Privacy Policy

1. Data Controller

NinjaShip is operated by [COMPANY_LEGAL_NAME], located at [COMPANY_ADDRESS] ("we," "us," or "our"). We are the data controller responsible for your personal data processed through the Service.

For privacy questions, contact us.

2. Information We Collect

We collect information you provide directly:

• Account information (name, email, password)
• Shipping addresses (sender and recipient)
• Payment information (processed securely by Stripe — we never see your full card number)
• Business information (organization name, type)

We automatically collect:

• IP address (used transiently for rate limiting, not stored persistently)
• Shipping activity (labels created, carriers used, transaction history)
• API request logs (endpoint, timestamp, response status — retained for debugging and retained for up to 30 days)

3. Data Collected via Shopify

If you install NinjaShip from the Shopify App Store, we access the following data through the Shopify Admin API:

• Order data — order number, line items, prices, fulfillment status
• Customer shipping information — recipient name, address, email, and phone number (used solely to generate shipping labels)
• Product data — product names, SKUs, weights (used to calculate shipping rates)
• Fulfillment data — fulfillment order IDs and status (used to write back tracking numbers)

We do not collect data directly from your customers — all customer data is received through the Shopify Admin API based on the permissions you grant during installation.

We do not access or store Shopify customer payment information, passwords, or financial account details.

On uninstall: We immediately deactivate your integration and revoke access tokens. Within 48 hours of receiving Shopify's shop/redact webhook, all order data and customer information associated with your store is permanently deleted from our systems.

Data subject requests: If a Shopify merchant or their customer submits a data access or deletion request, we will fulfill it within 30 days. Shopify forwards these requests to us via mandatory compliance webhooks (customers/data_request, customers/redact), which we process automatically.

4. Data Collected via WooCommerce

If you connect your WooCommerce store to NinjaShip, we access the following data through the WooCommerce REST API using the API keys you provide:

• Order data — order number, line items, prices, order status
• Customer shipping information — recipient name, shipping and billing address, email, and phone number (used solely to generate shipping labels)
• Store system status — used only to verify your connection credentials

Your WooCommerce API credentials (consumer key and secret) are encrypted at rest using AES-256-GCM. We do not access or store your customers' WooCommerce account passwords or payment card details.

On disconnection: We deactivate your integration and securely delete your API credentials. You may request a full data purge at any time, which permanently deletes all order data and customer information from our systems.

Data subject requests: WooCommerce merchants may request an export or deletion of all customer and order data associated with their store by contacting us. We will fulfill these requests within 30 days.

5. Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual necessity — we need your data to provide the shipping service you signed up for (creating labels, processing payments, tracking packages)
• Legitimate interest — account security, rate limiting, and service reliability
• Consent — by connecting your Shopify or WooCommerce store, you consent to the data processing described in this policy. You may withdraw consent at any time by disconnecting your store.

6. Purpose Limitation

We process personal data solely for the purposes described in this policy. We do not use your data or your customers' data for advertising, profiling, marketing to end customers, or any purpose unrelated to providing the shipping service. We do not sell, rent, or share personal data with third parties for their own marketing purposes.

7. How We Use Information

• Provide and improve the shipping service
• Process label purchases and wallet transactions
• Send transactional notifications (e.g., team invites, account alerts)
• Provide customer support

8. Information Sharing & Sub-processors

We share information with the following third-party service providers (sub-processors) as necessary to operate the Service:

• EasyPost — shipping API provider that interfaces with USPS, UPS, FedEx, and DHL to create labels and track packages. Receives sender/recipient addresses and parcel details. (Privacy Policy)
• Stripe — payment processor for wallet top-ups and payment methods. Receives payment card data directly via Stripe Elements. (Privacy Policy)
• Postmark — transactional email service for account notifications. Receives recipient email addresses. (Privacy Policy)
• Vercel — serverless hosting platform (US regions). (Privacy Policy)
• Neon — PostgreSQL database hosting (US East). (Privacy Policy)
• AWS S3 — label file storage (US East). (Privacy Policy)
• Inngest — background job processing for order syncing and tracking updates. (Privacy Policy)

We do not sell your personal information to third parties.

9. Data Security

We use industry-standard security measures including encryption at rest and in transit, and role-based access controls. OAuth tokens and API credentials for store integrations are encrypted with AES-256-GCM. Passwords are hashed with bcrypt. For more details, see our Security page.

10. Data Retention

We retain account data for as long as your account is active. Shipping and transaction data is retained for as long as necessary to provide the service and comply with legal obligations (e.g., financial transaction records for tax and accounting purposes). You may request deletion of your data by contacting us.

Shopify merchants: When you uninstall NinjaShip, we immediately deactivate your integration and revoke access tokens. Within 48 hours of Shopify's shop/redact notification, all associated order and customer data is permanently deleted.

WooCommerce merchants: When you disconnect your store, we deactivate your integration and securely delete your API credentials. You may request a full data purge at any time via the integration settings or by contacting us.

11. Geographic Processing

Your data is processed and stored in the United States. Our infrastructure providers include Vercel (US regions), Neon (US East), and AWS S3 (US East). If you are located outside the United States, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

12. Your Rights

You have the right to:

• Access your personal data via your account dashboard
• Correct inaccurate data via your profile and settings
• Request deletion of your data by contacting us
• Request a data export — we will provide a copy of your personal data in a machine-readable format within 30 days
• Withdraw consent for data processing by disconnecting your store integration

We will fulfill all data subject requests within 30 days. In cases where deletion cannot be completed (e.g., financial transaction records required for tax compliance or an active legal dispute), we will inform you of the specific reason and the data that must be retained.

To exercise any of these rights, contact us.

13. Cookies

We use cookies in limited cases such as OAuth login flows. Our primary authentication uses token-based sessions stored in your browser. We do not use advertising or third-party tracking cookies.

14. Changes

We may update this policy. We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect.