Privacy Policy

Last updated: March 5, 2026

1. Introduction

celerity AI ("we", "us", "our") operates the celerity AI platform at celerityai.io and related services. We are committed to protecting the privacy and security of your personal data.

This Privacy Policy explains how we collect, use, store, and share your information when you use our platform, including our use of Google API services.

celerity AI is an Assisted Intelligence platform for freight forwarders. We process business emails, shipping documents, and rate sheets using AI to help freight forwarding teams work more efficiently.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and role
  • Authentication credentials (managed via Supabase Auth)

2.2 Business Data You Provide

Through your use of the platform, we process:

  • Freight forwarding emails (rate requests, quotations, operational communications)
  • Shipping documents (bills of lading, commercial invoices, packing lists)
  • Rate sheets and pricing data
  • Company and contact information related to your freight operations

2.3 Google User Data

If you connect your Google account, we access the following data through the Gmail API (readonly):

  • Email messages — We read incoming emails to automatically classify and extract freight-related data (rate requests, quotations, shipment updates)
  • Email metadata — Sender, recipient, subject, date, and threading information
  • Email profile — Your Gmail email address to validate the connection

We request the gmail.readonly scope only. We never send, delete, or modify your emails.

2.4 Automatically Collected Information

  • Browser type, IP address, and device information
  • Usage patterns and feature interactions within the platform

3. How We Use Your Information

We use your information to:

  • Provide the platform services — Email ingestion, AI document processing (OCR, classification, data extraction), quotation management, and analytics dashboards
  • Process emails — Automatically triage freight-related emails, extract rate data, and create actionable items for your team
  • Generate business insights — Provide management dashboards, commercial intelligence, and operational visibility
  • Improve the platform — Analyze usage patterns to enhance features and performance
  • Provide support — Respond to your inquiries and troubleshoot issues
  • Ensure security — Detect and prevent unauthorized access or misuse

4. Google API Services — Limited Use Disclosure

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Limited use — We only use Google user data to provide and improve the user-facing features of our platform (email ingestion and freight document processing).
  • No transfer to third parties — We do not transfer Google user data to third parties, except as necessary to provide the service, comply with applicable laws, or as part of a merger or acquisition with adequate data protection.
  • No advertising — We do not use Google user data for serving advertisements.
  • No human reading — We do not allow humans to read Google user data unless: (a) you have given explicit affirmative consent to view specific messages, (b) it is necessary for security purposes (investigating abuse or security incidents), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

5. Data Storage & Security

5.1 Tenant Isolation

Each customer's data is stored in a dedicated, isolated database (Supabase project). Your data is never co-mingled with other customers' data. This Hub-Spoke architecture provides infrastructure-level isolation — your database is exclusively yours.

5.2 Security Measures

  • Encryption at rest and in transit (TLS 1.2+)
  • Sensitive data encrypted with Supabase Vault (pgsodium)
  • OAuth2 tokens stored encrypted, never in plaintext
  • Row-Level Security (RLS) policies on all database tables
  • Role-based access control via JWT custom claims
  • Regular security audits and compliance reviews

5.3 Compliance

  • CAIQ v4.0.3 — 94% compliance
  • SOC 2 Type I/II — in progress
  • CSA STAR for AI Level 1 — pursuing
  • GDPR-ready data handling practices

6. Data Sharing

We do not sell your data. We may share data only in these limited cases:

  • AI processing providers — We use Mistral AI for document processing (OCR, classification, data extraction). Data sent for processing is used solely to provide the service and is not retained by the provider for training purposes.
  • Infrastructure providers — Supabase (database hosting), Render (application hosting). These providers process data on our behalf under strict data processing agreements.
  • Legal requirements — When required by law, regulation, or legal process.
  • Business transfers — In connection with a merger, acquisition, or sale of assets, with adequate data protection safeguards.

7. Data Retention

We retain your data for as long as your account is active and as needed to provide the services. Business data (emails, documents, rates) is retained in your dedicated database for the duration of your subscription.

Upon account termination, we will delete your data within 90 days, unless retention is required by law. Since each tenant has a dedicated database, deletion is comprehensive and complete.

8. Your Rights

You have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data
  • Portability — Request your data in a machine-readable format
  • Restriction — Request limitation of processing
  • Objection — Object to processing based on legitimate interests
  • Revoke Google access — You can disconnect your Google account at any time from your account settings or from your Google Account permissions page. Upon revocation, we will stop accessing your Gmail data immediately and delete cached email data within 30 days.

To exercise any of these rights, contact us at contact@celerityai.io.

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies.

10. Children's Privacy

Our platform is designed for business use by freight forwarding professionals. We do not knowingly collect information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.

12. Contact Us

For privacy-related inquiries: