Privacy Policy – ShipSafe. This page is ready

Privacy Policy – ShipSafe

Privacy Policy

1. Introduction

ShipSafe (“we”, “us”, “our”) provides fraud prevention software designed to help online retailers identify and reduce delivery fraud, refund abuse, and chargebacks.

This Privacy Policy explains how we collect, use, store, and protect data when merchants install and use the ShipSafe Shopify application (“the App”).

2. Scope

  • Merchants who install and use the ShipSafe App
  • Data processed through merchant Shopify stores for fraud prevention purposes

ShipSafe operates as a data processor for merchants and, in limited cases, as a data controller for aggregated and anonymised network insights.

3. Data We Process

3.1 Data Collected

  • Delivery address (stored in hashed/pseudonymised form)
  • Order reference ID
  • Delivery outcome indicators (e.g. successful delivery, non-receipt claim, chargeback, return abuse)
  • Delivery method and carrier (where available)
  • Timestamps related to delivery and reported issues

3.2 Data We Do NOT Collect

  • Customer names
  • Email addresses
  • Phone numbers
  • Payment card or banking details
  • Government identifiers
  • Any special category (sensitive) personal data

4. How We Use Data

  • Generate address-level risk scores
  • Identify repeat delivery fraud or abuse patterns
  • Provide fraud insights and reporting to merchants
  • Improve effectiveness and accuracy of the ShipSafe network

Aggregated and anonymised signals may be shared across the ShipSafe network to protect other merchants from repeat abuse.

5. Legal Basis for Processing

ShipSafe processes data under the lawful basis of Legitimate Interests (Article 6(1)(f) UK/EU GDPR), specifically fraud prevention, loss prevention, and protection of merchants from financial harm.

6. Automated Decision-Making

ShipSafe does not make automated decisions that produce legal or similarly significant effects. All fulfilment and refund decisions remain with the merchant.

7. Data Security

  • Pseudonymisation and hashing of address data
  • Encryption of data in transit and at rest
  • Restricted access controls
  • Secure cloud infrastructure

8. Data Retention

Data is retained only for as long as necessary for fraud prevention purposes. Risk scoring data is subject to time-based decay. Merchants may request deletion of their store-level data at any time.

9. Data Sharing

ShipSafe does not sell personal data. Data may only be shared with authorised service providers under strict data processing agreements or in anonymised form within the ShipSafe fraud prevention network.

10. Merchant Responsibilities

Merchants agree to inform customers in their privacy policies that data may be used for fraud prevention and to use ShipSafe insights responsibly.

11. International Transfers

Where data is processed outside the UK or EEA, appropriate safeguards including standard contractual clauses are applied.

12. Your Rights

Individuals may have rights to access, rectification, erasure, restriction, and objection. Requests should be directed to the relevant merchant.

13. Contact

ShipSafe — privacy@shipsafe.co.uk