1. Information We Collect · 我们收集什么
To provide the Service we collect:
- Account info: email address, name, profile picture (via Google OAuth for administrators), or username (for sub-accounts).
- Warehouse credentials you provide: WMS / BirdSystem login credentials, warehouse codes. Stored only on the server we operate, encrypted at rest where applicable.
- Operational logs: timestamps, success / failure status, error messages, IP addresses on login.
- Generated PDFs: shipping manifests / labels produced by daily runs. Retained for 7 days then auto-deleted.
- Billing info via Stripe: handled by Stripe directly; we never see card numbers.
为提供服务,我们收集:管理员的 Google 账号资料、子账号的用户名;您主动配置的 WMS / 飞鸟登录凭据 + 仓库代码;运行日志(时间戳、成败、错误、登录 IP);自动产出的 PDF(保留 7 天);通过 Stripe 处理的支付信息(我们不接触卡号)。
2. How We Use It · 我们如何使用
- To authenticate you and authorize access to your warehouse
- To run the daily automation on your behalf
- To bill you per successful run and notify you of failures or low balance
- To detect and prevent abuse (failed logins → temporary lockout)
用于身份认证、代您执行自动化、按成功 run 计费及发送告警、防御暴力破解。
3. Data Retention · 数据保留
- Generated PDFs: 7 days, then auto-deleted
- Run logs: 7 days
- Login attempts: 30 days for security audit
- Account & billing records: as long as the account is active and applicable legal requirements
4. Data Sharing · 第三方共享
We do not sell your data. We share data only with:
- Stripe — billing & payments processing
- Google — when you sign in with Google OAuth (admins only)
- Your warehouse system providers (xlwms / birdsystem) — automation logs into their systems on your behalf using credentials you provided
不出售用户数据。仅与:Stripe(支付)、Google(管理员 OAuth 登录时)、您授权的仓库系统(xlwms / 飞鸟,自动化执行时)共享必要信息。
5. Security · 安全
- HTTPS-only via Cloudflare and Let's Encrypt
- Passwords stored using scrypt with random per-user salts
- Brute-force defense: 5 failures in 15 minutes locks an account
- Database (Postgres) listens only on localhost; no public exposure
- Single-purpose API tokens for infrastructure components
6. Your Rights · 您的权利
You can request to:
- Access the data we hold about you
- Correct inaccurate information
- Delete your account (which deletes all associated PDFs and credentials)
- Export your usage history
如需访问、修正、删除或导出您的数据,请发邮件至 [email protected]。
7. Cookies · Cookie
We set a single cookie wh_token (httpOnly, Secure, SameSite=Lax) to keep you signed in.
No tracking cookies, no analytics tags, no third-party advertising.
仅设置 1 个用于保持登录状态的 cookie wh_token,无追踪、无广告 SDK。
8. Children · 儿童
The Service is for businesses and is not intended for children under 16.
9. Changes · 政策变更
We will post material changes here with a new date and notify active users via email.
10. Contact · 联系
Questions: [email protected]