Privacy Policy

Last update:
Wednesday, February 25, 2026

This Privacy Policy covers information we collect and use as part of operating our websites and Services. When we process data on behalf of our business customers through the Services, we do so as a service provider/processor under our customer agreements and applicable law.

1. IMPORTANT DEFINITIONS

  • Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual.

  • Customer Data means information (which may include personal information) that a customer or its authorized users submit to the Services or otherwise make available for processing through the Services.

  • Customer means the entity that enters into an agreement with Shipflow for the Services.


2. CONTROLLER VS. PROCESSOR (ENTERPRISE / DPA-READY)

For website visitors and prospects, Shipflow is generally the controller of personal information we collect directly (for example, demo requests).

For Customer Data processed through the Services, Shipflow generally acts as a processor/service provider on behalf of the Customer. In that context:

  • We process Customer Data only on the Customer’s documented instructions.

  • We assist Customers, as reasonably necessary, with requests from data subjects and with security and breach obligations, consistent with applicable law and our agreements.

  • We use Customer Data only to provide, secure, and improve the Services (and not for our own independent marketing).

  • We will delete or return Customer Data at the end of the Services, consistent with the Customer agreement and applicable law.

A separate Data Processing Addendum (DPA) is available for enterprise customers upon request or may be incorporated into the Customer agreement.


3. WHAT INFORMATION DO WE COLLECT?

In short: We collect information you provide, information we process for Customers, and information collected automatically when you use the Services.

3.1 Information you provide to us

We may collect personal information you choose to provide, such as:

  • Name, email address, company/role

  • Account credentials and authentication information

  • Billing/contact information (if applicable)

  • Communications with us (support requests, feedback, sales discussions)

3.2 Customer Data (processed on behalf of Customers)

Our Services may process Customer Data that Customers and their users submit or connect to the Services. Customer Data can include business communications, documents, and operational information necessary to perform the Services.

3.3 Information collected automatically

When you use the Services, we may automatically collect:

  • IP address and approximate location

  • Device, browser, and operating system information

  • Usage and interaction data (e.g., pages viewed, features used)

  • Log data, performance data, and diagnostic information

3.4 Cookies and similar technologies

We use cookies and similar technologies to operate the Services, remember preferences, and understand usage. You can manage cookies through your browser settings.


4. HOW DO WE PROCESS YOUR INFORMATION?

In short: We use information to provide and improve the Services, communicate with you, and keep the Services secure.

We may use information to:

  • Provide, operate, and maintain the Services

  • Process Customer Data to perform requested workflows

  • Respond to inquiries and provide customer support

  • Send administrative messages (service updates, security notices)

  • Improve product performance, reliability, and user experience

  • Protect against fraud, abuse, and security incidents

  • Comply with legal obligations

We do not sell personal information.


5. AI AND AUTOMATED PROCESSING

In short: The Services may use automated systems, including AI, to perform tasks requested by Customers.

Where the Services use AI or automated processing:

  • Processing may involve analyzing content submitted to the Services to perform requested tasks.

  • We implement safeguards designed to protect Customer Data.

  • We do not use Customer Data to train publicly available models.


6. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In short: We share information only when needed to run the Services, comply with the law, or in connection with business transfers.

We may share information:

  • With service providers that help us operate the Services (for example, hosting, security, analytics, customer support). They are required to protect information and use it only to provide services to us.

  • With affiliates (if any), consistent with this Privacy Policy.

  • For legal reasons (for example, to comply with law, enforce agreements, or protect rights and safety).

  • In connection with a business transfer (for example, merger, acquisition, financing, or sale of assets).


7. HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We keep information only as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • We retain account information while your account is active.

  • Customer Data retention is primarily determined by Customer agreements and configuration.

  • We may retain information to comply with legal obligations, resolve disputes, and enforce agreements.


8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In short: We use reasonable technical and organizational safeguards designed to protect information.

No method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your credentials and for using strong passwords.


9. DO WE COLLECT INFORMATION FROM MINORS?

In short: No. The Services are not intended for individuals under 18, and we do not knowingly collect personal information from children.


10. WHAT ARE YOUR PRIVACY RIGHTS?

In short: Depending on where you live, you may have rights to access, correct, delete, or object to certain processing.

Depending on your jurisdiction, you may have the right to:

  • Request access to personal information we hold about you

  • Request correction of inaccurate information

  • Request deletion of personal information

  • Object to or restrict certain processing

  • Request portability (where applicable)

To exercise these rights, contact us at admin@shipflow.ai. We may need to verify your identity before responding.


11. INTERNATIONAL TRANSFERS

The Services may process information in the United States and other jurisdictions. Where required, we take steps designed to provide appropriate safeguards for cross-border transfers.


12. DO-NOT-TRACK

Some browsers offer a “Do Not Track” (DNT) setting. At this time, we do not respond to DNT signals.


13. CALIFORNIA PRIVACY NOTICE (CCPA/CPRA)

This section applies to California residents to the extent Shipflow processes personal information as a business under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA").

13.1 Categories of personal information

In the past 12 months, we may have collected the following categories of personal information (depending on how you interact with us):

  • Identifiers (e.g., name, email address, IP address)

  • Internet or network activity (e.g., interactions with our website or Services)

  • Professional or employment-related information (e.g., company, title)

  • Customer Data submitted to the Services by Customers (processed on behalf of Customers)

13.2 Purposes for collection and use

We collect and use personal information for the business purposes described in this Privacy Policy, including providing the Services, security, and improving performance.

13.3 Disclosures

We may disclose personal information to service providers and contractors for business purposes, and to other parties as described in Section 6.

13.4 No sale or sharing

Shipflow does not sell personal information. Shipflow also does not share personal information for cross-context behavioral advertising.

13.5 Sensitive personal information

Shipflow does not use or disclose sensitive personal information for purposes that require an opt-out right under CPRA.

13.6 Your California rights

California residents may have the right to:

  • Know/access personal information collected, used, disclosed

  • Delete personal information

  • Correct inaccurate personal information

  • Opt out of sale/sharing (if applicable)

  • Limit certain uses of sensitive personal information (if applicable)

  • Not be discriminated against for exercising privacy rights

13.7 How to submit a request

Email us at [INSERT PRIVACY EMAIL] with the subject line “California Privacy Request.” We will verify your request and respond as required by law.

Authorized agents: You may designate an authorized agent to submit a request on your behalf, subject to verification requirements.


14. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. We will post the updated version and revise the effective date.


15. CONTACT US

Dear AI Inc. (dba Shipflow)
Email: legal@shipflow.ai