Privacy Policy

ShipFox is an e-commerce operations platform built and operated from Pakistan for Pakistani sellers. It connects Shopify stores with Pakistani couriers (PostEx, Leopards, ZAAF, TCS and others) into a single dashboard so merchants can dispatch orders, reconcile cash on delivery, and process returns from one place.

The service is reachable at https://shipfox.pk. The data controller is the operator of ShipFox. Contact information is at the end of this policy.

We only collect information that is necessary to operate ShipFox for you. We do not sell your data. We do not run advertising on your data.

2.1 Information you provide directly

• Account: name, email address, and password (handled by our authentication provider, Clerk).
• Organisation: your business name and contact details.
• Team members: name, email, and role of any team member you invite.
• Payment account details: labels for your bank, JazzCash, or wallet accounts (no banking credentials).
• Courier credentials: API keys you supply to connect each courier. These are encrypted at rest with AES-256-GCM and decrypted only at the moment of an outgoing API call.

2.2 Information we receive from Shopify when you connect a store

• Shop domain and shop metadata.
• Your Shopify access token, encrypted at rest.
• Order data: order numbers, totals, line items, payment status, fulfilment status, tags, notes, and timestamps.
• Customer data attached to orders: name, phone, email, shipping address, and city.
• Product and variant data: titles, SKUs, barcodes, prices, weights, and inventory levels.
• Fulfilment and tracking data once orders ship.

2.3 Information we receive from couriers

• Tracking events for shipments you book through ShipFox or that are imported from your Shopify fulfilment history.
• Delivery and return statuses, with timestamps.
• Charges, fees, and COD remittance information when the courier exposes it.

2.4 Information collected automatically

• Standard server logs (IP address, user agent, timestamps) to operate and secure the service.
• Activity logs inside ShipFox: which user performed which action (verifying an order, dispatching, recording a payment, etc.) for audit purposes.
• Operational telemetry from background jobs (sync runs, polling cycles) — does not include personal data.

We use the information above for the following specific purposes:

• Show you your orders, customers, products, shipments, and finances inside ShipFox.
• Make API calls on your behalf to Shopify (to read and write orders, fulfilments, inventory, and customers) and to couriers (to book, track, and reconcile shipments).
• Generate shipping labels and operational documents.
• Reconcile cash on delivery against courier remittance data you upload.
• Compute analytics that you see on the dashboard (delivery rates, revenue, RTO rates, courier comparisons).
• Generate AI insights using Anthropic Claude. Order, shipment, and aggregate metrics are sent to Anthropic to produce summaries and recommendations. AI requests are governed by Anthropic's data usage terms.
• Send transactional emails (team invitations, billing notices) via Resend.
• Detect anomalies, prevent abuse, and maintain security.
• Bill you for paid plans and enforce plan limits.

ShipFox relies on a small set of vetted infrastructure providers to operate. Each is bound by their own privacy and security commitments.

We do not share data with marketing networks, analytics aggregators, or data brokers.

Your data is stored in databases hosted on Supabase and processed in Vercel serverless regions. Operational copies, short-lived caches, and logs may transit through provider infrastructure in different geographic regions. We do not move data to any region purely for commercial reasons.

• Active accounts: data is retained for as long as the account is active so you can use the service.
• Closed accounts: we delete or anonymise account-identifying data within 90 days of closure, except where we are required by law, by Shopify's GDPR programme, or by a legitimate business reason (such as fraud prevention or accounting records) to retain it longer.
• Shopify GDPR webhooks: when Shopify sends a shop/redact or customers/redact request on your behalf, we comply within the timeframes Shopify requires.
• Backups: encrypted backups may persist for up to 30 days after deletion.

You have the right to:

• Access the personal data we hold about you.
• Ask us to correct inaccurate data.
• Ask us to delete your data, subject to lawful retention requirements.
• Ask us to export your data in a structured format.
• Object to processing or withdraw consent where consent is the legal basis.
• Lodge a complaint with a relevant data protection authority.

To exercise any of these rights, email support@shipfox.pk. We will respond within 30 days.

When you connect a Shopify store, ShipFox imports and processes customer data (name, phone, email, shipping address, order history) to operate the service for you. You are the controller of that customer data; we are the processor acting on your behalf. If a customer of yours asks for data access or deletion, send the request to us and we will action it as part of the standard Shopify GDPR webhooks (customers/data_request and customers/redact).

ShipFox operates an aggregate reputation signal across the merchant network. When a delivery outcome (delivered, returned, blacklisted) is recorded by any ShipFox merchant, it contributes to an aggregate reputation score keyed on the customer's phone number and email. When the same customer places an order at another ShipFox merchant, that merchant can see the aggregate score — but never the underlying transactions.

What other merchants can see:

• Total order count, delivered count, and return count across the network
• Aggregate delivery rate and return rate
• A count of how many other ShipFox stores have blacklisted the phone or email
• The number of distinct stores the customer has ordered at — but not which stores

What other merchants CANNOT see:

• Which specific merchants the customer has ordered from
• What was ordered, when, or for how much at any other merchant
• The customer's name, email content, address, or product preferences from any other merchant
• Any individual transaction details from outside the requesting merchant's own data

This pattern is industry standard for shipping and payment platforms (Stripe Radar, Klarna, Affirm operate similar models for fraud prevention). The aggregate signal exists to help merchants reduce fraud and operational loss from repeat bad-faith COD orders, not to enable cross-merchant marketing or profiling. Customer GDPR redaction requests (customers/redact) remove the underlying identity from the aggregate, leaving only depersonalised counters that cannot be tied back to a specific person.

• All credentials (Shopify access tokens, courier API keys) are encrypted at rest using AES-256-GCM.
• All traffic is served over TLS.
• Multi-tenant isolation: every database query is scoped to your organisation; cross-tenant access is impossible by design.
• Webhook payloads from Shopify are HMAC-verified before processing.
• Role-based access control limits what each team member can do inside your organisation.
• We do not log secret material. Our error logs sanitise tokens, payloads, and credentials.
• We run regular internal security reviews and act on findings within reasonable timeframes.

ShipFox is a B2B service for businesses. It is not intended for individuals under 18. We do not knowingly collect data from minors.

We may update this policy as the service evolves. Material changes will be announced inside the dashboard and via email to account owners. The "Last updated" date at the top of this page always reflects the most recent revision.

Questions about this policy or how we handle your data: support@shipfox.pk.