Shipsafershipsafer.app

Privacy Policy

Last updated: December 10, 2024

1. Introduction

This Privacy Policy describes how ShipSafer ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our Service.

We are a company registered in the United States, and we are committed to protecting your privacy in accordance with:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Other applicable US state and federal privacy laws
  • International data protection regulations where applicable (e.g., GDPR for EU users)

2. Data Controller Information

Business Location: United States

Contact Email: contact@shipsafer.app

Website: https://shipsafer.app

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address: For account identification, authentication, and communication
  • Full name: For personalization and invoicing purposes
  • Password: Securely hashed using bcrypt (we never store plain-text passwords)
  • Account status: Whether your account is active or disabled
  • Registration date: When you created your account

3.2 Billing and Payment Information

When you make a purchase, we collect:

  • Billing address: Street address, city, state/province, postal code, and country
  • Payment transaction data: Amount, currency, payment status, transaction IDs (processed by Stripe)
  • Invoice data: Generated and stored in compliance with US tax regulations and accounting standards

3.3 Usage Data

3.4 Domain Data

When you use ShipSafer, we store the domain URLs you add for security scanning.

4. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process payments and generate invoices
  • Send transactional emails (password reset, account updates)
  • Improve the Service and develop new features
  • Prevent fraud, abuse, and unauthorized access
  • Provide customer support and respond to your inquiries

5. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contractual necessity: To provide the Service and process your orders
  • Legitimate business interests: To improve the Service, prevent fraud and abuse, and ensure security
  • Legal compliance: To comply with applicable tax, financial reporting, and other legal requirements
  • Consent: For specific processing activities where required by law (you may withdraw consent at any time)

6. Data Sharing & Third Parties

We do not sell your personal data. We share your data only with:

  • Stripe: For secure payment processing
  • Cloud infrastructure providers: For secure hosting and database storage (MongoDB)
  • Email service providers (Resend): For transactional emails and notifications
  • Upstash Redis: For rate limiting and caching

Each provider processes data on our behalf under strict data protection agreements.

7. Data Retention

  • Account data: Retained while your account is active and for 12 months after closure
  • Billing/invoicing data: Retained for at least 7 years (US tax law and financial record-keeping requirements)
  • Content data: Retained until you delete the content or request account deletion

8. Security Measures

  • Encryption in transit (HTTPS/TLS) and at rest for sensitive data
  • Secure password storage using bcrypt
  • Regular backups and monitoring for suspicious activity

9. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Opt out of certain data processing activities, including the sale of personal information (we do not sell your data)
  • Withdraw consent: Withdraw consent for processing based on consent

California Residents: Under CCPA/CPRA, you have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt-out of sale (though we do not sell personal information).

To exercise these rights, contact contact@shipsafer.app. We will respond to your request within 30 days (or as required by applicable law).

10. International Data Transfers

Your data may be processed and stored on servers located in the United States and other jurisdictions. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses approved by the European Commission.

11. Cookies & Tracking

We use essential cookies to maintain sessions and track basic usage analytics. You can control cookies via your browser settings. Non-essential cookies will only be used with your consent.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the "Last Updated" date at the top of this page. Continued use of the Service indicates acceptance of the updated policy.

13. Contact

If you have any questions regarding this Privacy Policy, please contact us at contact@shipsafer.app.