Privacy Policy
This Privacy Policy explains how WM Systems Ltd (“WeldMaster”, “we”, “us”), a company registered in Ireland, collects, uses, and protects information when you use the WM Management System™ (the “Service”). It applies to visitors to this site and to authorised users of the Service.
1. Information we collect
- Account & identity. When you sign in with your work account (Microsoft Entra ID), we receive your name, email/UPN, a stable user identifier, and your organisation (tenant) identifier.
- Customer data. The welding QA/QC records you and your team enter or import — weld logs, drawings, materials and mill certificates, welders and qualifications, NDT records, and documents.
- Usage & diagnostics. Logs, audit entries, and basic telemetry needed to operate, secure, and support the Service (for example, timestamps, actions taken, IP addresses in server access logs — retained for approximately 30 days — and error reports).
2. How we use information
- To provide, maintain, and secure the Service and your tenant's data.
- To authenticate users and enforce role-based access and tenant isolation.
- To maintain the audit trail your QA processes and your auditors rely on.
- To provide support and to diagnose and fix problems.
3. Tenant isolation & security
Each customer's data is isolated at the database level (row-level security) and scoped to that customer's tenant on every request. Access requires authentication via your identity provider and an assigned role. Data is encrypted in transit and at rest; secrets are held in a managed key vault; the database is not publicly reachable and is backed up automatically.
4. Sub-processors
We use a limited set of service providers to run the Service:
- Microsoft Azure — hosting, database, storage, and identity (Entra ID).
- Anthropic — AI document extraction (Claude vision) on documents you choose to import.
We will update this list if we engage additional sub-processors.
5. Data retention
We retain customer data for as long as your account is active and as needed to provide the Service and meet legal/QA recordkeeping obligations. Audit records are retained as part of the system of record. On termination, your data remains available for export for 90 days and is then deleted.
6. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete personal data — for users in the EU and UK this includes rights under the GDPR / UK GDPR. Because we process most data on behalf of your organisation, please direct such requests to your organisation's administrator in the first instance.
7. Cookies & local storage
Neither this site nor the Service sets advertising or analytics cookies — this site sets no cookies at all, loads no third-party scripts or fonts, and uses no trackers. The Service keeps strictly necessary data in your browser's local storage: your Microsoft sign-in tokens, a random device identifier used to enforce per-user device limits, and interface preferences such as your selected project and screen. Clearing your browser storage removes these and signs you out.
8. Changes to this policy
We may update this policy from time to time; we will post the revised version here with a new date.
9. Contact
Questions about privacy: contact your organisation's administrator, or raise a request through the in-app support channel (“Report a problem”) in the Service.