Privacy Policy

Last Updated: February 2026

Information We Collect

ShipSecure collects the following information when you use our service:

  • Email address: Provided through the scan form to deliver scan results to you
  • Website URL: The target website you submit for security scanning
  • Payment information: For paid audits, payment details are processed by Stripe. We do not store credit card numbers, CVV codes, or other complete payment card details on our servers.
  • Usage analytics: We use Plausible Analytics, a privacy-focused, cookie-less analytics service hosted in the EU (Germany). No personally identifiable information is collected through analytics.

How We Use Your Information

  • Email address: To deliver scan results and communicate important information about your scans
  • Website URL: To perform the requested security scanning services
  • Payment information: To process paid audit purchases through our payment processor, Stripe
  • Usage analytics: To understand how our service is used and improve the user experience

Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

  • Legitimate interest: Providing security scanning services to protect web applications
  • Consent: By submitting your email address through our form, you consent to receiving scan results
  • Contractual necessity: Processing payment information is necessary to fulfill paid audit services

Data Retention

Scan results and associated email addresses are retained for 12 months from the date of the scan, unless you request earlier deletion. Payment records are retained in accordance with Stripe's data retention policies and applicable legal requirements (typically 7 years for tax and financial compliance).

Third-Party Services

We use the following third-party services to operate ShipSecure:

  • Stripe (Payment Processing): Processes all payment transactions. Credit card information is handled directly by Stripe and never stored on our servers. See Stripe's Privacy Policy and Data Processing Agreement.
  • Plausible Analytics (EU-hosted, Germany): Cookie-less, privacy-focused analytics. No personal data is collected. See Plausible's Data Policy.
  • Resend (Email Delivery): Delivers scan result emails from scans@shipsecure.ai. Email addresses are shared with Resend only for the purpose of delivering scan results.

Your Rights Under GDPR and CCPA

If you are a resident of the European Union or California, you have the following rights:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Right to portability: Receive your personal data in a structured, machine-readable format
  • Right to object: Object to processing of your personal data based on legitimate interests

To exercise these rights, email us at privacy@shipsecure.ai with a clear subject line describing your request (e.g., "GDPR Data Access Request" or "CCPA Data Deletion Request"). We will respond within 30 days (GDPR) or 45 days (CCPA). Identity verification may be required to protect your privacy.

Data Security

We implement industry-standard security measures to protect your personal information:

  • All connections are encrypted using HTTPS/TLS
  • Payment card information is never stored on our servers
  • Database access is restricted and secured with industry-standard encryption
  • Regular security audits and vulnerability scanning

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence:

  • Plausible Analytics: EU-hosted in Germany, fully GDPR-compliant
  • Stripe and Resend: US-based services that use Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers

Children's Privacy

ShipSecure is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@shipsecure.ai and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of ShipSecure after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or requests, contact us at:

privacy@shipsecure.ai

For general support inquiries:

support@shipsecure.ai

← Back to Home