When you register for a Blueclip account or interact with our sales team, we may collect your name, email address, job title, company name, phone number, and billing and payment information.
In the course of providing our warehousing and supply chain platform, we process data that you upload or generate through the platform, including warehouse inventory data, supply chain and logistics information, order and fulfillment records, supplier and vendor contact details, and other operational data you choose to store in Blueclip. We process this data solely to provide and maintain our services as described in your service agreement. Blueclip acts as a data processor with respect to Customer Business Data, and you, as the customer, remain the data controller.
We automatically collect certain information about how you interact with our platform, including pages visited and features used, session duration and frequency of use, browser type and device information, IP address (anonymized for analytics purposes), and referring URL and navigation patterns. Usage data is collected in anonymized and aggregated form through Google Analytics and does not include personally identifiable information.
We use cookies and similar technologies to maintain your session and authentication state, remember your preferences and settings, and understand aggregated usage patterns to improve our platform. For more detail, see Section 9 (Cookies) below.
When you contact us via email, support channels, or other communications, we collect the content of those communications along with associated metadata such as timestamps and sender information.
Blueclip processes personal data on the following lawful bases under the General Data Protection Regulation (GDPR):
We process your account information and customer business data as necessary to perform our contractual obligations to you, including providing access to the Blueclip platform, processing your warehousing and supply chain data, managing your account and user access, providing customer support, and issuing invoices and processing payments.
We process certain data based on our legitimate interests, where those interests are not overridden by your rights and freedoms. These legitimate interests include analyzing anonymized and aggregated product usage data (via Google Analytics) to improve our platform's functionality and user experience, improving the quality and accuracy of our AI agent through analysis of anonymized and aggregated data, ensuring the security and integrity of our platform, and preventing fraud and abuse. We have conducted Legitimate Interest Assessments for our analytics and AI improvement processing activities. These assessments are available upon request.
We process personal data where necessary to comply with applicable legal obligations, such as tax reporting, regulatory requirements, and responding to lawful requests from public authorities.
We use the information we collect to provide, operate, and maintain the Blueclip platform, process and manage your warehousing and supply chain operations, authenticate your identity and manage account access, communicate with you about your account and our services, monitor and improve the performance and reliability of our platform, analyze anonymized usage patterns to enhance features and user experience, ensure the security of our systems and detect potential threats, comply with legal obligations and enforce our terms of service, and respond to your requests and provide customer support.
We do not sell your personal information. We share your data only in the following circumstances:
We engage trusted third-party service providers (sub-processors) who assist us in operating our platform and delivering our services. These sub-processors process data on our behalf and are contractually bound to protect your information. See Section 8 for a list of our sub-processors.
We may disclose your information if required to do so by law, in response to valid legal process (such as a court order or subpoena), or to protect the rights, property, or safety of Blueclip, our customers, or the public.
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of active subscription, plus 90 days after termination |
| Customer business data | Duration of active subscription; deleted within 90 days of account termination unless otherwise specified in the customer agreement |
| Usage analytics (Google Analytics) | Anonymized and aggregated; retained indefinitely (no PII) |
| Application and access logs | 1 year |
| Communications data | 2 years from the date of the communication |
| Billing and payment records | As required by applicable tax and financial regulations (typically 5-7 years) |
Upon account termination, we delete or anonymize your data within the timeframes specified above. You may request earlier deletion by contacting us at privacy@blueclip.ai.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
If you are located in the EEA, you have the right to:
If you are located in the United Kingdom, you have equivalent rights to those listed in Section 6.1 under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You have the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing based on legitimate interest.
To lodge a complaint, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk.
If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the right to:
Blueclip will respond to access and correction requests within a reasonable period.
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to:
If you are a resident of Virginia, Colorado, Connecticut, Texas, Florida, or other US states with comprehensive privacy legislation, you may have similar rights to those described above, including the right to access, delete, and correct your personal data, as well as the right to opt out of targeted advertising (Blueclip does not engage in targeted advertising), data sales (Blueclip does not sell personal data), and profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise your rights under any applicable US state privacy law, please contact us at privacy@blueclip.ai.
To exercise any of these rights, please contact us at privacy@blueclip.ai. We will respond to your request within the timeframe required by applicable law: 30 days (GDPR / UK GDPR), 30 days (Australian Privacy Act — reasonable period), 45 days (CCPA/CPRA), or as otherwise required by your jurisdiction's law. We may need to verify your identity before processing your request. If you are an end user of one of our customer organizations, we may direct you to contact your organization's administrator, as Blueclip acts as a data processor on behalf of the customer (data controller).
Blueclip is headquartered in Delaware, United States. Customer data is processed and stored in US-based AWS data centers (us-east and us-west regions).
If you are located in the European Economic Area, your personal data will be transferred to the United States for processing. We protect these transfers through Standard Contractual Clauses (SCCs) as approved by the European Commission, incorporated into our Data Processing Agreements with customers and our agreements with sub-processors, the EU-US Data Privacy Framework, where applicable for certified vendors, and contractual and technical safeguards that ensure an equivalent level of data protection.
If you are located in the United Kingdom, your personal data will be transferred to the United States for processing. We protect these transfers through the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (UK Addendum), as issued by the Information Commissioner's Office, incorporated into our Data Processing Agreements, and contractual and technical safeguards that ensure an equivalent level of data protection.
If you are located in Australia, your personal data will be transferred to the United States for processing. We ensure that overseas recipients of personal information comply with the Australian Privacy Principles or are subject to a substantially similar privacy regime, in accordance with APP 8 (cross-border disclosure of personal information).
Blueclip offers a Data Processing Agreement (DPA) to customers that includes Standard Contractual Clauses and the UK Addendum for international transfers. You may request a copy of our DPA by contacting privacy@blueclip.ai.
Blueclip engages the following sub-processors to deliver and support our services:
| Sub-Processor | Purpose | Location | Data Processed |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, data storage, computing | United States | Customer business data, account information, application logs |
| Cloudflare | CDN, DDoS protection, WAF, DNS, TLS termination | United States (global edge network) | HTTP request metadata, customer traffic (in transit) |
| Kinde | Customer authentication, identity management, SSO | United States | Customer PII (email, name), authentication tokens, role/permission data |
| New Relic | Application monitoring | United States | Application logs, performance metrics |
| OpenAI | AI model inference (via Azure OpenAI Service) | United States | Customer business data processed by AI agent (warehouse queries, supply chain analysis) |
| Anthropic | AI model inference (via AWS Bedrock) | United States | Customer business data processed by AI agent (warehouse queries, supply chain analysis) |
| Langfuse | LLM observability and prompt management | Europe (EU) | AI interaction logs, prompt/completion metadata (no direct customer PII) |
All sub-processors are bound by Data Processing Agreements and are assessed for adequate data protection standards. We maintain a current list of sub-processors and will notify customers of any material changes through the mechanisms described in our customer DPA.
We use essential cookies that are strictly necessary for the operation of our platform. These include session cookies for authentication and login state, security cookies for CSRF protection and fraud prevention, and load balancing cookies for service reliability.
Essential cookies cannot be disabled as they are required for the platform to function.
We use Google Analytics for anonymized and aggregated product analytics. Google Analytics cookies collect data about feature usage and navigation patterns in a manner that does not identify individual users. No personally identifiable information is collected through analytics cookies.
You may manage your cookie preferences through your browser settings. Disabling essential cookies may affect your ability to use the platform.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption at rest (AES-256) and in transit (TLS 1.2+), role-based access control and least privilege principles, multi-factor authentication for administrative access, regular security assessments and vulnerability scanning, web application firewall (Cloudflare WAF), audit logging and monitoring, and incident response procedures with defined notification timelines.
For detailed information about our security practices, please refer to our SOC 2 Type I report, available upon request under NDA.
Blueclip does not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@blueclip.ai.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or through the platform. We encourage you to review this policy periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Blueclip Privacy x2i Inc. dba Blueclip Email: privacy@blueclip.ai Website: https://blueclip.ai
To report a security vulnerability or incident, please contact: security@blueclip.ai
For data protection inquiries specific to the GDPR, you may also contact our Data Protection Officer (DPO):
CTO Email: privacy@blueclip.ai