shiponline
Draft for review. The content below is a structural placeholder. It will be replaced with counsel-drafted final language before shiponline.app accepts public traffic. Per the Phase 8 compliance checklist this work is queued for a SaaS lawyer.
Back to home
Legal

Privacy Policy

Effective date: pending counsel review

1. Introduction

This Privacy Policy explains what data shiponline.app collects, how we use it, and what choices you have. By using the service you agree to the practices described here. Counsel will add the formal definitions block before launch.

2. Information we collect

Account information you provide (email, name, password hash via bcrypt). Shipping information you enter (sender + recipient addresses, parcel dimensions, weights, tracking numbers). Payment information stored by Stripe - we receive only the last four digits and brand for display. Usage data from your interactions with the app (page views, feature usage) for product improvement.

3. How we use information

To operate the service - buying carrier labels, sending tracking notifications, displaying your order history. To improve the product - usage telemetry helps prioritise what to build next. To comply with legal obligations - tax records, dispute response, fraud prevention.

4. Sharing with carriers and processors

Shipping data goes to USPS, UPS, FedEx, and DHL as needed to buy the label and track it. Payment data goes to Stripe. Email data goes to SendGrid for transactional notifications. Object storage uses Cloudflare R2. We do not sell shipping history or recipient lists.

5. Retention

Account data is retained while your account is open. Closed-account data is wiped within 30 days except where retention is required by law (tax records, etc.). Specific retention periods to be set by counsel.

6. Your rights

Depending on where you live (GDPR / CCPA / etc.), you may have rights to access, correct, port, or delete your data. Email privacy@shiponline.app to exercise these rights and we'll respond within the statutory window for your jurisdiction.

7. Cookies

We use first-party cookies for sign-in sessions and CSRF protection. Counsel will draft the EU cookie-consent block here - required for any EU traffic per the Phase 8 compliance review.

8. Security

Data in transit is TLS-encrypted. Passwords are stored as bcrypt hashes (never plaintext). Card data is stored by Stripe, not by us. We follow industry-standard practices but no system is perfectly secure - if we discover a breach affecting your data we'll notify you promptly.

9. Children's privacy

shiponline.app is not directed at children under 13 (or the equivalent age in your jurisdiction). We do not knowingly collect data from them.

10. Changes to this policy

We may update this policy; substantive changes will be announced in-app and via email at least 30 days before they take effect.

11. Contact

Privacy questions can be sent to privacy@shiponline.app. The final contact channel will be confirmed by counsel.