Compliance
Last updated: January 11, 2026
Our Compliance Commitment
Ship-ify is committed to maintaining compliance with applicable data protection regulations and industry standards. We design our services to help you meet your own compliance obligations while protecting the privacy and security of all users.
GDPR Compliance (European Union)
For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):
- Lawful Basis: We process personal data based on contractual necessity (to provide our services) and legitimate interests (to improve our platform)
- Data Minimization: We collect only the data necessary to provide our services
- Right to Access: Request a copy of your personal data at any time
- Right to Rectification: Update or correct your personal information
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Portability: Export your data in a machine-readable format
- Right to Object: Object to processing of your personal data for certain purposes
To exercise any of these rights, contact us at privacy@ship-ify.com.
PIPEDA Compliance (Canada)
For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA):
- Accountability: We are responsible for personal information under our control
- Identifying Purposes: We clearly identify why we collect personal information
- Consent: We obtain meaningful consent for the collection and use of personal information
- Limiting Collection: We limit collection to what is necessary for identified purposes
- Accuracy: We keep personal information accurate and up-to-date
- Safeguards: We protect personal information with appropriate security measures
- Openness: We make our privacy policies readily available
- Individual Access: You can request access to your personal information
- Challenging Compliance: You can challenge our compliance with these principles
CCPA Compliance (California)
For California residents, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request information about the personal data we collect about you
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Correct: Request correction of inaccurate personal information
- Right to Limit: Limit the use of sensitive personal information
Categories of Information Collected: Account information (email, name), usage data (API requests, analytics), and payment information (processed by Stripe).
We Do Not Sell Personal Information: Ship-ify does not sell, rent, or trade your personal information to third parties for monetary consideration.
PCI DSS Compliance
Ship-ify does not directly handle payment card data. All payment processing is performed by Stripe, which is certified as a PCI Level 1 Service Provider - the most stringent level of certification available in the payments industry.
- Credit card numbers never touch our servers
- Payment forms are served directly from Stripe's secure infrastructure
- We only store Stripe customer IDs and subscription metadata
Data Processing Locations
Our services and data are hosted in secure cloud infrastructure. Your data may be processed in the following locations:
- Application Servers: United States
- Database: Neon PostgreSQL (with data centers in the US)
- Payment Processing: Stripe (global infrastructure with regional data residency options)
- Authentication: OAuth providers (Google, GitHub) process authentication in their respective infrastructures
For EU users, international data transfers are conducted in compliance with GDPR requirements, including appropriate safeguards such as Standard Contractual Clauses where applicable.
Third-Party Sub-processors
We use the following third-party services to provide our platform:
| Service | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | Global |
| Neon | Database hosting | United States |
| Google OAuth | Authentication | Global |
| GitHub OAuth | Authentication | United States |
Compliance Summary
GDPR Ready
Full support for EU data subject rights
PIPEDA Compliant
Meeting Canadian privacy requirements
CCPA/CPRA Compliant
California consumer privacy rights supported
PCI DSS
Payment processing via Stripe (PCI Level 1)
Data Processing Agreement
Enterprise customers who require a Data Processing Agreement (DPA) can contact us at legal@ship-ify.com. Our standard DPA includes:
- Standard Contractual Clauses for international transfers
- Detailed security measures and obligations
- Sub-processor notification procedures
- Data breach notification commitments
Contact Us
For compliance-related inquiries or to exercise your data protection rights:
- Privacy Inquiries: privacy@ship-ify.com
- Legal & DPA Requests: legal@ship-ify.com
- General Support: support@ship-ify.com