Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

We collect information you provide directly:

• Account information (name, email, password)
• Shipping addresses (sender and recipient)
• Payment information (processed by Stripe)
• Business information (organization name, type)

We automatically collect:

• Usage data (pages visited, features used)
• Device information (browser, OS, IP address)
• Shipping activity (labels created, carriers used)

2. Data Collected via Shopify

If you install NinjaShip from the Shopify App Store, we access the following data through the Shopify Admin API:

• Order data — order number, line items, prices, fulfillment status
• Customer shipping information — recipient name, address, email, and phone number (used solely to generate shipping labels)
• Product data — product names, SKUs, weights (used to calculate shipping rates)
• Fulfillment data — fulfillment order IDs and status (used to write back tracking numbers)

We do not access or store Shopify customer payment information, passwords, or financial account details. When you uninstall the app, we deactivate your integration immediately and permanently delete all associated order and customer data within 48 hours.

3. Data Collected via WooCommerce

If you connect your WooCommerce store to NinjaShip, we access the following data through the WooCommerce REST API using the API keys you provide:

• Order data — order number, line items, prices, order status
• Customer shipping information — recipient name, shipping and billing address, email, and phone number (used solely to generate shipping labels)
• Store system status — used only to verify your connection credentials

Your WooCommerce API credentials (consumer key and secret) are encrypted at rest using AES-256-GCM. We do not access or store your customers' WooCommerce account passwords or payment card details. When you disconnect, you may request a full data purge which permanently deletes all orders and credentials from our systems.

4. How We Use Information

• Provide and improve the shipping service
• Process label purchases and wallet transactions
• Send transactional notifications (tracking updates, receipts)
• Provide customer support
• Detect and prevent fraud

5. Information Sharing

We share information with:

• Shipping carriers (USPS, UPS, FedEx, DHL) to create labels and track packages
• Payment processor (Stripe) to process wallet top-ups
• Cloud providers for hosting and infrastructure

We do not sell your personal information to third parties.

6. Data Security

We use industry-standard security measures including encryption at rest and in transit, role-based access controls, and regular security audits. OAuth tokens and API credentials for store integrations are encrypted with AES-256-GCM.

7. Data Retention

We retain account data for as long as your account is active. Shipping data is retained for 3 years for compliance purposes. You may request deletion of your data by contacting us.

For Shopify merchants: when you uninstall NinjaShip, we immediately deactivate your integration and revoke access tokens. Within 48 hours of uninstall, all order data and customer information associated with your store is permanently deleted from our systems.

For WooCommerce merchants: when you disconnect your store, we deactivate your integration and securely delete your API credentials. You may request a full data purge at any time, which permanently deletes all order data and customer information from our systems.

8. Geographic Processing

Your data is processed and stored in the United States. Our infrastructure providers include Vercel (serverless hosting, US regions), Neon (PostgreSQL database, US East), and AWS S3 (label storage, US East). If you are located outside the United States, your data will be transferred to and processed in the US.

9. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your shipping history
• Opt out of marketing communications

10. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (with consent) to understand how the Service is used.

11. Changes

We may update this policy. We will notify you of material changes via email or in-app notification.

12. Contact

For privacy questions, contact our Data Protection Officer at privacy@ninjaship.io.