ShipperHQ Privacy Policy

ShipperHQ is a shipping rate management platform (the "Service") operated by Zowta, LLC d/b/a ShipperHQ ("ShipperHQ", "we", "us", and "our") a company headquartered in the State of Texas in the United States. The Service allows retailers to manage the shipping information that they display to their customers. We also provide additional software tools including apps for ecommerce platforms that support the Service and other software that is complementary to the Service (collectively, the "Software"). To support the Service we operate several websites including shipperhq.com, shipperhq.ai, webshopapps.com, and subdomains of each (collectively, the "Websites"). The Service as well as all Software and Websites that we operate are covered under this policy. By using the Service, our Software, or our Websites, you agree to the terms of this Privacy Policy.

1. Key Terms

In addition to the terms we defined above, other terms in this document have the following meanings:

"Client" means a person or company who has created a ShipperHQ account or purchased or downloaded our Software.

"Customer" means a person who uses a system which is connected to the Service or our Software by or on behalf of a Client.

"Customer Order Information" means information about orders placed by Customers using a system which is connected to the Service or our Software by or on behalf of a Client.

"Visitor" means a person who visits our Websites or other online properties which we operate or maintain.

"Personal Information" means any information that can be used to identify a Client, Customer, or Visitor. Some examples of Personal Information are name, email address, physical address, or telephone number.

"you" or "your" means the individual or company to whom this agreement applies. These may be Clients, Customers, and/or Visitors depending on the context in which the term is used.

"sub-processor" means a company which provides a service, software, or system to ShipperHQ used to maintain, operate, manage, or otherwise offer our Service, Software, or Websites.

"Data Controller" means a person or company that determines the purposes and means of processing Personal Information. ShipperHQ acts as a Data Controller in respect of Personal Information it collects from Clients, Visitors, and prospective Clients for its own business purposes.

"Data Processor" means a person or company that processes Personal Information on behalf of a Data Controller. ShipperHQ acts as a Data Processor in respect of Customer Order Information that it processes on behalf of Clients in the course of delivering the Service.

"Data Processing Agreement" or "DPA" means a contractual agreement between ShipperHQ and a Client that sets out the terms on which ShipperHQ processes Personal Information on behalf of that Client in its capacity as a Data Processor. A DPA is available to Clients on request, particularly where required by applicable data protection law including the GDPR and UK GDPR.

2. Protecting Your Information

We understand that you trust us when you use our Service, Software, or Websites and we want you to understand how we handle your Personal Information. We take important steps to protect your Personal Information:

• We treat it as confidential
• We train our employees to take care in handling it
• We limit access to employees who need access to perform their jobs
• We take steps to protect our systems from unauthorized access
• We use encryption and secure channels when storing or transferring your information
• We require that our sub-processors agree to protect your Personal Information under privacy and data protection agreements which are at least as strict as the terms of this policy.
• We comply with all laws that apply to us

3. Collecting Your Information

We get your personal information mostly from you. If you are a Client, you may provide us with Personal Information in the course of using the Service. We may also use outside sources to help ensure our records are correct and complete.

The types of Personal Information we collect depend on which Software or Service you use and how you use it. This information can include: Contact Information (email address, phone number, address, name), Company Information (company name, address, government identification information) and Payment information (credit card or bank details which we use for billing purposes).

We may also collect information about your Customers. This information consists of shipping addresses and, depending on which Software or Service you use and how you use it, information about the order recipient (email address, phone number, name) and information about orders placed by your Customers including products, quantities, and amounts paid. This information collectively constitutes Customer Order Information.

ShipperHQ may display Customer Order Information to you via your eCommerce platform or from within the ShipperHQ dashboard. It may also be processed and/or displayed by third parties that you have authorized to see it. The purpose of storing this information is so that you and third parties that you have authorized may use the information to automate your shipping and back office processes.

We provide our Service to our Clients and, as a result, we act as a processor on behalf of our Clients for much of the Personal Information we collect and process about Customers through our Service. We are not responsible for the privacy and data protection practices of our Clients and these may differ from the policies described in this privacy policy. Please contact individual Clients for information about their policies and practices.

4. Storing and Managing Your Information

We will retain Personal Information while we have an ongoing legitimate business interest, contractual obligation, or legal requirement to do so. If we have a legal obligation to retain Personal Information we will do so for the period of time required by law. For Personal Information which is required for the operation of our Service, we retain it for the period of time it is required under contract to our Clients or our legitimate business interest in maintaining our Service.

When we no longer have a legal or contractual obligation or legitimate business need to retain Personal Information we will delete it from our system and the system of any sub-processors we use. Information which is deleted may still be stored for a period of time in backup files or systems but this information will be isolated from further processing until the backup files in which the information is stored are no longer required.

5. Information for EEA Residents

This section applies to residents of or companies based in or doing business in the European Economic Area ("EEA") or the United Kingdom ("UK"). References to "EEA" rights and obligations in this section apply equally to UK residents under the UK GDPR (the GDPR as retained in UK law by the European Union (Withdrawal) Act 2018). Depending on the context in which we collect and process Personal Information, our legal basis for undertaking collection and processing of Personal Information may differ.

In most cases, we will collect and process Personal Information where we have legitimate business interests which require us to do so. Our legitimate business interests for processing Personal Information include but are not limited to: providing, maintaining, and improving the products and services that we offer; ensuring the security and stability of our Service and Websites; and for our marketing activities. These interests only apply so long as they are not overridden by the fundamental rights and freedoms or data protection interests of our Clients or their Customers.

We may collect and process Personal Information about our Clients in order to perform a contract with you. In limited cases, we may also have a legal obligation to collect Personal Information from you. If this is the case, we will make this clear to you at the time of collection and explain to you the consequences if you do not provide this information.

We act as a data processor of Personal Information about Customers on behalf of our Clients pursuant to our legitimate business interests or in order to perform a contract. We are not responsible for the privacy and data protection practices of our Clients and these may differ from the policies described in this privacy policy.

You may provide us with consent for us to contact you with marketing or advertising messages. You may withdraw your consent to receive marketing or advertising messages from us at any time. Use of your Personal Information with consent for marketing or advertising purposes which occurred prior to withdrawal of consent will not be considered unlawful.

If you are a resident of the EEA or the United Kingdom, or a representative of a company based in or doing business in the EEA or the United Kingdom, you have the right to object to processing of your Personal Information, ask us to restrict processing to specific purposes, or request portability of your Personal Information in a commonly used, machine-readable format (such as CSV or JSON). You also have the right to complain to a data protection authority about our collection and use of your Personal Information. For the United Kingdom, the relevant authority is the Information Commissioner's Office (ico.org.uk).

If you have any questions about the legal basis on which we collect and process your Personal Information, please contact us using the information in the "Questions and Contacts" section below.

6. Using Your Information

We do not make available to the general public any Personal Information except that we may use the company names of our Clients in public lists of our users unless we are prevented by law or contract from doing so. You may request in writing (which may be by email) that we do not use your company name publicly and we will comply with any such requests.

Personal Information and Customer Order Information is stored securely using industry standard security practices and used for the purposes described below.

We may use the Personal Information we collect for a range of reasons:

• To provide the Service to you and support or improve the Service for you.
• To give you system alerts about the Service which may include scheduled or unscheduled service interruptions, changes to the features and functionality available to you, or updates to agreements or policies which apply to you
• To communicate with you about your account including for technical support, consultation or other services you may purchase from us, or to enforce compliance with any agreements you have established with us
• To bill and collect money owed to us by you if you subscribe to the Service
• To meet legal obligations including complying with regulations, laws, court orders, or other legal requirements
• To provide information to you on our products and services as well as the products and services of our affiliated or unaffiliated business partners where we believe information on those products or services may be relevant to you only if you have provided specific consent for us to contact you with such information.
• To ensure the Service is operating correctly or produce analytical information for our business or marketing purposes. Information used for this purpose is limited to the most general information possible, anonymized in such a way that it cannot be reasonably used to identify you, and is combined with Personal Information collected from other Clients or Customers.
• To carry out shipping audit and rule optimization analysis using aggregated, anonymized transaction and shipment data; to benchmark carrier rate performance and pricing across our client base; and to improve our artificial intelligence and machine learning models that power our shipping intelligence features. In all cases, data used for these purposes is aggregated and anonymized so that it cannot be reasonably linked to any individual Client, Customer, or Visitor, and is never used in a form that identifies or is capable of identifying any natural person.
• To carry out other lawful and legitimate business operations about which we will notify you.

7. Opting Out of Marketing Emails

Before we use your Personal Information to contact you for marketing purposes, we will obtain your consent to do so. We may ask for your consent when you subscribe to receive marketing emails from us, create an account or subscription to our Service, or purchase a product from us. From time to time, we may ask you to confirm your consent to continue to receive marketing messages from us.

In each marketing email we send to you we will include a link which you can use to unsubscribe from future marketing messages. You may also contact us by the means described in the "Questions and Contacts" section below to opt out from further marketing messages.

If you are a Client you will still receive messages from us which are not marketing or promotional in nature even if you opt out of marketing emails. These may include messages about your account, billing, service alerts, technical support, or other transactional messages which are necessary to maintain your account with us. Unless you cancel your account with us, you can not opt out of these messages.

8. Non-Personal User Content

We may use user submitted content such as ratings, reviews, feedback ("User Content") in a number of different ways, including displaying it on Websites, reformatting it, incorporating it into other works, creating derivative works from it, promoting it, or distributing it. Accordingly, you grant us permission to use your User Content for any purpose. You also grant the Website users the right to access User Content in connection with their use of the Website.

You assume all risks associated with User Content, including reliance on its accuracy, completeness or usefulness, or any disclosure by you of information in your User Content that makes you personally identifiable. You may not imply that User Content is in any way sponsored or endorsed by us.

We cannot and do not review all User Content feedback, nor do we have any control over the same. Under no circumstances shall we be held responsible or liable for any claims or damages arising out of any reviews or feedback.

We may remove, edit or reinstate User Content at any time without notice. You may request removal of User Content which you have submitted or which contains your Personal Information by contacting us using the means described in the "Questions and Contacts" section below.

9. Cookies

We use cookies and log files to: (a) store information so that you will not have to re-enter it during your next visit to the Website; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our services; and (d) monitor metrics such as total number of visitors and pages viewed.

Acceptance of cookies are required for Clients to use the Service but are not required for Customers or Visitors. Clients who do not wish to allow us to use cookies to provide the Service to them will need to cancel their account with the Service under the terms of their User Agreement with us. Customers or Visitors who do not wish to allow us to use cookies may use their web browser settings to prevent us from doing so at any time.

10. Accessing and Managing Your Information

Clients can manage much of the Personal Information that they provide to us from within the ShipperHQ Service.

If you have provided consent to us to collect or process certain information you can withdraw consent at any time by contacting us. If you withdraw your consent this action will not affect the lawfulness of any collection or processing that we conducted prior to withdrawal of consent and it will not affect the lawfulness of any processing we perform on lawful grounds other than consent.

If you are a Client and receive a data protection rights request from a Customer you can submit a request to us on behalf of your Customer to exercise these rights. If we receive a data protection request from a Customer, we will direct the Customer to contact the Client who provided the Customer's information to us.

If you wish ShipperHQ to stop storing Customer Order Information, in your ShipperHQ dashboard go to My Account > Security > Manage Permissions. If you do not have access to your ShipperHQ dashboard or if you wish ShipperHQ to delete the information we have collected, you may request this by email to support@shipperhq.com.

You can request that we delete your Personal Information from our system and the systems of our sub-processors. We are required by law to maintain certain records which may contain Personal Information for specified periods of time and will inform you if this requirement applies to your data in our response to your request.

If you wish to exercise any of the rights described in this section, or request additional information about your rights or the Personal Information which we collect, process, or store, please contact us using the information in the "Questions and Contacts" section below. We will respond to all data protection requests within one month of receipt. Where requests are complex or numerous, we may extend this period by a further two months and will notify you of the extension and the reasons for it within the first month. EEA and UK residents also have the right to lodge a complaint with their national data protection authority at any time.

11. Incident Response

If ShipperHQ or any of our sub-processors experiences a security incident which may have exposed Personal Information we will notify you as soon as reasonably possible, and in any event within 72 hours of becoming aware of the incident where required by applicable law, and take immediate steps to identify, remediate, and prevent future occurrences of any such incidents. We will also fulfill our obligations under applicable laws and regulations to notify appropriate authorities. If you are a Client and you or your Customers are affected by a security incident, we will work with you to take appropriate steps including notifying Customers who may be affected as well as any additional authorities as may be appropriate or required under law.

12. Questions and Contacts

We want you to understand how we protect your privacy. If you have any questions about this notice, please contact us. For certain requests we may require that you contact us in writing by email or certified mail if required by law or our internal policies. We will inform you of this requirement if it applies to your request in our response. We may ask you to verify your identity in order to ensure your privacy and help us respond appropriately.

We maintain a list of sub-processors and information about the services they provide to us which you may request at any time. Sub-processors include providers of cloud infrastructure, payment processing, customer relationship management, and AI processing services. A full and current list of our sub-processors, including the nature of the processing and the countries in which they operate, is set out in our Data Processing Agreement, which is available to Clients on request.

When you write, include your name, address, and account user name or email address.

13. Changes to This Policy

We may change this Privacy Policy from time to time. If we make any material changes, we will notify you as required by law or our agreements with you. The date of the most recent update to this policy will be indicated on this document. Where this policy is subject to review by a regulatory or supervisory authority, we will publish any amendments required by or agreed with that authority as soon as practicable following receipt of their confirmation. Material changes will be notified to Clients by email. A version history is maintained at the foot of this document.

14. International Data Transfers

ShipperHQ is headquartered in the United States. If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another jurisdiction with data protection laws governing international transfers, please be aware that your Personal Information will be transferred to and processed in the United States and potentially other countries where our sub-processors operate. These countries may not have the same level of data protection as your home country.

For transfers of Personal Information from the EEA to the United States and other countries, ShipperHQ relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for such transfers. For transfers from the United Kingdom, we rely on the UK International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs, as applicable. We ensure that our sub-processors who receive EEA or UK Personal Information provide equivalent transfer safeguards.

15. AI-Powered Features and Automated Processing

ShipperHQ uses artificial intelligence (AI) and machine learning (ML) technologies to power certain features of the Service, including shipping rule optimization, carrier selection recommendations, and shipping audit and policy analysis. When you use these AI-powered features, your shipping data, order information, and related transaction data may be processed by our AI systems and by our AI sub-processor to generate recommendations and insights.

AI-generated recommendations and analysis produced by the Service are advisory only. ShipperHQ does not make automated decisions that produce legal or similarly significant effects about individuals without human review. Your data is not used to train general AI models without your consent. ShipperHQ may use aggregated, anonymized shipping data derived from use of the Service to improve its own AI models and shipping intelligence features as described in Section 6 of this policy.

ShipperHQ Privacy Policy v2.1 — Pending Regulatory Confirmation
Last Updated: March 2026 (v2.1)