Privacy Policy

Last Updated: December 27, 2024

Overview

ShipVAT (“we”, “our”, or “us”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our API services.

Information We Collect

Account Information

Email address (required for account creation)
Name (optional)
Payment information (processed by Stripe)

API Usage Data

API requests (endpoints called, timestamps)
IP addresses for rate limiting
Error logs for debugging

We Do NOT Collect

Your customers’ personal data
Transaction details beyond aggregate counts
Sensitive financial information

How We Use Your Information

Service Delivery: To provide and maintain the ShipVAT API
Billing: To process payments and manage subscriptions
Communication: To send service updates and security notices
Improvement: To analyze usage patterns and improve our service

Data Retention

Account data: Retained while your account is active
API logs: Retained for 30 days
Billing records: Retained as required by law

Data Security

All data transmitted via HTTPS/TLS
API keys are hashed using SHA-256
Infrastructure hosted on Cloudflare (SOC 2 compliant)
Database hosted on Turso (encrypted at rest)

Third-Party Services

We use the following services:

Clerk: Authentication (see Clerk’s Privacy Policy)
Stripe: Payment processing (see Stripe’s Privacy Policy)
Cloudflare: Infrastructure (see Cloudflare’s Privacy Policy)
PostHog: Analytics (see PostHog’s Privacy Policy)

Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Delete your account and data
Export your data

To exercise these rights, contact us at [email protected].

Cookies

We use essential cookies only for authentication. No tracking cookies are used on our API.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email.

Contact Us

For privacy-related questions:

Email: [email protected]