Your AI warehouse manager. You talk to it like a regular person. It handles process updates, training, and warehouse communication — the stuff that normally takes a team of people emailing back and forth.

You upload your process. Bullwhip builds your SOPs, translates them, and makes them available on the floor. When something changes, you send a message and every warehouse has it by next shift.

What languages does it support?

Any language your warehouses need. Bullwhip translates your SOPs and trainings automatically. Your team in Reno and your team in Madrid get the same process, in their own language.

What if I switch warehouses?

Your process lives in Bullwhip, not in the warehouse. Add a new 3PL and they're running your standards on day one. Your operational knowledge stays with you.

No. Bullwhip doesn't replace your WMS or any system your warehouse already runs. It handles the human coordination layer — the stuff that falls between the systems.

How much does it cost?

We're in early access right now. Sign up and we'll walk you through it.

Privacy Policy.

Effective date: April 13, 2026 · Last updated: April 13, 2026

Bullwhip, Inc. (doing business as Bullwhip AI, and referred to in this policy as “Bullwhip,” “we,” “us,” or “our”) operates the website and application at bullwhip.so. This policy explains what personal information we collect, how we use it, and what rights you have — in clear language, because we think that's how it should be done.

We handle real operational data for real businesses. Your SOPs, your verification records — that's sensitive stuff, and we treat it that way.

This policy complies with applicable U.S. federal and state privacy laws.

1. Who we are and how to reach us

Bullwhip, Inc.
Seattle, Washington, United States

Privacy inquiries: privacy@bullwhip.so

2. Scope and applicability

Bullwhip, Inc. is a U.S. company serving U.S. customers. We do not direct our services toward individuals outside the United States. We do not collect or process consumer health data.

If we begin directing services toward individuals outside the United States, we will update this policy before doing so.

3. What we collect and why

Account information

What: Name, email address, organization name
Source: You, during account registration or early access signup
Why: To create and manage your account, communicate about the service, and provide support
How long: Duration of your account, plus a reasonable period after termination or a verified deletion request

Authentication credentials

What: Hashed passwords, OAuth tokens, magic-link tokens
Source: You at login, or your single sign-on provider
Why: To verify your identity and keep your account secure
How long: Duration of your account. Session tokens expire per our session policy.

Uploaded content

What: SOP documents (PDF, DOCX, PPTX, images) and photos submitted for visual verification
Source: You or your authorized team members
Why: To provide the core service — document comprehension, question answering, translation, and visual verification
How long: Until you delete the content or your account is terminated

Usage data

What: Questions asked, answers received, documents viewed, verification results
Source: Generated through your use of the application
Why: To provide and improve the service
How long: Duration of your account, plus a reasonable wind-down period after termination

Internet and network activity

What: Pages visited, time on site, browser type, referring URL, pseudonymous client identifiers, IP address
Source: Collected automatically via our analytics and hosting providers
Why: To understand how visitors use our site, maintain security, and diagnose technical issues
How long: Per our providers' default retention settings

What we do not collect

We do not request or intentionally collect sensitive personal information, including biometric identifiers, precise geolocation, or data revealing racial or ethnic origin, religious beliefs, or sexual orientation.

Our photo verification feature analyzes images of fulfillment work — packaging, labeling, and shipment preparation — against your documented standards. It does not capture, extract, store, or analyze biometric identifiers. If a photo incidentally contains a person's likeness, we do not use that image to identify, profile, or create a biometric template of any individual.

Content you upload may incidentally contain other sensitive information (for example, visible name badges or document metadata). Where this occurs, we process that content solely to provide the service.

4. How we process your content

When you upload SOPs or submit photos for verification, we transmit that content to our AI processing provider via API. Your content is processed in real time and returned to our application.

Under our AI provider's current terms and technical configuration, your content is not used to train AI models and is not retained beyond the duration of the processing request. If this changes materially, we will update this policy before the change takes effect.

Uploaded documents and generated responses are stored in our database infrastructure and isolated to your organization using row-level security policies.

5. How we use automated processing

Bullwhip AI uses artificial intelligence to interpret SOPs, answer questions, translate content, and compare fulfillment photos against your documented standards. Our AI generates informational outputs for review by your authorized team members. It does not autonomously make employment, financial, or legal decisions about individuals.

6. Data isolation

Every organization's data is logically isolated at the database level using row-level security policies. Your SOPs, usage data, and verification records are isolated from other customers' data.

7. How we use your information

We use personal information to provide and operate the Bullwhip AI service, process your SOPs and generate AI-powered responses, communicate with you about your account, operate and improve our website and application, maintain the security of our systems, and comply with legal obligations.

We do not use your personal information for any purpose materially different from what is described here without providing you with notice.

8. Sale and sharing of personal information

We do not sell your personal information. We do not use your uploaded content to train AI models. We do not share your content or account information with other customers or third parties for their own commercial purposes.

Our analytics provider uses cookies and pseudonymous identifiers to measure website traffic. Under some state privacy laws, this may constitute “sharing” of personal information. You can opt out by:

Enabling Global Privacy Control (GPC) in your browser
Disabling analytics cookies in your browser settings
Installing the Google Analytics Opt-out Browser Add-on

We honor Global Privacy Control signals as a valid opt-out request under applicable state law.

9. Service providers

We use the following categories of service providers who process personal information on our behalf under their respective terms of service:

Category	Purpose	Data processed
Cloud database and authentication	Database storage, authentication, file storage	Account information, uploaded documents, usage data, authentication credentials
AI processing	Document comprehension, Q&A, translation, visual verification	Uploaded SOP content, user questions, photos submitted for verification
Single sign-on	OAuth-based authentication	Email address, name (when using SSO)
Form submission	Early access form handling	Email address
Analytics	Website traffic measurement	Pseudonymous usage data, cookies, client identifiers
Hosting and CDN	Website and application hosting, edge delivery	Server logs (IP address, browser info), request metadata

Category

Cloud database and authentication

Purpose

Database storage, authentication, file storage

Data processed

Account information, uploaded documents, usage data, authentication credentials

Category

AI processing

Purpose

Document comprehension, Q&A, translation, visual verification

Data processed

Uploaded SOP content, user questions, photos submitted for verification

Category

Single sign-on

Purpose

OAuth-based authentication

Data processed

Email address, name (when using SSO)

Category

Form submission

Purpose

Early access form handling

Data processed

Email address

Category

Analytics

Purpose

Website traffic measurement

Data processed

Pseudonymous usage data, cookies, client identifiers

Category

Hosting and CDN

Purpose

Website and application hosting, edge delivery

Data processed

Server logs (IP address, browser info), request metadata

A current list of named sub-processors is available on request at privacy@bullwhip.so. We may update our service providers from time to time.

10. Cookies

Strictly necessary cookies. Session cookies that maintain your authenticated state. Required for the service to function.

Analytics cookies. Our analytics provider sets cookies to distinguish unique visitors and measure site usage. You may manage these through your browser settings, GPC signals, or the Google Analytics Opt-out Add-on. Disabling analytics cookies will not affect your ability to use the application.

11. Your privacy rights

Depending on where you live, applicable state privacy law may give you the following rights:

Right to know. You can request the categories and specific pieces of personal information we have collected about you.

Right to delete. You can request that we delete the personal information we have collected from you, subject to certain legal exceptions.

Right to correct. You can request that we correct inaccurate personal information.

Right to opt out of sharing. You may opt out using the methods described in this policy.

Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.

To exercise your rights, email privacy@bullwhip.so. We will verify your identity and respond within 45 days. If we decline a request, we will explain why and provide information about how to appeal, where applicable. We honor Global Privacy Control signals as a valid opt-out under applicable law.

12. Data security

Encryption in transit: All data is transmitted over HTTPS/TLS.
Database isolation: Row-level security policies isolate each organization's data.
Access controls: Only authorized personnel can access account data and uploaded content.
Credential storage: Passwords are stored using industry-standard one-way hashing. We never store them in plaintext.

No method of electronic transmission or storage is completely secure. We implement reasonable safeguards but cannot guarantee absolute security. If you believe your account has been compromised, contact us at privacy@bullwhip.so.

13. Data breach notification

If we confirm a security breach involving unauthorized access to personal information that is reasonably likely to cause harm, we will notify affected users and any required regulatory authorities as required by applicable law.

14. International website visitors

If you visit our website from outside the United States, data collected through analytics and server logs will be transferred to and processed in the United States.

15. Data retention and deletion

We retain personal information only as long as reasonably necessary to fulfill the purposes described in this policy. Specific retention guidance is listed in Section 3. Residual copies may persist in encrypted backups for a limited period, consistent with our backup rotation schedule.

To request deletion, email privacy@bullwhip.so.

16. Children's privacy

Our service is not directed at children under 16. We do not knowingly collect personal information from consumers under 16. If you believe we have inadvertently collected information from a child, contact us at privacy@bullwhip.so.

17. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date and notify affected users by email before the changes take effect. The current version will always be available at bullwhip.so/privacy.

18. Governing law

Any disputes arising from this policy are governed by the laws of the State of Washington, United States. Nothing in this section limits your rights under applicable state consumer privacy laws.

19. Contact

Bullwhip, Inc.
Seattle, Washington, United States
privacy@bullwhip.so

We aim to respond to all privacy inquiries within 10 business days, and to formal rights requests within the timeframes required by applicable law.