Trust, Security & Data Practices

At Shipease, protecting your data is part of the product. Below is eactly what we collect, how we secure it, and your choice
1. What we collect & why

• Account & contact (name, email, phone) — create your account,    send service messages.
‍
• Payment & subscription status (tokenized by our processor; last-4, expiry, billing address) —   start trial,   bill plan, issue refunds.
‍
• Claims-assistance cases (order details, tracking numbers, merchant/carrier correspondence    you upload) — contact the merchant/carrier and follow up.
‍
• Device/usage logs (IP, browser/OS, error logs) — security, fraud prevention, and product    reliability.
  We do not collect full card numbers or bank credentials.

2. End-to-End Encryption Across the Board

All communication between you and Shipease is encrypted using industry-leading standards (TLS 1.2+). Payment data is encrypted at the point of entry and never stored in full on our servers.
We also encrypt any sensitive metadata (e.g. search preferences, card activity) when stored, ensuring it remains protected even in the rare event of a breach. 

3. No Advertising, Ever

We don’t sell your data.
We don’t share your data.
We don’t build ad profiles.
Your interaction with Shipease is private by design. You will never see targeted ads based on your behavior within our platform — because we don’t track you for that purpose. 

4. AI With Boundaries: How We Use OpenAI

Our smart assistant is powered by a secure, third-party large language model (LLM). It helps you compare products, track purchases, and discover deals — but it does not store, reuse, or exploit what you share. The LLM is used in real-time and never trained on your personal data. We also avoid sending any personally identifiable information in assistant queries.

The assistant is here to help — not to collect. 

5. Card Data Is Never Stored

We work with PCI DSS Level 1–certified payment providers to handle all transactions. This means:
  • Shipease never stores your full card number or CVC.
  • Transactions are tokenized and processed via secure, compliant rails.
  • Refunds are processed through the same protected systems.

5. Compliance With the Law — and Beyond

We comply fully with the UK GDPR, the Data Protection Act 2018, and other applicable privacy laws.
We also adhere to best practices from the ICO (Information Commissioner’s Office) and the European Data Protection Board. If law enforcement ever requests your data, we will only comply if legally required and will notify you wherever possible.

In Summary:

Shipease is designed to give you power, not surveillance. We use AI to serve you, not to track you. We store what’s necessary, secure what’s sensitive, and let you stay in control.

Because we’re building not just a smarter way to shop — but a more respectful one.

At Shipease, protecting your data is part of the product. Below is exactly what we collect, how we secure it, and your choices.

1) What we collect & why

Account & contact (name, email, phone) — create your account, send service messages.
Payment & subscription status (tokenized by our processor; last-4, expiry, billing address) — start trial, bill plan, issue refunds.
Refund claims (order confirmation/receipt showing shipping fee) — verify eligibility and process your shipping-fee refund.
Claims-assistance cases (order details, tracking numbers, merchant/carrier correspondence you upload) — contact the merchant/carrier and follow up.
Device/usage logs (IP, browser/OS, error logs) — security, fraud prevention, and product reliability.
We do not collect full card numbers or bank credentials.

2) Payments & PCI

We never store full card PAN. Payments are handled by PCI-DSS compliant processors. Refunds are issued to the original payment method once a claim is approved.

3) Security controls

Encryption: TLS 1.2+ in transit; encryption at rest for documents we store.
Access: least-privilege, MFA for staff, audit logs.
Monitoring: vulnerability management and regular third-party testing; backups with restricted access.
Incident response: defined runbooks and customer notification where required by law.

4) Data sharing

We share data only with service providers that help us run Shipease (e.g., hosting, payments, support, email). We do not sell your personal data and do not share it for cross-context behavioral advertising.

5) Retention

Billing records: up to 10 years (tax/accounting).
Claims files (refunds/assistance): up to 7 years after case closure (fraud prevention, audit), then deletion/anonymization.
Opt-out lists: kept to honor your preferences.

6) Your choices & rights

Access, correct, or delete your data.
Opt out of “sale”/“sharing” (CPRA): use the Do Not Sell/Share link in the footer.
Manage cookies in the Cookie Preferences.
Contact: help@shipease.com • +1 (606) 721-1266 (Mon–Fri 9am–6pm MT).

7) Geography

Shipease currently serves US orders only. Data may be processed in the United States and other locations where our providers operate, with appropriate safeguards.

8) Product clarity

Shipease provides a membership-based claims assistance service and shipping-fee refunds. Shipease is not an insurer and does not provide insurance. Outcomes of claims assistance depend on the merchant/carrier/bank.

9) Vulnerability disclosure

If you believe you’ve found a security issue, email security@shipease.com (or help@shipease.com) with details. We investigate and appreciate responsible reports.