt-in information with third parties or affiliates for their marketing or promotional purposes.
5. What we never do
We do not sell your personal information. Not outright, not as “sharing,” not dressed up as anything else. We do not use your content to train AI models. We do not hand your content or account information to other customers, or to third parties for their own commercial purposes. We run no advertising trackers and no visitor-identification tools; our website analytics are cookieless, aggregate, and do not follow you across sites. We honor Global Privacy Control signals as a valid opt-out under applicable state law. Older Do Not Track browser signals never got a settled meaning; since we do not track anyone across sites, there is nothing for them to turn off.
One caveat, and it's just how delivery works: an email or text can't reach you without passing through our communications providers, the carriers, and, for WhatsApp, the WhatsApp Business Platform. They process it to deliver your messages and for limited operational purposes (security, abuse prevention, legal compliance) under their own terms. Not for advertising.
And we do not use your personal information for any purpose materially different from this policy without telling you first.
6. Service providers
These categories of providers process personal information on our behalf under their respective terms:
| Category | Purpose | Data processed |
|---|---|---|
| Cloud database and authentication | Database storage, authentication, file storage | Account information, uploaded documents, derived data, messages, usage data, sign-in tokens |
| AI processing | Document comprehension, Q&A, translation, visual verification, search indexing | Uploaded content, questions, verification photos, text derived from your content |
| Document conversion | Converting uploaded documents between formats so they can be processed | Uploaded documents, transiently: files are deleted from the conversion service within 24 hours, and we keep no copies there |
| Single sign-on | OAuth-based authentication | Email address, name (when using SSO) |
| Email delivery | Pilot requests, account email, workspace-approved outbound email, receiving replies | Names, email addresses, message content, including the message you submit with a pilot request |
| Text messaging (SMS and WhatsApp) | Delivering and receiving text messages | Phone numbers, message content, delivery metadata, opt-in records |
| Analytics | Website traffic measurement (cookieless) | Aggregated, anonymized usage metrics |
| Hosting and CDN | Website and application hosting, edge delivery | Server logs (IP address, browser info), request metadata |
| Bot protection | Verifying that form submissions come from people | Browser signals used for the verification challenge (IP address, browser characteristics); the provider also uses these signals to improve its own bot detection, under its own terms |
We protect our forms from bots with Cloudflare Turnstile. The details live in the Turnstile Privacy Addendum, which you acknowledge by using our forms.
A current list of our other sub-processors is available on request at privacy@bullwhip.so. We may update our providers from time to time.
7. Cookies
Session cookies keep you signed in to the application; the service doesn't work without them. That's the whole list. This website sets no analytics cookies and shows no cookie banner because there is nothing to consent to.
8. Your rights
Depending on where you live, state privacy law may give you the right to know what we've collected about you, to delete it (subject to legal exceptions), to correct it, and to opt out of sharing. We will never treat you worse for exercising any of these. They apply whether we collected your information from you directly or because a workspace designated you as a contact.
To exercise them, email privacy@bullwhip.so, yourself or through an authorized agent; if an agent writes, we verify with you directly before acting. We verify your identity and respond within 45 days. If we decline, we explain why and how to appeal, where applicable.
9. Security and breaches
- Encryption in transit: everything moves over HTTPS/TLS.
- Isolation: row-level security separates each organization's data.
- Access: only authorized personnel can reach account data and uploaded content.
- Tokens: sign-in, invitation, and reply tokens are stored one-way hashed, never in plaintext.
No system is completely secure, and anyone who promises otherwise is selling something. We implement reasonable safeguards and won't pretend they're absolute. If we confirm a breach involving unauthorized access to personal information that is reasonably likely to cause harm, we notify affected users and regulators as applicable law requires. If you think your account is compromised, write privacy@bullwhip.so.
10. Retention and deletion
We keep personal information only as long as reasonably necessary for the purposes in this policy; the table in Section 2 has the specifics. Residual copies may persist in encrypted backups for a limited period, per our backup rotation. To request deletion, email privacy@bullwhip.so.
11. Where this applies
Bullwhip is a U.S. company serving U.S. customers; we do not direct the service toward individuals outside the United States, and if that changes, this policy changes first. If you visit the site from abroad, analytics and server-log data is processed in the United States. The service is not directed at children under 16 and we do not knowingly collect their information; if you believe we have, contact us.
12. Changes
When we make material changes, we update the effective date and notify affected users by email before the changes take effect. No silent edits. The current version always lives at bullwhip.so/privacy.
If Bullwhip merges with or is acquired by another company, personal information may transfer as part of that transaction. It stays subject to this policy until the policy is changed the way this section describes.
13. Governing law
Disputes arising from this policy are governed by the laws of the State of Washington, United States. Nothing here limits your rights under applicable state consumer privacy laws.