1. Home
  2. /
  3. Privacy Policy

Privacy Policy

Last updated: March 20, 2026

Ward (“Ward,” “we,” “us,” or “our”) operates the getward.ai platform and related services (collectively, the “Platform”). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, use our Platform, or interact with us in any way.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when you interact with our website or Platform:

  • Contact & Account Information. Name, work email address, company name, phone number, job title/role, and other details you provide when filling out forms, requesting demos, or creating an account.
  • Business Information. Retail vertical, number of stores, operational goals, and other business context you share during onboarding or intake.
  • Communications. Any messages, feedback, or correspondence you send to us via email, forms, or other channels.

1.2 Customer Operational Data

When you use the Platform, Ward ingests and processes data from your connected business systems to deliver AI-powered insights. This may include:

  • Point-of-sale transaction data
  • Inventory and supply chain data
  • ERP and financial data
  • Marketing and promotional performance data
  • Customer behavior and loyalty data (as provided by you)
  • Any other operational data you choose to connect via integrations

This data is processed solely to provide the Platform’s services to you. We do not sell, share, or use your operational data for any purpose other than delivering and improving the Platform for your account.

1.3 Automatically Collected Information

When you visit our website, we automatically collect certain information:

  • Usage Data. Pages visited, time spent on pages, clicks, scroll depth, referring URLs, and navigation paths.
  • Device Information. Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Network Information. IP address (which may be anonymized), approximate geographic location, and internet service provider.

1.4 Cookies & Tracking Technologies

We use cookies and similar technologies to collect usage data and improve your experience. See Section 9 for details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Platform. To deliver, maintain, and improve the Ward Platform, including generating AI-powered insight cards, running AI agents, and processing natural language queries against your data lake.
  • Communication. To respond to your inquiries, send onboarding information, deliver product updates, and provide customer support.
  • Analytics & Improvement. To understand how our website and Platform are used, identify trends, and improve functionality, performance, and user experience.
  • Security. To detect, prevent, and address fraud, unauthorized access, and other security issues.
  • Legal Compliance. To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Marketing. To send you information about Ward’s products and services that may be relevant to you, subject to your communication preferences and applicable law. You may opt out of marketing communications at any time.

3. Data Processing & AI

Ward uses artificial intelligence and machine learning to analyze your operational data and generate insights. Specifically:

  • AI Agents. Ward deploys specialized AI agents (Inventory, Pricing, Promo, Shrinkage, Demand, and Customer agents) that continuously analyze your data to surface anomalies, opportunities, and recommendations.
  • Model Training. Ward’s AI models improve over time as they process your data and learn from the actions you take on insights. Your data is used to train models specific to your account. We do not use one customer’s operational data to train models for another customer without explicit consent.
  • Feedback Loop. When you rate insights (helpful/not helpful) or take actions on insight cards, this feedback is used to refine the accuracy of Ward’s recommendations for your specific operation.
  • No Selling of Data. We do not sell, rent, or trade your operational data or AI-generated insights to third parties. Your data remains yours.

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit. All data transmitted between your systems and Ward is encrypted using TLS 1.3.
  • Encryption at Rest. All stored data is encrypted using AES-256 encryption.
  • SOC 2 Type II. Ward is currently pursuing SOC 2 Type II certification through Vanta, with continuous monitoring of security, availability, and confidentiality controls.
  • Access Controls. Role-based access controls (RBAC) ensure that only authorized personnel can access your data. All access is logged and auditable.
  • Infrastructure. Our cloud infrastructure is hosted on enterprise-grade platforms with physical security, redundancy, and disaster recovery capabilities.
  • On-Premise Option. For customers with heightened security requirements, Ward offers on-premise deployment where data never leaves your own infrastructure.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Retention

  • Account Data. We retain your account and contact information for as long as your account is active or as needed to provide services. Upon account termination, we retain data for a reasonable period to comply with legal obligations, resolve disputes, and enforce agreements, after which it is securely deleted.
  • Operational Data. Customer operational data is retained for the duration of the subscription. Upon termination, you may request a data export. After the export window (typically 30 days), operational data is permanently deleted from our systems.
  • Website Analytics. Aggregated and anonymized analytics data may be retained indefinitely for research and improvement purposes.
  • Lead Form Data. Information submitted via contact forms is retained for up to 24 months unless you request earlier deletion.

6. Third-Party Services

We use the following third-party services to operate our website and Platform:

  • Google Analytics (GA4). For website usage analytics. Google Analytics may collect your IP address and use cookies to track website interactions. See Google’s Privacy Policy.
  • Google reCAPTCHA v3. To protect our forms from spam and abuse. reCAPTCHA collects hardware and software information and sends it to Google for analysis. See Google’s Privacy Policy.
  • SendGrid (Twilio). For transactional and notification emails. SendGrid processes email addresses and message content. See Twilio’s Privacy Policy.
  • Calendly. For demo scheduling. When you book a demo, Calendly processes your name, email, and scheduling preferences. See Calendly’s Privacy Policy.
  • Cloud Infrastructure. Our Platform is hosted on enterprise cloud infrastructure providers that maintain their own security certifications and compliance programs.

We require all third-party service providers to handle your data in accordance with applicable data protection laws and our contractual obligations.

7. Your Rights

7.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Request correction of inaccurate or incomplete personal data.
  • Deletion. Request deletion of your personal data, subject to legal retention requirements.
  • Portability. Request a machine-readable copy of your personal data.
  • Restriction. Request that we restrict the processing of your personal data under certain circumstances.
  • Objection. Object to the processing of your personal data for direct marketing or other purposes.
  • Withdrawal of Consent. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

7.2 GDPR (European Economic Area)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Our legal bases for processing personal data include: performance of a contract, legitimate interests, compliance with legal obligations, and consent. You have the right to lodge a complaint with your local data protection authority.

7.3 CCPA (California)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. Ward does not sell personal information. To exercise your CCPA rights, contact us at hello@getward.ai.

To exercise any of your rights, please contact us at hello@getward.ai. We will respond to your request within 30 days or as required by applicable law.

8. Data Sharing

We do not sell your personal information or operational data. We may share information in the following limited circumstances:

  • Service Providers. With third-party vendors who assist us in operating the Platform (hosting, email, analytics), subject to contractual data protection obligations.
  • Legal Requirements. When required by law, regulation, legal process, or governmental request.
  • Business Transfers. In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change.
  • With Your Consent. When you have given us explicit consent to share your information for a specific purpose.
  • Aggregated Data. We may share aggregated, de-identified data that cannot reasonably be used to identify you for industry benchmarking, research, or marketing purposes.

9. Cookies & Tracking

Our website uses the following types of cookies:

  • Essential Cookies. Required for basic website functionality (e.g., form submissions, navigation).
  • Analytics Cookies. Used by Google Analytics to understand how visitors interact with our website. These cookies collect information anonymously and report website trends.
  • Security Cookies. Used by Google reCAPTCHA to distinguish human visitors from automated bots.

We do not use advertising or cross-site tracking cookies. You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

10. International Data Transfers

Ward is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) where required by applicable law.

For on-premise deployments, your data remains within your chosen infrastructure and jurisdiction.

11. Children’s Privacy

The Platform is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@getward.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page.
  • Notify active customers via email for material changes that affect the processing of operational data.
  • Post the updated policy on our website.

Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries related to GDPR, you may also contact our Data Protection Officer at the email address above.