Privacy Policy

1. Introduction
Welcome to ShipWatch, a Shopify app based in the Netherlands ("we," "us," or "our"). We take the privacy of our users seriously. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use ShipWatch and related services (the "Service").

By using ShipWatch, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Data We Collect
- Merchant Data: When a Shopify Merchant installs and uses the ShipWatch app, we collect information such as store name, store URL, order information, shipping details, 3PL provider details, invoice data, and other relevant store data required to provide the Service.
- 3PL and Carrier Data: We collect information about your third-party logistics (3PL) providers and shipping carriers, including performance metrics, cost structures, invoices, tracking information, and delivery statistics.
- Device and Technical Information: Such as IP addresses, browser type, operating system, and referring URLs to help us improve the Service and ensure compatibility.

3. How We Use Your Data
We use personal data for the following purposes:
- Service Provision: To operate and maintain the ShipWatch functionality, enabling Merchants to monitor shipments, verify invoice accuracy, and optimize shipping strategies.
- Analytics and Improvement: To analyze shipping patterns, identify cost-saving opportunities, and improve ShipWatch's features, user experience, and performance.
- Benchmarking: To provide anonymized comparative data that helps Merchants understand how their shipping costs and carrier performance compare to industry standards.
- Marketing and Communications: With your consent, we may use your email address and other data to send promotional offers, updates, newsletters, or product recommendations.
- Compliance and Legal Requirements: We may process data to comply with applicable laws, regulations, and legal requests, or to enforce our Terms & Conditions and other agreements.

4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we rely on the following legal bases to process your personal data:
• Consent: Where you have provided your consent (e.g., for marketing communications).
• Legitimate Interests: For improving the Service, ensuring security, and providing a seamless user experience.
• Contractual Obligations: To provide the Service as agreed with Merchants and Users.
• Legal Requirements: To comply with applicable laws and regulations.

5. Data Sharing and Disclosure
We do not sell or rent your personal data to third parties. We may share data in the following circumstances:
- Service Providers: We may engage trusted third-party service providers to perform functions such as hosting, data analysis, email delivery, and customer support. These providers will have access to personal data only as necessary to perform their functions and are obligated to maintain confidentiality.
- Anonymized Data: We may share anonymized, aggregated data about shipping costs, carrier performance, and other metrics to create industry benchmarks and improve our service.
- Legal Compliance: We may disclose data if required by law, subpoena, or legal process, or if we believe it is necessary to protect our rights, users, or others.
- Business Transfers: In the event of a merger, acquisition, sale of assets, or similar transaction, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Retention
We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. For shipping and invoice data, we typically retain information for up to 24 months to provide year-over-year analysis and trends. Once we no longer need the data, we will securely delete or anonymize it.

7. Security Measures
We take reasonable measures to protect personal data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. However, no method of data transmission or storage is entirely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Your Rights
Depending on your location and applicable laws (such as GDPR), you may have the following rights regarding your personal data:
• Access: Request access to the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal or contractual restrictions.
• Objection and Restriction: Object to or request that we limit certain processing activities.
• Portability: Request a copy of your personal data in a portable format.
• Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise these rights, please contact us at the contact information provided below. We will respond to your request within the timeframe required by applicable law.

9. International Data Transfers
If your data is transferred outside the EEA or other regions with data protection laws, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other lawful transfer mechanisms.

10. Third-Party Links
ShipWatch may contain links to third-party websites or resources that we do not control. This Privacy Policy does not apply to such third parties, and we encourage you to review their privacy policies before providing any personal data.

11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will post the updated version on our website or through the Service and indicate the “Last Updated” date. Your continued use of ShipWatch after any changes have been made signifies your acceptance of the revised Privacy Policy.

12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: privacy [at] shipwatch.io.