Privacy Policy

Welcome to ShipSmarter ("ShipSmarter", "we", "us", or "our"). We operate the website at https://shipsmarter.vip and provide a multi-tenant shipping management platform for FedEx resellers and their clients (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, or use our Service. Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2.1 Information You Provide Directly

When you register for an account, use our Service, or communicate with us, we may collect:

• Account Information: Name, email address, password (stored as a secure hash), and account role.
• Shipping Information: Sender and recipient names, company names, physical addresses, phone numbers, and email addresses used for creating shipping labels.
• Package Details: Package dimensions, weight, declared value, service type, and special handling instructions.
• Payment Information: Billing details processed through Stripe. We do not store full credit card numbers, CVV codes, or card expiration dates on our servers. Stripe handles all payment card data in accordance with PCI-DSS standards.
• Business Information: For reseller accounts: company name, business address, billing contact information, and API credentials.
• Communication Data: Messages, feedback, or support requests you send to us.

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information, including:

• Device Information: Browser type, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, features used, time spent on pages, click patterns, and navigation paths.
• Log Data: IP address, access times, referring URLs, and server response codes.
• Session Data: Authentication tokens stored in secure HTTP-only cookies for maintaining your login session.

2.3 Information from Third Parties

• FedEx: Tracking status updates, delivery confirmations, and shipment event data for packages shipped through our platform.
• Stripe: Payment confirmation status and transaction identifiers (no card details are shared back to us).
• OAuth Providers: If you sign in via a third-party authentication provider, we receive your name, email, and a unique identifier.

We use the information we collect for the following purposes:

• Service Delivery: To create shipping labels, process shipments, track packages, and provide the core functionality of our platform.
• Account Management: To create and manage your account, authenticate your identity, and maintain your session.
• Billing and Payments: To process payments, manage account balances, generate invoices, and handle refunds.
• Communication: To send transactional emails (shipping confirmations, tracking updates, password resets), respond to support requests, and send service-related announcements.
• Analytics and Improvement: To understand usage patterns, improve our Service, develop new features, and optimize performance.
• Security: To detect and prevent fraud, unauthorized access, and other security threats. This includes IP allowlisting, rate limiting, and audit logging.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who assist us in operating the Service:

• FedEx: Sender and recipient address information, package details, and service preferences necessary to generate shipping labels and track shipments.
• Stripe: Payment processing information necessary to complete transactions.
• Mailgun: Email addresses for sending transactional emails (shipping notifications, account verification, password resets).
• Cloud Infrastructure: Data is stored on secure cloud servers with encryption at rest and in transit.

4.2 Reseller Relationships

If you use our Service through a reseller's portal, the reseller who manages your account may have access to your shipping data, account activity, and usage statistics. Resellers are contractually obligated to protect your information in accordance with this Privacy Policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• Court orders, subpoenas, or legal process
• Requests from law enforcement agencies
• To protect our rights, privacy, safety, or property
• To investigate potential violations of our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). Sensitive data is encrypted at rest.
• Password Security: Passwords are hashed using bcrypt with salt rounds, ensuring they cannot be recovered even in the event of a data breach.
• Access Controls: Role-based access control (RBAC) ensures that users, resellers, and administrators only access data appropriate to their role.
• API Security: API access is protected by authentication tokens, rate limiting, IP allowlisting, and idempotency controls.
• Audit Logging: Administrative actions and sensitive operations are logged for security monitoring and compliance.
• Regular Backups: Data is backed up daily to prevent loss in the event of system failure.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

We use the following cookies and similar technologies:

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service, particularly authentication features.

Our Service integrates with the following third-party services, each with their own privacy policies:

• FedEx — Shipping label generation and package tracking. FedEx Privacy Policy
• Stripe — Payment processing. Stripe Privacy Policy
• Mailgun — Transactional email delivery. Mailgun Privacy Policy
• Google Maps — Map visualization for shipment analytics. Google Privacy Policy

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy:

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
• Shipment Records: Retained for a minimum of 7 years to comply with tax and regulatory requirements.
• Transaction Records: Retained for a minimum of 7 years for financial compliance and audit purposes.
• Audit Logs: Retained for 2 years for security monitoring and compliance.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can update or correct inaccurate personal information through your account settings or by contacting us.
• Deletion: You can request deletion of your personal information, subject to legal retention requirements.
• Portability: You can request your data in a structured, commonly used, machine-readable format.
• Opt-Out: You can unsubscribe from marketing communications at any time using the unsubscribe link in our emails or through your account settings.
• Restriction: You can request that we restrict processing of your personal information in certain circumstances.
• Objection: You can object to the processing of your personal information for certain purposes.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete your personal information, and the right to opt-out of the sale of your personal information. As stated above, we do not sell personal information.

European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your information includes: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), and consent (where applicable, such as marketing communications).

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 18, please contact us at [email protected].

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses approved by the European Commission where applicable.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice on our website.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: