Introduction

Ship-ify ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our shipping optimization API and related services.

This policy complies with applicable privacy laws including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy regulations.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name and email address
Password (stored in encrypted form)
OAuth provider information (if using Google or GitHub sign-in)
Billing information (processed securely by Stripe)

1.2 API Usage Data

When you use our API, we collect:

API request metadata (timestamps, endpoints, response times)
Usage metrics (items processed, success/error rates)
API key identifiers

Note: We do not permanently store the actual item dimensions or order details you send to the API. This data is processed in memory to generate optimization results and is not retained after the response is returned.

1.3 Technical Information

We automatically collect:

IP addresses
Browser type and version
Device information
Cookies and similar technologies

2. How We Use Your Information

We use collected information to:

Provide and maintain our Services
Process payments and manage subscriptions
Monitor usage and enforce rate limits
Improve our algorithms and services
Send service-related communications
Detect and prevent fraud or abuse
Comply with legal obligations

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

Contract Performance: Processing necessary to provide the Services you requested
Legitimate Interests: Improving our services, preventing fraud, and ensuring security
Legal Compliance: Meeting legal obligations
Consent: Where you have given explicit consent for specific processing

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

Service Providers: Third parties that help us operate (e.g., Stripe for payments, cloud hosting providers)
Legal Requirements: When required by law, subpoena, or court order
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize sharing

5. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. Specifically:

Account data: Retained until account deletion
Usage logs: Retained for 90 days for analytics, then aggregated
Billing records: Retained for 7 years for legal compliance
API request data: Not stored beyond request processing

6. Your Privacy Rights

6.1 All Users

You have the right to:

Access your personal information
Correct inaccurate data
Delete your account and associated data
Export your data in a portable format
Opt out of marketing communications

6.2 GDPR Rights (EEA Users)

If you are in the European Economic Area, you additionally have the right to:

Object to processing based on legitimate interests
Restrict processing in certain circumstances
Withdraw consent at any time
Lodge a complaint with a supervisory authority

6.3 CCPA Rights (California Residents)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed
Say no to the sale of personal information (we do not sell your data)
Request deletion of personal information
Non-discrimination for exercising privacy rights

6.4 PIPEDA Rights (Canadian Users)

Canadian users have the right to:

Access your personal information held by us
Challenge the accuracy and completeness of your data
Withdraw consent (subject to legal restrictions)
File a complaint with the Privacy Commissioner of Canada

7. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit (TLS/HTTPS) and at rest
Secure password hashing (bcrypt)
Regular security audits
Access controls and authentication
Secure API key generation and storage

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Data processing agreements with service providers
Compliance with applicable data protection laws

9. Cookies and Tracking

We use cookies and similar technologies to:

Essential cookies: Required for authentication and security
Analytics cookies: Help us understand how you use our Services (e.g., Google Analytics)

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

10. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Services. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries or to exercise your rights, contact our Privacy Team:

Email: privacy@ship-ify.com

We will respond to your request within 30 days (or sooner if required by applicable law).

13. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection representative at:

Email: dpo@ship-ify.com