iShipBiz

Legal

Privacy Policy

Effective: May 1, 2026

How iShipBiz collects, uses, and protects your personal information. We comply with GDPR, CCPA, and applicable data protection laws.

1. What we collect

Account information: name, email, company, payment method (stored by Stripe).

Order data: shipping addresses, package details, carrier rates, label records — required to provide the Service.

Usage data: IP address, browser type, pages visited, actions taken — for security, analytics, and product improvement.

2. How we use it

To provide and operate the Service.

To send transactional emails (label receipts, wallet alerts, billing notifications).

To improve the Service and develop new features.

To comply with legal obligations and protect against fraud.

3. How we share it

With sub-processors required to provide the Service (Stripe for payments, EasyPost for carrier integration, Resend for email, Supabase for hosting). All sub-processors are bound by data protection terms.

With carriers (USPS, UPS, FedEx, DHL) when you generate a label — the carrier receives the shipping address and package details required to deliver it.

With law enforcement when required by valid legal process.

We do NOT sell your data, and we do NOT use it for advertising.

4. Data retention

Account and order data retained for as long as your account is active, plus 7 years for accounting compliance. After that, data is deleted or anonymized.

You can request export or deletion of your data at any time by emailing privacy@ishipbiz.com.

5. Your rights

GDPR: right to access, rectify, erase, restrict, object, and port. CCPA: right to know, delete, and opt out of sale (not applicable — we don’t sell data).

To exercise these rights, email privacy@ishipbiz.com from the address on your account.

6. Security

Encryption in transit (TLS 1.2+) and at rest. Carrier credentials encrypted with AES-256. Row-Level Security on all tenant data. SOC 2 Type II in progress; PCI-DSS compliance via Stripe.

7. International transfers

Data is processed primarily in the United States. EU data subjects: we rely on Standard Contractual Clauses for international transfers.

8. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

9. Changes

Material changes to this policy will be notified via email at least 30 days in advance.

10. Contact

Privacy questions: privacy@ishipbiz.com. EU representative on request.