ShipEasy
Install on Shopify

Privacy Policy

Last updated: 2026-05-24 · Publisher: Provenance SCS Inc., dba ShipEasy · Contact: privacy@shipeasyco.com

Postal address: 2323 Main St., Suite W21, Irvine, CA 92614

1. Scope

This Privacy Policy describes how Provenance SCS Inc., a California corporation doing business as “ShipEasy” (“ShipEasy”, “we”, “us”), collects, uses, and shares information through the ShipEasy Shopify app (the “App”) and related services (the “Service”). It applies to merchants who install the App on their Shopify store and, indirectly, to the customers of those merchants whose order data flows through the App for freight-shipment processing.

The App is intended for U.S.-based Shopify merchants and their shipments tendered through U.S. motor carriers.

2. Our role: Controller / Business and Processor / Service Provider

  • For data about merchants (Shopify store owners and their staff users): ShipEasy is the data controller (GDPR / UK GDPR) and the Business (under U.S. state privacy laws including CCPA / CPRA).
  • For data about customers of those merchants (shipping recipients): the merchant is the data controller and the Business. ShipEasy acts as a data processor (GDPR / UK GDPR) and a Service Provider (CCPA / CPRA) on the merchant’s documented instructions, processing only the data needed to generate and fulfill Bills of Lading.

If you are a merchant: you remain responsible for informing your end customers that their shipment data is shared with us as your processor / Service Provider.

3. Information we collect

3.1 From Shopify (when a merchant installs the App)

  • Shop identity: shop domain, shop ID, name, primary location.
  • App OAuth: an offline access token (so we can call Shopify’s Admin API on the merchant’s behalf).
  • Permissions (“scopes”) the merchant grants us.
  • Webhook deliveries for installation, scope changes, GDPR events, and Shopify App Billing events.

3.2 About merchant orders selected for shipping

When a merchant uses the App to create a Bill of Lading for an order:

  • Shopify order ID, order number, order total, currency.
  • Shipping address: name, company, street, city, state / province, postal code, country, phone number.
  • Order line items (titles, quantities, SKUs) used to populate package descriptions.
  • Package dimensions and weights (entered by the merchant or pulled from saved defaults).

3.3 About merchant staff using the App

  • Shopify user ID and email of the merchant staff member who clicks “Create BOL” (recorded for audit purposes).

3.4 About payment and billing

When you authorize a Booking, ShipEasy initiates a charge via Shopify’s official App Billing mechanism. We collect: the amount of each per-BOL charge; the status of each charge (pending, active, declined, expired, refunded); and a serialized snapshot of the purchase request so we can resume booking after merchant approval, plus a serialized record of any reweigh / reclassification adjustment as described in our Terms of Service § 8.3. We do not collect or store full payment card numbers or any payment-instrument data — Shopify handles all payment processing; we never see card details.

3.5 Technical / operational data

  • Server logs (timestamps, request paths, error stack traces — with personally identifiable fields redacted before storage).
  • Error reports forwarded to Sentry (anonymized exception payloads; the shop domain is attached as an event tag).
  • Operator-alert messages mirrored to Slack when an error is logged (keyed by shop domain).

We do not collect:

  • Payment card numbers or any payment-instrument data.
  • End-customer behavioral analytics (mouse movements, scrolling, session replay, etc.) — not for end customers, and not for merchant staff using the App.

4. How we use the information

PurposeLegal basis (GDPR Art. 6)
Generate and book freight shipments via TAI Software and connected carriersPerformance of the contract between merchant and us
Send tracking information back to the merchant’s Shopify orderPerformance of the contract
Charge the merchant’s Shopify App Billing for each BOL (including post-booking reweigh / reclassification adjustments)Performance of the contract
Log errors and operational events for debuggingLegitimate interest in providing a stable service
Respond to data-subject requests and deletion requests from the merchant or their customersLegal obligation

We do not use merchant or customer data for advertising, profiling, or training machine-learning models.

5. Notice at Collection (California Residents)

At or before the point we collect personal information through the App, we provide a conspicuous notice identifying:

  1. the categories of personal information collected — Shopify identifiers (shop domain, user ID), commercial information (order totals, charge history), and internet / network activity (server log events tied to App use);
  2. the business purposes for collection — generating quotes, booking shipments, billing through Shopify App Billing, providing support, securing the App, and complying with legal obligations (see § 4 above); and
  3. a link to this Privacy Policy.

This Notice at Collection is surfaced in the App’s onboarding flow and in the App footer.

We do not sell or “share” personal information as those terms are defined under the CCPA / CPRA, and we have not done so in the twelve (12) months preceding the date of this Policy.

6. Third parties who receive the data

We share data only with the providers needed to deliver the Service:

ProviderWhat they receiveWhy
ShopifyOAuth scopes, App Billing charges, webhook subscriptionsPlatform integration
TAI SoftwareCustomer shipping addresses (name, company, street, city, state / province, postal code, country, phone number); order / shipment details (order ID, line items, package dimensions / weights, carrier preference)Rate quoting, shipment booking, generating Bills of Lading, and tracking updates
CEVA, Alliance, AITOrigin and destination shipping addresses; shipment dimensions and descriptions; BOL dataArranging and executing the physical transportation requested by the merchant
Render Services, Inc.Encrypted database storage, application hosting, automated daily backupsInfrastructure
Functional Software, Inc. (Sentry)Anonymized exception payloads; shop domain as an event tagError monitoring
Slack Technologies, LLCOperator alert messages keyed by shop domain when our server logs an errorInternal incident response

Each sub-processor above is bound by a written agreement that imposes data-protection obligations no less protective than those in this Policy (see § 14 “Sub-processor list”).

We do not sell data to data brokers, advertisers, or any third party.

7. Where the data is stored

  • Application servers and database: Render, US-East / Oregon region. All personal information is processed and stored in data centers located in the United States.
  • Webhooks pass through Shopify’s global infrastructure.
  • Carrier APIs (TAI, CEVA, Alliance, AIT) operate from US-based data centers.

The App is intended for U.S.-based Shopify merchants. If you access the Service from outside the United States, you understand and agree that your data will be processed in the United States.

8. How long we keep the data

We use a two-stage model for retention after a merchant uninstalls the App:

  1. Anonymization — within 48 hours of Shopify’s GDPR shop/redact webhook (or, as a belt-and-suspenders for the rare case where that webhook never arrives, 30 days after uninstall) we rewrite or delete every identifying field tied to the merchant or their customers. The shop’s domain is replaced with an opaque marker (redacted_<id>), OAuth tokens are deleted, in-flight draft quotes and operator notes are deleted, and customer-identifying JSON blobs on quotes and billing charges are overwritten.
  2. Anonymized retention, then hard delete — the financial skeleton (charge amounts, Shopify charge IDs, dates, carrier, service, totals) that remains after step 1 is not personal data (see § 8.1) and is kept for seven (7) years to satisfy applicable tax-retention obligations (26 U.S.C. § 6001 / IRS Pub. 583) and FMCSA broker recordkeeping (49 C.F.R. § 371). After seven years, our redacted-shop-hard-delete job permanently deletes the row and everything linked to it.
Data classRetention
Shopify session tokensDeleted immediately on app/uninstalled. Any survivors re-deleted within 48 hours via shop/redact.
Identifying merchant data (shop domain, OAuth tokens, location names)Anonymized within 48 hours of shop/redact. If shop/redact does not arrive, anonymized 30 days after uninstall.
Customer-identifying data on ordersAnonymized on receipt of customers/redact for the affected order. Otherwise anonymized as part of the shop-level scrub above.
Operator notes, package-dimension catalog, in-flight draft quotesHard-deleted on shop/redact (no retention value).
Anonymized financial records (charge amount, Shopify charge ID, currency, dates; carrier, service, totals)7 years after anonymization, then permanently deleted. 26 U.S.C. § 6001 / IRS Pub. 583 / 49 C.F.R. § 371.
Anonymized audit log7 years after anonymization, then permanently deleted.
Server logs90 days.
Error reports in Sentry30–90 days (Sentry-controlled).
Operator alert mirror in SlackSlack’s default retention applies.
Database backupsRender automated daily snapshots retained 7 days. PII in pre-redaction snapshots is overwritten as snapshots age out.

On termination, merchants retain the ability to perform a self-service CSV export of their Merchant Data and Order Data for a period of thirty (30) days following the effective date of termination. We send the export link to the email on file in the merchant’s Shopify admin at the time of uninstall.

8.1 Why anonymized retention is not the same as keeping personal data

The shop/redact GDPR webhook requires us to remove personal data tied to the merchant. We do that — every identifying field is stripped. What remains (charge amount, Shopify charge ID, timestamps) does not identify any natural person or legal entity once the domain, OAuth token, and operator emails are gone. Under GDPR Art. 4(1) and EDPB Opinion 05/2014 on Anonymisation Techniques, irreversibly anonymized data is no longer personal data and falls outside the GDPR’s scope.

GDPR Art. 17(3)(b) also recognises an explicit carve-out from the right to erasure where retention is necessary for compliance with a legal obligation. Tax-record retention and FMCSA broker recordkeeping are the textbook examples, and are why we hold the anonymized financial skeleton for the 7-year window before permanent deletion.

9. Global Data-Subject Rights (GDPR, UK GDPR, CCPA / CPRA)

We respect the data rights afforded to individuals under applicable privacy laws. If you are a merchant, or a customer of a merchant, you may have the following rights regarding personal data we process:

  • Right to know / access — the right to request a copy of the personal data we hold about you.
  • Right to rectification / correction — the right to request correction of inaccurate personal data.
  • Right to erasure / deletion — subject to our legal retention obligations under § 8.
  • Right to object / restrict processing.
  • Right to data portability — the right to receive your personal data in a structured, commonly used, and machine-readable format. Merchants may exercise this right at any time during the App installation, and for 30 days following uninstall, via the self-service CSV export described in § 8.
  • Right to opt-out of sale or sharing (CCPA / CPRA) — ShipEasy does not sell personal data and does not “share” it for cross-context behavioral advertising. We honor legally recognized opt-out signals, including the Global Privacy Control (GPC) signal transmitted via the Sec-GPC HTTP header.

How to exercise these rights

If you are a merchant, contact us at privacy@shipeasyco.com. We will verify your identity (typically by confirming control of the Shopify store and the email on file in your Shopify admin) and respond within 45 days (extendable by an additional 45 days with written notice). Authorized agents may submit requests on your behalf with written authorization.

If you are a customer of a merchant using ShipEasy, please submit your request directly to the merchant (the Data Controller / Business). We act as a data processor / Service Provider and will automatically honor any access or redaction requests forwarded to us by the merchant via Shopify’s mandatory privacy webhooks. Shopify routes those requests to us; we will action them within 30 days as required by GDPR Art. 12(3) and CCPA equivalent.

Under GDPR you may also lodge a complaint with your supervisory authority. Under CCPA / CPRA, California residents may complain to the California Privacy Protection Agency.

10. Security

  • All connections to and from the App use TLS 1.2 or higher.
  • OAuth access tokens, session identifiers, and PII-bearing JSON payloads (customer addresses, quote inputs, billing intent metadata) are encrypted at rest with industry-standard authenticated encryption.
  • Production secrets are managed in our infrastructure provider’s secret-store with access limited to authorized operators.
  • The internal operator console is protected by SSO + an explicit email allowlist and signed session cookies with a short expiry.
  • We do not store payment card data or any payment instrument information.
  • Logs are sanitized of credentials and known PII fields before storage.

No system is perfectly secure, but we take reasonable steps to protect the data entrusted to us and will notify the relevant Shopify merchant and applicable regulators of any breach within 72 hours of discovery as required by GDPR Art. 33 and U.S. state breach-notification laws.

11. Cookies and similar technologies

The App runs inside a Shopify admin iframe. The only cookie the App sets is an opaque session cookie used by Shopify App Bridge to authenticate API calls. We do not use third-party analytics, advertising, or behavioral-tracking cookies.

12. Children

The App is a B2B tool for Shopify merchants. It is not directed to children under the age of 13, and we do not knowingly collect personal information from them. If you believe we have collected such information, please contact privacy@shipeasyco.com and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect any changes. For material changes, we will notify merchants by an in-app notice or email at least 30 days before the new version takes effect. If a material change would adversely affect your rights, you may terminate use of the App before the change takes effect, and we will honor your termination as if no change had occurred.

14. Sub-processor list

We ensure all sub-processors are bound by a Data Processing Addendum (DPA) that includes flow-down obligations. The current list is the set of providers identified in § 6 (Shopify, TAI Software, the named carriers — CEVA, Alliance, AIT — Render, Sentry, and Slack). We will notify merchants by in-app notice or email at least 30 days before adding a new sub-processor, giving you the right to object and terminate the Service before the new processing begins.

15. Contact

  • Email: privacy@shipeasyco.com
  • Postal address (CCPA-required): Provenance SCS Inc. (dba ShipEasy), 2323 Main St., Suite W21, Irvine, CA 92614

If you are a customer of a merchant using ShipEasy and want to exercise your rights about your shipment data, please contact that merchant first; they will route the request to us.