Privacy Policy

This connector lets an AI assistant you choose (e.g. Claude or ChatGPT) act on your behalf against your Warp freight account through the Model Context Protocol. It is operated by Warp (wearewarp.com). It is a thin, stateless gateway — it does not run your AI assistant and does not maintain its own copy of your freight data.

Only what the tools you invoke require, using the authorization you grant at sign-in: freight quotes, bookings, shipments and tracking events, shipment documents (BOL/POD), invoices, saved pickup/delivery locations and load templates, and your payment status — limited to whether a card is on file plus its brand and last four digits. We never receive full card numbers.

When you sign in, your email and password are transmitted directly to Warp's authentication service to mint a scoped access key. We never store your password, and the AI assistant never receives it.

Nothing persistent about your freight activity. The only stored items are: (1) an opaque, AES-256-GCM-encrypted access token held by your AI client — it contains your scoped Warp key sealed so only this service can read it, and we keep no copy; and (2) short-lived entries in a key-value store used solely to enforce one-time authorization codes and token revocation (seconds-to-days TTL, containing random identifiers, no personal data). We do not keep databases of your shipments and we do not log your credentials or freight data.

Tool results are returned only to the AI client you connected, to fulfill the requests you make. We do not sell, rent, or share your information with third parties, and we do not use it for advertising or to train models.

Booking a shipment charges the payment method already on file in your Warp account. Payments are processed by Warp's existing billing systems, not by this connector.

You can disconnect the connector in your AI client at any time, call the connector's revocation endpoint, or rotate your key in your Warp account — any of which invalidates access. Access tokens also expire automatically.

All traffic is served over HTTPS. Access tokens are AES-256-GCM encrypted; sign-in uses OAuth 2.1 with PKCE and a one-time, single-use authorization code. Credentials and freight data are never written to logs.

Questions about this policy or your data: support@wearewarp.com · wearewarp.com.

We may update this policy; material changes will be reflected by the “last updated” date above.