.svg)
Last updated on: June 2, 2026
.svg)
ShipHero LLC is committed to protecting your privacy. This privacy statement describes the collection, use, and disclosure of your personal information when you utilize ShipHero LLC offerings and products. By using ShipHero LLC Services, you agree to the collection and use of information in accordance with this Privacy Policy.
1.1 Personal data regulations regarding the relationship between the customer as the Data Controller and ShipHero LLC as the Data Processor.
1.2 The customer's subscription to ShipHero LLC is a platform for enabling shipping processes, and as a natural part of this, ShipHero LLC processes various personal data on the customer's behalf. This concerns data about the customer's customers, i.e., data relating to the persons who are the recipients of the shipped orders.
This section concerns the relationship between the Data Controller (customer) and the Data Processor (ShipHero LLC) in connection with the personal data regulations.
1.3 Reference: ShipHero Terms of Service
For the purposes of this Privacy Policy:
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Company (referred to as either "the Company," "We," "Us," or "Our" in this Agreement) refers to ShipHero LLC.
Data Controller means the customer providing data to ShipHero.
Data Processor means ShipHero LLC.
Personal Data is any information that relates to an identified or identifiable individual.
Usage Data refers to data collected automatically from the Service or its infrastructure.
ShipHero LLC (hereinafter âShipHeroâ or âweâ) values the privacy of individuals who use our websites, app, and related services (collectively, our "Services"). This Privacy Notice explains how we collect, use, and share the information of US residents who use our Services (âUsers,â âyou,â or âyourâ). By using our Services, you agree to the collection, use, disclosure, and processing of your information as described by this Privacy Notice. Beyond this Notice, your use of our Services is also subject to our ShipHero Terms of Service and any additional agreements you may enter into with us.
If you reside in the European Union, you can view our EU-specific privacy notice within this page - reference 5. GDPR Privacy Policy
We collect Personal Data from US residents and comply with the consumer privacy laws of Arkansas, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia (âUS Privacy Lawâ). For the purposes of this Notice, âPersonal Dataâ means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
We may collect various information about you or your devices from various sources. This section describes that information in general terms. The Categories of Non-Sensitive Personal Data section below provides a more detailed breakdown of the information we collect.
Registration Information. If you sign up for an account, register to use our Services, or sign up for emails or other updates, we may ask you for basic contact information, such as your Name and Email.
Communications. If you contact us directly, we may collect additional information from you. For example, when you reach out to our customer support team, we may ask for your name, email address, mailing address, phone number, or other contact information so that we can verify your identity and communicate with you. We may also store the contents of any message or attachments that you send to us, as well as any information you submit through any of our forms or questionnaires.
Events. If you register for an event that we host, whether in-person or online, we may collect relevant information like your name, phone number, and email address, as well as specific information relevant to the event for which you are registering.
Payment Information. If you make a purchase through our Services, your payment-related information, such as credit card or other financial information, may be collected by our third-party payment processor on our behalf.
Device Information. We may collect information about the devices and software you use to access our Services, such as your IP address, web browser type, operating system version, device identifiers, or similar information.
Usage Information. To help us understand how you use our Services and to help us improve them, we may collect data about your interactions with our Services. This includes information such as crash reports, session lengths and times, the pages or other content you view, and any searches you conduct on our site.
Cookies and Similar Technologies. We and our third-party partners may collect information using cookies, pixel tags, or similar technologies. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits. Reference our Cookie Policy for more information.
Information We Receive from Sources Other than You. We may receive information about you from other sources, including from third parties that help us update, expand, and analyze our records, identify new customers, or detect or prevent fraud. We may also receive information about you from social media platforms, such as when you interact with us on those platforms or access our social media content.
The table below outlines the non-sensitive categories of Personal Data ShipHero collects about US residents, what we use that data for, and whether and how it is shared with third parties.We collect Non-Sensitive Personal Data:
â˘Â Directly from our users
â˘Â Inferences drawn from your interactions with our Services
â˘Â From our affiliates
â˘Â From our business partners
| Category: Identifiers |
|---|
| Examples and Purpose. Identifiers may include: Name, physical address, email address, phone number, online identifiers (e.g., IP address, cookie string, username), device identifiers, and logging information. Collected for complying with statutory obligations and to improve services. |
| Profiling: We do not use this information for profiling in furtherance of decisions that produce legal (or similarly significant) effects. |
| Targeted Advertising: We may share this information with advertising partners for targeted advertising purposes. |
| Sale: We do not sell this information to third parties. |
| Other Disclosures: We may share this information with Processors to enable our processors to provide customer service on our behalf, to debug our products and identify errors that may impair functionality, and to conduct research and development to improve our existing services. |
| Retention Period: 35 days |
| Category: Internet/Electronic Activity |
|---|
| Examples and Purpose. Internet/Electronic Activity may include: Email address, name, phone number, mailing address, City, State, ZIP/postal code, and Usage Data. Used to provide and maintain our Service, for the performance of a contract, to contact you, to provide news and offers, and to manage your requests. |
| Profiling: We do not use this information for profiling in furtherance of decisions that produce legal (or similarly significant) effects. |
| Targeted Advertising: We may share this information with advertising partners for targeted advertising purposes. |
| Sale: We do not sell this information to third parties. |
| Other Disclosures: We may share this information with Processors, Affiliates, and Business Partners. We may share your personal information with Service Providers to monitor and analyze your use of our Service, to show advertisements, to contact you, and for payment processing. We may share with Affiliates who must comply with this Privacy Policy, and with Business Partners to offer products, services, or promotions. |
| Retention Period: The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to comply with our legal obligations, resolve disputes, and enforce our agreements and policies. |
We do not process any categories of Sensitive Personal Data.
In addition to the purposes listed above, we may use the information we collect:
We share Personal Data with the following categories of third parties:
Processors. We share information with processors retained in connection with our Services. A current list is at: https://trust-center.shiphero.com/
Sales and Account Communication Records. ShipHero uses Gong to record and transcribe sales and account management calls. Recordings and transcripts may be stored in HubSpot CRM for sales-to-onboarding handoff, account management continuity, and relationship history. This applies to merchant contacts and prospective customers in the United States on the basis of legitimate interests. You may request deletion by contacting dataprivacy@shiphero.com.
Our Advertising and Analytics Partners. We use analytics services to collect and process certain analytics data, as detailed below. We also work with third-party services to conduct advertising via cookies. These third parties may also collect information about your use of other websites, apps, and online resources. These partners include:
Additionally, we utilize the following prospecting and marketing automation platforms:
Please note that this list may be updated from time to time. For more information about your choices regarding how these partners use your information, see the Your Choices section below.
We may also share your Personal Data with other parties for the following reasons:
As Required by Law. We may share your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or othersâ rights, property, or safety.
Events. We may share your information with event partners or co-sponsors to facilitate the events for which you register.
Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or in which we sell, liquidate, or transfer all or a portion of our assets.
Consent. We may also share your information with your permission.
We do not sell Personal Data to anyone.
From time to time, you may receive marketing or other informational email messages from us. You can unsubscribe from our promotional and informational emails via the link provided in the emails. Users may continue to receive administrative messages necessary to service User accounts after opting out of receiving promotional messages from us.
Most web browsers allow you to manage cookies through the browser settings. To find out more about cookies, you can visit www.aboutcookies.org or www.allaboutcookies.org.
You can learn more about Googleâs privacy practices and your options on Googleâs website. You can also install the Google Analytics Opt-out Browser Add-on. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. You can visit those organizationsâ websites to learn about how you may opt out of receiving web-based personalized ads from their member companies. To inquire about your choices regarding our business partners generally, contact us at dataprivacy@shiphero.com
US residents have the right to access, correct, or delete Personal Data; obtain a portable copy; limit use of Sensitive Personal Data; opt out of targeted advertising; and the right not to receive discriminatory treatment. Submit requests to: dataprivacy@shiphero.com. We respond within 45 days.
We do not knowingly collect or use the Personal Data of children under 16. If you believe that we have collected the Personal Data of a child under 16, please contact us at dataprivacy@shiphero.com.
Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the content provided by, or the privacy practices of, these third parties. Please be aware that this Privacy Notice does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.
We make reasonable efforts to protect your information by using administrative, technological, and physical safeguards designed to improve the security of the information we maintain and protect it from accidental loss, unauthorized access or use, or any other inappropriate or unlawful processing. However, because no information system can be 100% secure, we cannot guarantee the absolute security of your information.
Our Services are hosted in the United States and intended for visitors located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. By using our Services, you consent to the transfer, storage, and processing of your information as described in this Privacy Notice.
PIPEDA - Personal Information Protection and Electronic Documents Act
(Law 25) Quebec - ShipHero Data Privacy Officer contact: dpo@shiphero.com
âShipHero complies with all aspects of the Canadian compliance regulations; reporting follows standards similar to GDPR, as detailed herein.
â˘Â Right to be informed
â˘Â Right to access
â˘Â Right to rectification
â˘Â Right to erasure
â˘Â Right to withdraw consent
â˘Â Right to restrict processing
â˘Â Right to data portability
If you have any questions, comments, or concerns about our Canadian compliance, please email us at dataprivacy@shiphero.com
If you have any questions or concerns regarding this Detailed US Privacy Notice, contact us at dataprivacy@shiphero.com
We collect Personal Information from current and past employees, Contractors, and Applicants and comply with the California Consumer Privacy Act and related laws and regulations (âCalifornia privacy lawsâ). This California HR Privacy Notice applies to California Employees, Contractors, and Applicants (âyouâ or âyourâ).
âPersonal Informationâ means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Information:
â˘Â Publicly available information;
â˘Â Deidentified or aggregated data; or
â˘Â Information otherwise excluded from the scope of California privacy laws.
This Privacy Notice provides the following information to California Employees, Contractors, and Applicants:
â˘Â Categories of Personal Information we collect;
â˘Â Purposes for which we use Personal Information;
â˘Â Categories of Personal Information we disclose to third parties;
â˘Â Categories of third parties to which we disclose Personal Information; and
â˘Â How Employees, Contractors, and Applicants can exercise their rights under California privacy laws:
â˘Â The rights to access, correct, or delete Personal Information;
â˘Â The right to limit the use of sensitive Personal Information in certain circumstances; and
â˘Â The right to opt out of targeted advertising, sales of Personal Information, or profiling.
The table below outlines the non-sensitive categories of Personal Information ShipHero LLC collects about Employees, Contractors, and Applicants and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Information from the following sources: Directly from our Employees, Contractors, and Applicants.
| Category: Identifiers |
|---|
| Examples: Identifiers may contain the following: Name, Address, DOB, Email, Phone Number |
| Purpose(s) for Collection: Employment verification and to comply with other statutory obligations and to improve services |
| Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
| Sale: This information is not sold to third parties |
| Other Disclosures: This information is not otherwise disclosed to third parties |
| Retention Period: We retain this information throughout the employment period and for 7 years post-termination |
| Category: Professional Information |
|---|
| Examples: Professional Information may contain the following: Name, Address, DOB, Email, Phone Number |
| Purpose(s) for Collection: To comply with other statutory obligations and to improve services |
| Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
| Sale: This information is not sold to third parties |
| Other Disclosures: This information may be disclosed to Processors to enable our processors to provide customer service on our behalf, debug our products, and identify errors that may impair functionality |
| Retention Period: We retain this information throughout the employment period and for 7 years post-termination |
| Category: Educational Information |
|---|
| Examples: Educational Information may contain the following: Name of school as detailed within the submitted resume for employment |
| Purpose(s) for Collection: Complying with statutory obligations and to improve services |
| Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
| Sale: This information is not sold to third parties |
| Other Disclosures: This information is not otherwise disclosed to third parties |
| Retention Period: We retain this information throughout the employment period and for seven years post-termination |
The table below outlines the categories of Sensitive Personal Information ShipHero LLC collects about Employees, Contractors, and Applicants and whether they are disclosed to third parties.
We collect Sensitive Personal Information from the following sources: Directly from our Employees, Contractors, and Applicants.
| Category: Government ID Information |
|---|
| Examples: Government ID Information may contain the following: Social Security Number, Non-Social Security Identification for those without social security numbers |
| Purpose(s) for Collection: Employment verification and to comply with other statutory obligations and to improve services |
| Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
| Sale: This information is not sold to third parties |
| Other Disclosures: This information is not otherwise disclosed to third parties |
| Retention Period: We retain this information throughout the employment period and for seven years post-termination |
We use Personal Information for the purposes described above. Other examples of how we may use your Personal Information within ShipHero LLC include:
â˘Â Publishing Employeesâ work contact information in an intra-company directory for other Employees to view.
â˘Â Disclosing applicantsâ submitted Personal Information with our HR department and other employees to process applications.
â˘Â Creating profiles of contractorsâ performance based on work product.
Personal Information may also be used or disclosed as otherwise permitted or required by applicable law.
We disclose Personal Information to the following categories of third parties:
Processors (also referred to as âService Providersâ or âContractorsâ in California law): We use processors to securely handle Personal Information on our behalf for our business purposes and only on our instructions. California privacy laws and our contracts with these companies prevent them from using your Personal Information for their own purposes.
We do not sell Personal Information to anyone. We do not share Personal Information for advertising purposes.
California Employees, Contractors, and Applicants have the following rights under California privacy laws:
â˘Â The right to know the Personal Information we have collected about them, including the categories of sources, the purpose(s) for collecting, selling, or sharing, and the categories of third parties to whom we have disclosed your Personal Information;
â˘Â The rights to correct or delete Personal Information;
â˘Â The right to limit the use of Sensitive Personal Information in certain circumstances;
â˘Â The rights to opt out of targeted advertising, sales of Personal Information, or profiling; and
â˘Â The right not to receive discriminatory treatment for exercising their privacy rights.
If you are a California Employee, Contractor, or Applicant, you can submit a request to exercise your Personal Information rights by sending an email to dataprivacy@shiphero.com with the subject line âHR Privacy Rights Request.â
We will respond to your rights request within 45 days (or 15 days for requests to opt-out of sale of Personal Information, requests to opt-out of targeted advertising, and requests to limit the use of Sensitive Personal Information), though in certain cases, we may inform you that we will need up to another 45 days to act on your request.
We reserve the right to decline to process or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive.
You have the right to limit some uses of Sensitive Personal Information. However, we only use Sensitive Personal Information for purposes exempt from this right, such as providing you with goods or services you have requested, detecting and preventing security incidents, or verifying the quality of our goods and services.
We do not knowingly collect or use the Personal Information of children under 16. If you believe that we have collected the Personal Information of a child under 16, please contact us at dataprivacy@shiphero.com.
California privacy law allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above.
If you have any questions or concerns regarding this California HR Privacy Notice, contact us at dataprivacy@shiphero.com.
This Privacy Policy (the âPolicyâ) applies to the processing of Personal Data, subject to all applicable privacy and data protection laws of Switzerland, the United Kingdom, the European Union, and the European Economic Area (collectively, âEuropeâ), by ShipHero LLC and its subsidiaries and affiliates (âCompany,â âwe,â âourâ, or âusâ) through its website, products, and services (the âServicesâ).
In this Policy, âPersonal Dataâ means any information relating to an identified or identifiable individual. We may collect Personal Data about you from various sources described below.
Account Information. If you create an account to use our Services, we collect Personal Data related to its creation and the usage of our Services via this account.
Communications. When you contact us via a contact form, email, or other means, you provide us with Personal Data, such as your name and contact details, and the content, date, and time of our communications.
Careers. If you apply for a job with us, you may provide us with your resume, name, contact details, and other relevant information.
Support Information. When you request technical support services, we will process your Personal Data, such as your name and the contact details you use to contact us, information on the reasons for your support request, and any additional information you may provide in that context.
Our Services are not intended for use by children under the age of 16.
Third Parties. We may obtain Personal Data about you from third parties such as outbound marketing vendors, industry organizations, and other entities. This information may include identifiers, location data, and other similar information.
Social Media. We may collect Personal Data via social media tools, widgets, or plug-ins to connect you to your social media accounts.
Cookies. We may collect Personal Data via cookies and similar technologies. See the Legal Bases for the Processing of Personal Data section for more information.
We use the Personal Data we collect for the following purposes:
Providing Services, including operating, maintaining, supporting, and providing our Services.
Communicating with You, including contacting you for administrative purposes or to send you marketing communications, including updates on promotions and events relating to products and services offered by us.
Personalization, including to customize our Services to you and provide you with the most relevant marketing and advertising materials.
Analytics and Product Development, including analyzing usage trends and preferences to improve our Services and develop new products, services, and features.
Customer and Vendor Relationship Management, including to track emails, phone calls, and other actions you have taken as our customer or vendor.
Aggregation. We may aggregate or anonymize Personal Data and use the resulting information for statistical analysis or other purposes.
Administrative and Legal, such as to address administrative issues or to defend our legal rights and to comply with our legal obligations and internal policies as permitted by law.
We rely on various legal bases to process your Personal Data, including:
Consent. You may have consented to the use of your Personal Data, for example to send you electronic marketing communications or for the use of certain cookies.
Contract. We need your Personal Data to provide you with our Services and to respond to your inquiries.
Legal. We may have a legal obligation to process your Personal Data, for example, to comply with tax and accounting obligations.
Legitimate Interest. We or a third party have a legitimate interest in using your Personal Data, for example, to prevent fraud. We only rely on this legal basis when such legitimate interests are not overridden by your interests or your fundamental rights and freedoms.
We may disclose Personal Data about you in the following circumstances:
Group Entities. We may disclose Personal Data about you to our affiliates and subsidiaries.
Public Posts. Any information that you voluntarily choose to post to a publicly accessible area of our Services will be available to anyone who has access to that content.
Service Providers. We work with third parties to provide services such as hosting, maintenance, and support. These third parties may have access to or process your Personal Data as part of providing those services to us.
Legal. We may disclose your Personal Data if it is necessary (i) for compliance with our legal obligations or (ii) to establish, exercise, or defend legal claims.
Merger. Information about our users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction.
Aggregated Information. We may use and disclose aggregated or otherwise anonymized information for any purpose, unless we are prohibited from doing so under applicable law.
As provided under applicable law and subject to any limitations in such law, you have the following rights:
Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have directly provided to us.
Rectification. You may ask us to update and correct inaccuracies in your Personal Data.
Deletion. You may ask to have your Personal Data anonymized or deleted, as appropriate.
Restriction and Objection. You may ask us to restrict the processing of your Personal Data or object to such processing.
Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time and free of charge.
Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.
You may exercise these rights by contacting us using the contact details at the end of this Policy.
We may transfer your Personal Data outside of the country in which it was collected. Personal Data may be transferred to the United States, Switzerland, the United Kingdom, and countries in the European Economic Area (âEEAâ). If we do so, we will comply with applicable data protection laws, in particular by relying on an EU Commission adequacy decision, on contractual protections for the transfer of your Personal Data, or on another approved mechanism. For more information, please contact us as specified below.
| EU Representative Osano International Compliance Services Limited ATTN: TZ7M 3 Dublin Landings, North Wall Quay Dublin 1, D01C4E0 | UK Representative Osano UK Compliance LTD ATTN: TZ7M 42-46 Fountain Street Belfast, Antrim, BT1-5EF |
We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Data that we collect, maintain, and otherwise process.
We take measures to delete or anonymize your Personal Data when it is no longer necessary for the purposes for which we process it unless we are required by law to keep it for a longer period. When determining the retention period, we take into account various criteria, such as the type of products or services provided to you, the nature and length of our relationship with you, mandatory retention periods, and applicable statutes of limitations.
Our Services may contain features or links to websites and services provided by third parties. Any information you provide via these websites or services is provided directly to these third-party operators and is subject to their privacy policies, even if accessed through our Services. We encourage you to learn about these third partiesâ policies before providing them with your Personal Data.
We may update this Policy from time to time to reflect changes in our privacy practices. We will follow applicable laws and regulations regarding notification of such changes.
ShipHero LLC is the entity responsible for the processing of your Personal Data. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Data, please contact us:
General Privacy Inquiries and Data Subject Rights Requests
Email: dataprivacy@shiphero.com
Data Protection Officer (DPO)
Head of Compliance & DPO
ShipHero Technology, LLC
55 W Railroad Ave., Building 4, Garnerville, New York 10923, USA
Email: dpo@shiphero.com
ShipHero offers an AI-powered help bot within the merchant-facing ShipHero platform to answer questions about ShipHero's products, features, and help documentation.
The AI Help Bot collects conversation content, a pseudonymized session correlation identifier, and timestamps. Do not submit sensitive personal information, payment card data, or passwords through the AI Help Bot.
The AI Help Bot is powered by Anthropic's Claude API. Anthropic does not use ShipHero customer data submitted through the API to train its models. Infrastructure is hosted on AWS.
AI Help Bot session data is retained for 12 months from the date of the session, then deleted.
Submit access, correction, or deletion requests to dataprivacy@shiphero.com.
Pack Vision is an optional paid feature that records packing station activity at merchant customer warehouse facilities. When activated, Pack Vision captures:
Cameras are mounted overhead and angled downward toward the pack surface. The recording field of view is designed to capture items and packer hand activity only. Worker faces are outside the cameraâs frame by design. No artificial intelligence is used in video processing for this version of the product.
Pack Vision recordings are collected and retained for dispute resolution, specifically, to provide video evidence when a customer claims that an item was not included in a packed order. A secondary purpose is carrier surcharge dispute defense through package dimension verification (Phase 1 expansion).
ShipHero processes Pack Vision data as a data processor on behalf of the merchant customer, who is the data controller. The legal basis for processing is contractual necessity and the legitimate interests of ShipHero and the merchant customer in maintaining accurate dispute resolution evidence.
Packer name data constitutes employee data of the merchant customerâs workforce. ShipHero processes packer names as a data processor. Merchant customers are responsible for worker notice obligations under applicable employment law.
Pack Vision includes two active indicators that notify users when recording is in progress:
Pack Vision media files are processed locally on the Mac device, then uploaded directly to ShipHero-managed AWS S3 via HTTPS using time-limited presigned URLs. Files are encrypted in transit (TLS 1.2+) and at rest (AES-256 server-side encryption). Local copies are automatically deleted from the Mac device upon confirmed S3 upload. No media data transits ShipHeroâs backend servers, only session metadata is registered via the ShipHero GraphQL API.
Pack Vision recordings are retained as follows:
Automated S3 lifecycle rules enforce these retention limits. Files are permanently deleted at the end of the applicable retention period without requiring manual action.
ShipHero acts as a data processor for Pack Vision recordings. The merchant customer who has activated Pack Vision is the data controller and is responsible for:
â˘Â Ensuring that warehouse workers are informed that packing station activity is recorded
â˘Â Establishing a lawful basis for recording under applicable employment and privacy law
â˘Â Ensuring compliance with state, federal, and international laws applicable to their workforce and facilities
ShipHero will support merchant customers in fulfilling Data Subject Access Requests (DSARs) relating to Pack Vision data in accordance with the applicable Data Protection Addendum.
Pack Vision is initially deployed in California. The following CCPA disclosures apply to California residents whose personal information may appear in Pack Vision recordings, including warehouse workers employed by merchant customers operating California facilities:
Categories of personal information collected:Â Video recordings of packing station activity, packer name, session identifiers, and order metadata.
â
Purpose:Â Dispute resolution and order verification as described in Section 7.2.
Retention:Â As described in Section 7.5 (60 days default; 180 days if flagged for dispute).
â
Sale or sharing:Â ShipHero does not sell Pack Vision recordings. ShipHero does not share Pack Vision recordings for targeted advertising purposes.
Your rights:Â California residents may exercise rights to know, access, delete, or opt out of the sale or sharing of their personal information. Because ShipHero processes Pack Vision data on behalf of merchant customers (as data controller), requests relating to Pack Vision data should be directed to the merchant customer from whom the service is accessed. ShipHero will support merchant customers in fulfilling these requests. For questions: dataprivacy@shiphero.com
Pack Vision is initially available in the United States only. Expansion to the United Kingdom, Canada, the European Union, or other international jurisdictions will require a supplemental compliance review before deployment, including:
ShipHero LLC is the entity responsible for the processing of your Personal Data. For questions about this Policy, our privacy practices, or to exercise your data rights, contact us:
Email: dataprivacy@shiphero.com
Head of Compliance & DPO
ShipHero Technology, LLC
55 W Railroad Ave., Building 4, Garnerville, New York 10923, USA
Email: dpo@shiphero.com
.svg){kind=logo}
