Privacy Policy

Last updated: September 1, 2025

Introduction

Enreship is committed to protecting your privacy and securing your data. We value the trust you place in us and will only use your personal information to administer your account and provide the products and services you request. This Privacy and Data Handling Policy explains how Enreship (the “Company,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use our integrated shipping and fulfillment platform. We adhere to industry best practices and applicable laws to safeguard personal data, reflecting standards used by leading fulfillment services.

If you use Enreship to process personal information about your customers (such as shipping addresses for orders), you are responsible for ensuring you have a lawful basis to do so. Enreship acts as a service provider (or data processor) for such data and will only use it as needed to perform our services on your behalf, in compliance with relevant data protection regulations. We never use or disclose your customers’ information for any purpose except to complete the shipping and fulfillment transactions you’ve contracted with us.

Data We Collect

Types of Personal Data Collected

Enreship only collects data that is necessary to run our shipping and fulfillment services. This includes:

  • Account Information: When you register or use Enreship, we collect information about you or your business, such as your name, company name, email address, phone number, and login credentials. We also collect billing or payment details if you subscribe to our services or purchase postage through our platform (these may be handled via secure third-party payment processors).
  • E-commerce Platform Credentials: If you integrate an online store or marketplace with Enreship, we collect the API keys, access tokens, or other credentials you provide to connect to those platforms. These platform tokens are used to sync data (like orders and tracking updates) and are stored securely using encryption and access controls.
  • Order and Customer Information: Through your use of Enreship, we process information about orders and end-customers that you submit to our system. For example, when you import or create an order, we collect details such as order numbers, item descriptions, quantities, prices, and customer shipping information (the recipient’s name, shipping address, email, and phone number). We only receive and store customer personal data that is strictly required to fulfill orders on your behalf. This category may also include sender information (your warehouse or origin address) and any custom notes needed for fulfillment.
  • Shipment and Tracking Data: As you fulfill orders, Enreship collects shipping-related data including selected carrier service, postage cost, tracking numbers, and shipment status updates. We may store shipping labels or related data (like carrier label IDs and package dimensions) to facilitate reprints and tracking. Tracking information (movement and delivery status of a package) is collected from carriers so that we can provide you and your customers with up-to-date delivery progress.
  • Warehouse and Inventory Data: If you use inventory management features or connect third-party fulfillment centers, we may collect data about stock levels, SKU identifiers, and warehouse locations to sync inventory across platforms. (Note: Inventory data is typically not personally identifiable, but it is mentioned here for completeness as part of order fulfillment data handling.)

How Data is Collected

We obtain personal and order information in two primary ways: (1) Directly from you, and (2) Through your authorized integrations. All data is collected through secure and transparent methods – we do not gather personal information from any third party without your direction or consent. For example:

  • User Inputs: You may directly enter or upload data into Enreship’s dashboard (such as creating a manual order or editing a customer address). We collect whatever information you choose to provide through these inputs.
  • Authorized API Integrations: Enreship integrates with e-commerce platforms and carriers via their official APIs. When you connect a store (for example, Shopify, Amazon, Etsy, WooCommerce, etc.) or a shipping carrier account, you explicitly grant Enreship permission to access data from that service. Upon your authorization, we securely retrieve relevant data (e.g. pulling new orders and their shipping details from your store) and import it into Enreship. Similarly, when we generate a shipping label, we send the necessary shipment data (like recipient address and package weight) to the chosen carrier’s API and receive back tracking numbers and labels. All such transfers occur over encrypted connections and use the integration permissions you have provided – Enreship only accesses your data on external platforms to the extent needed to perform the services you’ve requested. We do not scrape or collect data from any source without proper authorization.
  • Automatic Collection: Like most online services, our systems automatically collect certain technical data when you interact with our website or app. This may include device and browser information, IP addresses, timestamps, and usage logs. We use this data to facilitate secure logins, maintain audit trails, and improve user experience. For example, logging an IP address can help us detect fraudulent access. We may also use cookies or similar technologies on our site to remember your preferences and session information. (Any use of cookies or tracking is solely to support functionality and analytics for our service, and will be detailed in our Cookie Policy if applicable.)

How We Use Your Data

Enreship uses collected data only for purposes that align with managing and improving your shipping and fulfillment operations. We do not use personal or order data for any unrelated or extraneous purposes. Specifically, we use data in the following ways:

  • Providing Our Services: The primary use of your information is to operate the Enreship platform and fulfill your orders. This includes processing order data to create shipping labels, arranging carrier pickups/deliveries, and updating order statuses. Customer names and addresses are used to generate shipping labels and ship packages to the intended recipients. Order details and SKUs are used to ensure accurate fulfillment and inventory updates. We also use your platform credentials to pull in orders and send back tracking information to your sales channels as part of the service.
  • Order Management and Fulfillment Coordination: e maintain your orders in our system to allow you to manage and track them through their lifecycle. For example, we use order and tracking data to provide you with real-time updates on shipments (e.g., showing when an order is shipped, in transit, or delivered). If you utilize multiple warehouses or a 3PL, we use order data to route fulfillment to the correct location and coordinate with those facilities as instructed by you.
  • Label Generation and Rate Calculation: We use the shipment details (package weight, dimensions, destination, etc.) that you provide to retrieve shipping rate quotes and generate labels from carriers. Any data sent to carriers is only what’s necessary to produce the label (such as origin, destination, and package info). We then store the label information and tracking number so you can access it and monitor the shipment.
  • Communication and Support: We may use your contact information (such as email or phone number) to send service-related communications. This includes transactional messages like shipping confirmation emails, tracking notifications, billing invoices, or important alerts about the platform (for example, downtime notices or integration issues). We may also communicate with you to provide customer support, answer questions, or assist with troubleshooting. We will only send marketing emails or newsletters if you have opted in to receive them, and you can unsubscribe at any time. (We do not use your end-customer’s contact information for any communications – any notifications to your customers, such as tracking updates, are sent on your behalf and can be configured by you.)
  • Improving and Securing the Platform: Internally, we may use usage data and feedback to debug issues, analyze performance, and make enhancements to Enreship. For instance, understanding how users navigate the dashboard can help us improve usability. We may also analyze aggregated shipping data to optimize our carrier offerings or detect trends (e.g., common shipment destinations for optimizing warehouse networks), but this analysis is done on an aggregated or anonymized basis without using personally identifiable information. Additionally, personal data may be used to enforce our Terms of Service, to prevent fraudulent or abusive activity, and to ensure the security of accounts and the platform.
  • Legal and Compliance:

    We will use and retain certain data as necessary to comply with our legal obligations, such as tax and accounting regulations, customs requirements for international shipments, or to respond to lawful requests by authorities. For example, shipping transaction records may be kept to satisfy financial audit requirements or carrier contractual obligations. If we need to use your information for a purpose not outlined in this Policy, we will only do so with your consent or as otherwise required/allowed by law.

    We want to emphasize that we do not use personal data for any form of advertising targeting or sell it for marketing uses. Your data is used strictly to serve your needs in managing shipping and fulfillment.

Data Sharing and Disclosure

Enreship understands that your data is sensitive, and we never share personal information with third parties except as necessary to deliver our services or as required by law. We do not sell or rent your data to marketers or other unrelated parties. Below are the circumstances under which data may be shared, and with whom:

  • Integrated E-commerce Platforms: When you connect your store to Enreship, we act as an intermediary to sync data between the store and our platform. For example, we pull order information from your e-commerce platform and later send back fulfillment status and tracking numbers. In doing so, we share relevant data back to that platform (such as marking an order as shipped with the tracking number). This data exchange is part of the service integration you have authorized, and the data is only sent to the platforms you have connected.
  • Shipping Carriers and Logistics Partners: In order to ship your packages, we share necessary details with the shipping carriers (such as UPS, FedEx, USPS, DHL or other courier services) or label aggregators. This includes the recipient’s name and address, return address, package weight/dimensions, and any relevant contact information or customs details needed for the shipment. Carriers require this information to generate labels and perform delivery. We transmit this data via secure channels. Similarly, if you use a third-party warehouse or fulfillment center through Enreship, we will share order details with that facility so they can pick, pack, and ship the order. All such partners are trusted entities integral to fulfilling your orders, and they are contractually or legally obligated to protect the information we provide and use it only for the intended shipping/fulfillment purpose.
  • Service Providers (Processors): We employ a limited number of third-party service providers to help run our business and provide the Enreship service to you. These include cloud infrastructure providers (for example, Amazon Web Services for data hosting and storage), database and IT security services, analytics tools, email service providers (to send order updates or support emails), and customer support platforms. These service providers act under our instructions and only process your data for our stated purposes – they do not have independent rights to use or disclose your information beyond providing services to us. For instance, if we use a cloud database on AWS, AWS holds the data but does not access it except to maintain the service (and AWS is bound by strict confidentiality and security obligations). We ensure that all our vendors and partners are reputable and have strong privacy and security standards.
  • Business Transfers: If Enreship is involved in a merger, acquisition, investment, reorganization, or sale of all or part of its business, personal data may be transferred to the new owner or partner as part of that transaction. In such an event, we will ensure the new owner continues to be bound by privacy safeguards, and we will provide notice to you (for example, via email or a prominent website notice) if your personal information becomes subject to a new Privacy Policy or ownership. Your choices regarding your data would remain, and we would give you an opportunity to opt out or delete your data if you do not wish to continue with the new entity, to the extent applicable by law.
  • Legal Compliance and Protection: We may disclose personal information when required to do so by law or valid legal process, or when we have a good-faith belief that such disclosure is necessary to (a) comply with a legal obligation (for example, responding to a subpoena, court order, or government request), (b) protect and defend the rights or property of Enreship, (c) prevent or investigate possible wrongdoing in connection with the services (such as fraud or security incidents), or (d) protect the personal safety of our users, customers, or the public. If we are asked to release data, we will review the request carefully and only comply if it’s legally valid and to the extent required. Wherever possible and legally permissible, we will inform you if your data has been requested by authorities.

No Selling of Personal Data

For clarity, Enreship does not sell, trade, or rent your personal information to any third parties for their own marketing or advertising purposes. We do not share customer lists or any personally identifiable data with advertisers or data brokers. All information we disclose to third parties is solely to further the specific purposes described above (service functionality, shipping, compliance, etc.), and never for outside parties to use for their independent benefit. In the context of certain privacy laws (such as the California Consumer Privacy Act), we also do not “sell” or “share” personal information as those terms are defined (except insofar as sharing with our service providers to perform services might be construed, but in all cases such providers are limited in using the data strictly for our business purposes, not theirs).

Data Storage and Security

We take extensive measures to protect the personal and sensitive data entrusted to Enreship. Data security is a top priority, and we employ industry-standard practices as well as advanced technologies to prevent unauthorized access or misuse of your information. Our approach to security includes:

  • Secure Cloud Infrastructure: Enreship is hosted on reliable cloud services (such as Amazon Web Services) that provide robust physical and network security for our servers. All customer data is stored in secure data centers with state-of-the-art protections (redundant power, cooling, fire suppression, 24/7 monitoring, etc.). AWS and similar providers also offer strong isolation and protection mechanisms. By leveraging these platforms, we ensure your data is housed in an environment built to meet high security standards and compliance requirements.
  • Encryption In Transit and At Rest: We protect personal data with encryption to maintain confidentiality. Data in transit between your device and Enreship (and between Enreship and integrated services) is encrypted using TLS/SSL protocols. Similarly, when we communicate with third parties like carriers or e-commerce APIs, we use HTTPS and other secure channels. Data at rest in our databases and storage is also encrypted (for example, using AES-256 encryption for database storage and file backups).
  • Access Controls and Authentication: We limit access to personal data strictly on a need-to-know basis. Only a small number of authorized Enreship personnel (for example, in our operations or support teams) have access to customer data, and even then, only to the extent necessary for their job duties (such as resolving a support issue for you). All staff are trained on confidentiality obligations and are required to adhere to our privacy and security policies. We employ role-based access controls, meaning each employee or system component can only access the specific data required for its function. Administrative access to our systems is protected by strong authentication (such as multi-factor authentication and unique credentials). We also log and audit access to sensitive data, so any access is recorded for security review.
  • Network Security and Monitoring: Our platform and databases are protected by firewalls and network security controls to prevent unauthorized connections. We actively monitor for suspicious activities or vulnerabilities. Regular security scans, penetration tests, and code reviews are conducted to identify and address potential weaknesses. We keep our systems and software up-to-date with security patches to guard against exploits. Additionally, we utilize intrusion detection and prevention systems to alert us to any anomalous behavior.
  • Data Backup and Recovery: We perform regular backups of critical data to ensure reliability and business continuity. Backup data is encrypted and stored securely. In the event of a hardware failure or other issue, we have processes to restore data so that your information is not lost. Our goal is to provide high availability for the service while also safeguarding data integrity.
  • Organizational Measures: Enreship has internal policies and procedures designed to protect data privacy. We quickly revoke access for any employee or contractor who no longer requires it (e.g., during role changes or offboarding). We require any third-party contractors or developers to follow our strict data handling standards. If any potential security incident is detected, we have an incident response plan to contain and remediate the issue, and to notify affected parties as required by law.
  • Third-Party Security: When working with sub-processors or integration partners, we choose reputable companies and impose contractual obligations on them to protect your data. For instance, our cloud providers and email providers must maintain high levels of security (often demonstrated by certifications like SOC 2, ISO 27001, etc.), and must notify us promptly of any security breach. We ensure that any third party that might process personal data on our behalf applies similarly stringent security measures as we do.
  • No Absolute Guarantee: While we are firmly committed to data security and invest heavily in protective measures, it’s important to note that no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot absolutely guarantee the security of information in all circumstances. However, we continuously work to update and improve our security practices to meet or exceed industry standards, and in the unlikely event of a data breach or security issue, we will act swiftly to mitigate the impact and will notify you in accordance with applicable laws. Your trust is paramount to us, and we strive to maintain that trust by keeping your data safe.

Data Retention and Deletion

Enreship retains personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by law. We aim to minimize retention time while ensuring we can provide our services effectively and meet our legal and contractual obligations. Our data retention and deletion practices are as follows:

  • Operational Retention: We keep the data you store in Enreship (orders, shipment records, etc.) for as long as your account remains active, so that you have access to your historical records and can manage returns or re-shipments. Order and shipment information is retained to allow you to review past shipments, analyze your fulfillment history, and comply with your own record-keeping requirements. However, you have control over certain data: you may delete specific orders or records from the Enreship platform if you no longer need them, and we will permanently erase the associated personal data from our primary systems (with the understanding that it will also be removed from any active indexes or searchability). When data is deleted from the Enreship application by you, it is permanently and irreversibly purged; once deleted, the information cannot be retrieved.
  • Retention Period Criteria: In determining how long to retain personal data, we consider the nature and sensitivity of the data, the purposes for which it was collected, and the potential risk of harm from unauthorized use or disclosure if we were to keep it longer than necessary. We also take into account any legal requirements that mandate certain data be kept for a minimum period. For example, financial transaction records (including shipping transactions, invoices, or billing records) may need to be retained for a number of years under tax or accounting laws. Similarly, if a dispute or claim is ongoing, we might retain relevant information until it is resolved.
  • End‑Customer Data: The personal information about your customers (recipients of shipments) that is processed through Enreship is held only as long as needed to complete the fulfillment and for you to access it for customer service or business records. Typically, this means we retain shipping details until the order is delivered and for a reasonable period afterward in case of issues (like lost package investigations or returns). Beyond that, you can delete such data from our system at your discretion, or set up rules (if available) to auto-delete or anonymize customer data after a certain time. We do not retain your customers’ personal data indefinitely unless you continue to need it within Enreship for repeat orders or record-keeping. If an end-customer contacts us directly (which is rare, since we usually do not interface with them) requesting deletion of their data, we will either direct them to contact you (the merchant) or, if appropriate, handle the request by removing their information after verifying the relationship.
  • Account Closure: If you decide to terminate your Enreship account, we will delete all personal data associated with your account after the closure process is complete. This includes all orders, customer information, and any stored credentials. Upon account deletion, all personal data is expunged from our production databases (except for data we may be obligated to retain as noted below). We may retain backup copies of data for a short period (due to routine backup cycles), but these are also encrypted and eventually deleted or overwritten following our backup retention schedule. We will also disassociate your platform integrations and revoke any access tokens we have to your systems.
  • Legal and Contractual Retention: Even after an account is closed or data is deleted from the user interface, we might retain certain pieces of information for a limited time if necessary for legal compliance or legitimate business purposes. For instance, we may keep records of transactions and payments for accounting and audit purposes, or logs to demonstrate compliance with privacy requests or consents. We will also retain information as needed to comply with shipping regulations (for example, certain international shipping documents might need to be stored for a set number of years) and to resolve disputes or enforce our agreements. Any such retained data will be handled in accordance with this Policy and applicable law. It will be isolated from active systems and only used for the required purpose (e.g., an archived database with restricted access for finance personnel). Once the retention period lapses and the information is no longer required, we will securely dispose of it.
  • Deletion Requests:

    You (as the account owner) have the right to request deletion of your personal data at any time. You can do so by contacting us (see Contact Us below) or, where self-service deletion features are available, by using those features in the Enreship platform. Upon a verified deletion request, we will remove the requested personal data from our active systems and confirm to you once completed. If the data to be deleted is necessary for us to provide the service (for example, an active order that hasn’t shipped yet), we may advise that deletion will render us unable to complete our obligations. We will let you know if any information cannot be immediately deleted due to legal requirements and will remove it as soon as we are allowed to. Enreship’s deletion process includes erasing the data and overwriting or encrypting it in a manner that it cannot be recovered. Additionally, any third parties (like sub-processors) who had access to the data as part of providing Enreship’s service are instructed to delete it from their systems as well.

    In summary, we retain your data only for as long as necessary, and we provide you the means to delete data when needed. When data is no longer required, we securely delete or anonymize it so that it can no longer be associated with any individual.

Your Rights and Choices

Enreship is committed to upholding the rights you have over your personal information. Depending on your location and the applicable data protection laws, you may have a number of important rights. We honor all valid requests to exercise these rights and strive to make it easy for you to control your personal data. These rights include, but are not limited to:

  • Right of Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how it is processed. This means you can ask us to confirm whether we are processing your personal information and receive a copy of that information in a commonly used format.
  • Right of Correction (Rectification): If any of your personal data maintained by Enreship is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you change your contact email or notice an error in your profile information, you can update it in your account settings or ask us to fix it. We encourage you to keep your information up to date, and we will promptly make requested corrections.
  • Right to Deletion: You have the right to request that we delete your personal data in certain circumstances. This is sometimes called the “right to be forgotten.” You can request deletion of data if, for instance, it is no longer needed for the purposes it was collected, or if you withdraw your consent (in cases where consent was required). There are some exceptions (for example, we might retain data if required for legal obligations), but we will inform you of any such need if it applies. As noted in Data Retention, you also have tools to delete specific data (like orders or customers) in the platform, and you can always request full account deletion.
  • Right to Data Portability: In certain situations, you may have the right to obtain your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller (for example, another service provider) where technically feasible. If you need a copy of your data to transfer to another service, let us know and we will assist in providing it (this typically applies to data you provided directly, such as account info, and not to derived data).
  • Right to Object/Restrict Processing: You may have the right to object to our processing of your personal data, or ask us to restrict processing, under certain conditions. For example, if you feel our processing is not justified or you want to pause processing while a complaint is resolved, you can request this. With Enreship, we generally only process data as needed for service, but if you object to any secondary use (like a marketing email or analytics), we will respect that.
  • Right to Withdraw Consent: Where we rely on your consent to process data (in cases where consent was obtained, such as for optional marketing or integration permissions), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing done before the withdrawal, and it may mean we can no longer provide certain services (for instance, if you withdraw consent for accessing your store’s data, we cannot import your orders). We will advise you if this is the case.
  • Right to Non‑Discrimination: Enreship will never penalize or discriminate against you for exercising any of your privacy rights. You will receive the same level of service and pricing from us regardless of whether you choose to exercise your data rights.
  • Right to Opt‑Out of Communications: If at any time you prefer not to receive our newsletter or marketing communications, you can opt out. Use the “unsubscribe” link in any marketing email, or adjust your preferences in your account settings, or contact us to be removed from marketing lists. Note that we will still send you essential transactional or account communications (like shipping notifications or billing alerts) as these are not promotional but part of the service.
  • Additional Rights: If you are a resident of certain regions such as the European Economic Area (EEA), United Kingdom, California, or other regions with privacy laws, you may have additional rights or slightly different rights under local law. For example, California residents have a right to know specific categories of personal information sold or disclosed (though we do not sell data), and EEA residents have the right to lodge a complaint with their Data Protection Authority. Enreship’s intention is to provide a high standard of privacy protection to all users, regardless of location, and we will endeavor to fulfill these rights in good faith for all users. Where required, we will also facilitate the exercise of rights by your customers (data subjects) if we receive requests and we act as a data processor – typically we will forward such requests to you as the data controller, or assist you in fulfilling them.

Exercising Your Rights: You can exercise your rights at any time by contacting us (see Contact Us below for how to reach us). If you have an account with Enreship, some of your rights (like access, correction, or deletion of certain data) can be exercised through the account dashboard directly – for instance, you can edit your profile, or remove an order record. For other requests, contacting our support or privacy team is the best approach. We will respond to your request as soon as possible and within any timeframe required by law. Generally, we will not charge a fee for fulfilling a rights request, unless it is excessive or repetitive in which case we will inform you of any fee and reasoning.

When you make a request, we may need to verify your identity before acting on it. This is to ensure that we do not release or delete someone else’s data improperly. We might ask you to confirm information we have on file (for example, responding from your registered email or providing a current order number) to match you to the data. For certain sensitive requests (like obtaining a full export of personal data or deleting an account), we may employ a more stringent verification process to protect privacy.

If you have authorized an agent to make requests on your behalf (such as under California law), we will require proof of that authorization and still take steps to verify that the request is legitimate.

Finally, if you have any questions or concerns about your rights or how to exercise them, please let us know. We are here to help and take your privacy inquiries seriously. In the event you feel we have not addressed your concerns, you may have the right to contact a supervisory authority or regulator (for example, the GDPR provides individuals the right to lodge a complaint with a Data Protection Authority in the EU, and the CCPA provides rights to contact the California Attorney General, etc.). We would appreciate the chance to address your concerns first and will do our utmost to resolve any issues.

Updates to This Policy

We may update this Privacy and Data Handling Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make changes, we will post the updated Policy on our website and update the “Last Updated” date at the top of the Policy. Any significant (material) changes will be communicated to you through appropriate channels – for example, we may notify you by email or by placing a prominent notice on the Enreship dashboard. We encourage you to review this Policy periodically for the latest information on our privacy practices. Your continued use of Enreship after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with the changes, you should discontinue use of the service and may close your account. For substantial changes that affect how we handle personal data, we will either seek your consent or provide an opportunity to opt out, as required by applicable law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy and Data Handling Policy or about how Enreship collects and uses your data, please do not hesitate to contact us. We are committed to resolving any inquiries or issues promptly.

Contact Information: You can reach our privacy team by email at info@enreship.com. You can also contact our customer support through the Enreship dashboard and we will direct your inquiry to the appropriate personnel.

Enreship values your privacy and the trust you place in our platform. We will continue to work hard to keep your personal and business information secure and confidential. Thank you for choosing Enreship as your shipping and fulfillment partner.