1.Introduction
This Privacy Policy describes how BridgeShip (“BridgeShip”, “we”, “us”) collects, uses, stores, shares, and protects information when you visit our website, create an account, request a quote, generate a shipping label, make a payment, or otherwise use the BridgeShip platform (collectively, the “Services”).
BridgeShip serves individuals, small businesses, e-commerce sellers, and logistics operators. Our platform supports domestic shipments within the United States and international shipments from the United States to countries in Latin America. By using the Services, you agree to the practices described here.
2.Who we are
BridgeShip operates a logistics technology platform that connects users with multiple carriers and logistics providers through a single interface. We are the controller of personal data processed through the Services unless otherwise stated.
Our offering includes shipment creation, label generation, multi-carrier rate comparison, online payments, tracking, customer notifications, and operational tools for shipping at scale.
3.Information we collect
We collect only the information needed to operate the Services, comply with the law, and improve user experience. The categories below describe what we collect and why.
Account information:
- Full name, email address, phone number, and preferred language.
- Password (stored only as a secure hash) or the identifier returned by your authentication provider (for example, Google Sign-In).
- Business information such as company name and role, when provided.
Shipment information:
- Sender and recipient names, addresses, phone numbers, and email addresses.
- Tax identifiers required by customs or carriers for international shipments (for example, EIN, CPF, or CNPJ).
- Parcel details: dimensions, weight, declared value, package contents, and customs declarations.
- Tracking events and delivery status returned by carriers.
Payment information:
- Payments are processed by Stripe. We do not store full card numbers, CVV codes, or full bank account numbers on our systems.
- We retain only the data needed to operate the Service: transaction identifier, amount, currency, status, payment method type, and the last 4 digits of the card.
Technical information:
- IP address, browser type, operating system, device identifiers, and timestamps.
- Application logs, error reports, and usage events used for security, fraud prevention, and product improvement.
- Cookies and similar technologies, as described in the Cookies section.
4.How we use information
We process information to provide and improve the Services, including to:
- Create and authenticate user accounts.
- Generate quotes, create shipments, issue labels, and transmit data required by carriers and customs authorities.
- Process payments, issue receipts, manage refunds and chargebacks through Stripe.
- Send transactional communications: receipts, label-ready notifications, tracking updates, and support replies.
- Provide customer support and respond to inquiries.
- Monitor performance, detect and prevent fraud, abuse, and security incidents.
- Comply with applicable legal, tax, customs, and regulatory obligations.
- Analyze aggregated usage to improve features, reliability, and user experience.
7.Security
BridgeShip applies industry-recognized administrative, technical, and organizational measures to protect personal data. Where applicable, our controls include:
- HTTPS/TLS for all traffic between users and the platform.
- Encryption in transit between internal services.
- Encryption at rest for databases and backups.
- Role-based access control (RBAC) and least-privilege access for staff and systems.
- Row-level security policies at the database layer for tenant isolation.
- Audit logs for sensitive operations and administrative actions.
- Continuous security monitoring and alerting.
- Fraud-prevention signals on authentication, checkout, and label creation flows.
- Segregation of administrative permissions and review of privileged access.
No method of transmission or storage is 100% secure. While we work continuously to protect your data, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal data, we will notify you and the competent authorities as required by applicable law.
8.Data retention
We retain personal data only for as long as needed to provide the Services and to meet legal, accounting, regulatory, and operational obligations.
Typical retention drivers include:
- Tax and accounting obligations.
- Customs and regulatory obligations associated with international shipments.
- Dispute resolution, chargebacks, and claims with carriers or payment providers.
- Fraud prevention and security investigations.
- Internal and external audits.
You may request deletion of your account at any time. Records that we are required to keep by law will be retained for the minimum legal period and, where possible, stored in anonymized or aggregated form.
9.International data transfers
BridgeShip operates internationally. To deliver the Services, personal data may be processed and stored in countries other than the user's country of residence, including the United States and other jurisdictions where our providers operate.
When transferring data internationally, we rely on appropriate safeguards permitted by applicable law, including standard contractual clauses and equivalent mechanisms with our processors.
10.Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access to the data we hold about you.
- Correction of inaccurate or incomplete data.
- Deletion of your data, subject to legal retention requirements.
- Portability of data in a structured, commonly used, machine-readable format.
- Restriction or objection to certain processing activities.
- Withdrawal of consent for non-essential processing.
- The right to lodge a complaint with a competent data-protection authority.
LGPD (Brazil): Users in Brazil have the rights provided by Law No. 13.709/2018 (LGPD), including the rights listed above.
GDPR (European Economic Area and United Kingdom): Where the GDPR or UK GDPR applies, users have the rights granted by those regulations.
Deletion requests: To request account or data deletion, contact us at privacy@bridgeship.app. We will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling the request.
11.Children's privacy
The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will take appropriate action.
12.Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
Material changes will be communicated through the platform, by email, or by other appropriate means before they take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised.
13.Contact information
Questions, requests, or concerns about this Privacy Policy or our data practices can be sent to privacy@bridgeship.app. For general support, please use support@bridgeship.app.
Contact our privacy team
If you have questions about this policy, want to exercise your data rights, or need to report a privacy or security concern, please reach out to us.