BridgeShip · Legal

Privacy Policy

BridgeShip is a logistics technology platform that lets individuals and businesses create, manage, and track shipments, generate shipping labels, compare logistics options, process payments, and follow deliveries within the United States and from the United States to countries in Latin America. This policy explains what data we collect, how we use it, and the rights you have.

Last updated: June 2026

1.Introduction

This Privacy Policy describes how BridgeShip (“BridgeShip”, “we”, “us”) collects, uses, stores, shares, and protects information when you visit our website, create an account, request a quote, generate a shipping label, make a payment, or otherwise use the BridgeShip platform (collectively, the “Services”).

BridgeShip serves individuals, small businesses, e-commerce sellers, and logistics operators. Our platform supports domestic shipments within the United States and international shipments from the United States to countries in Latin America. By using the Services, you agree to the practices described here.

2.Who we are

BridgeShip operates a logistics technology platform that connects users with multiple carriers and logistics providers through a single interface. We are the controller of personal data processed through the Services unless otherwise stated.

Our offering includes shipment creation, label generation, multi-carrier rate comparison, online payments, tracking, customer notifications, and operational tools for shipping at scale.

3.Information we collect

We collect only the information needed to operate the Services, comply with the law, and improve user experience. The categories below describe what we collect and why.

Account information:

  • Full name, email address, phone number, and preferred language.
  • Password (stored only as a secure hash) or the identifier returned by your authentication provider (for example, Google Sign-In).
  • Business information such as company name and role, when provided.

Shipment information:

  • Sender and recipient names, addresses, phone numbers, and email addresses.
  • Tax identifiers required by customs or carriers for international shipments (for example, EIN, CPF, or CNPJ).
  • Parcel details: dimensions, weight, declared value, package contents, and customs declarations.
  • Tracking events and delivery status returned by carriers.

Payment information:

  • Payments are processed by Stripe. We do not store full card numbers, CVV codes, or full bank account numbers on our systems.
  • We retain only the data needed to operate the Service: transaction identifier, amount, currency, status, payment method type, and the last 4 digits of the card.

Technical information:

  • IP address, browser type, operating system, device identifiers, and timestamps.
  • Application logs, error reports, and usage events used for security, fraud prevention, and product improvement.
  • Cookies and similar technologies, as described in the Cookies section.

4.How we use information

We process information to provide and improve the Services, including to:

  • Create and authenticate user accounts.
  • Generate quotes, create shipments, issue labels, and transmit data required by carriers and customs authorities.
  • Process payments, issue receipts, manage refunds and chargebacks through Stripe.
  • Send transactional communications: receipts, label-ready notifications, tracking updates, and support replies.
  • Provide customer support and respond to inquiries.
  • Monitor performance, detect and prevent fraud, abuse, and security incidents.
  • Comply with applicable legal, tax, customs, and regulatory obligations.
  • Analyze aggregated usage to improve features, reliability, and user experience.

5.Sharing with third parties

BridgeShip shares data only when necessary to operate the Services, comply with the law, or fulfill a request you have initiated. We never sell personal data.

Payments — Stripe:

  • Stripe processes card and other payment method data directly under its own privacy and security standards (PCI DSS).

Shipping and logistics — Shippo and carriers:

  • We share sender, recipient, and parcel data with Shippo and the carrier selected for the shipment.
  • Carriers may include USPS, UPS, FedEx, DHL, and other regional or international providers used by the user.

Authentication — Google OAuth:

  • If you choose to sign in with Google, we receive basic profile information (name, email, account identifier) from Google solely to authenticate your access.

Infrastructure providers:

  • Hosting, database, and edge compute providers (for example, Supabase / Lovable Cloud and Cloudflare) process data on our behalf under contractual data-protection commitments.

Legal and safety:

  • We may disclose information when required by law, court order, or to protect the rights, safety, and property of BridgeShip, our users, or third parties.

Business transfers:

  • If BridgeShip is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to the protections described in this policy.

6.Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember preferences (such as language), measure aggregate usage, and protect the platform against abuse.

You can control cookies through your browser settings. Disabling essential cookies may prevent certain features (such as authenticated sessions) from working correctly.

7.Security

BridgeShip applies industry-recognized administrative, technical, and organizational measures to protect personal data. Where applicable, our controls include:

  • HTTPS/TLS for all traffic between users and the platform.
  • Encryption in transit between internal services.
  • Encryption at rest for databases and backups.
  • Role-based access control (RBAC) and least-privilege access for staff and systems.
  • Row-level security policies at the database layer for tenant isolation.
  • Audit logs for sensitive operations and administrative actions.
  • Continuous security monitoring and alerting.
  • Fraud-prevention signals on authentication, checkout, and label creation flows.
  • Segregation of administrative permissions and review of privileged access.

No method of transmission or storage is 100% secure. While we work continuously to protect your data, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal data, we will notify you and the competent authorities as required by applicable law.

8.Data retention

We retain personal data only for as long as needed to provide the Services and to meet legal, accounting, regulatory, and operational obligations.

Typical retention drivers include:

  • Tax and accounting obligations.
  • Customs and regulatory obligations associated with international shipments.
  • Dispute resolution, chargebacks, and claims with carriers or payment providers.
  • Fraud prevention and security investigations.
  • Internal and external audits.

You may request deletion of your account at any time. Records that we are required to keep by law will be retained for the minimum legal period and, where possible, stored in anonymized or aggregated form.

9.International data transfers

BridgeShip operates internationally. To deliver the Services, personal data may be processed and stored in countries other than the user's country of residence, including the United States and other jurisdictions where our providers operate.

When transferring data internationally, we rely on appropriate safeguards permitted by applicable law, including standard contractual clauses and equivalent mechanisms with our processors.

10.Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access to the data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Deletion of your data, subject to legal retention requirements.
  • Portability of data in a structured, commonly used, machine-readable format.
  • Restriction or objection to certain processing activities.
  • Withdrawal of consent for non-essential processing.
  • The right to lodge a complaint with a competent data-protection authority.

LGPD (Brazil): Users in Brazil have the rights provided by Law No. 13.709/2018 (LGPD), including the rights listed above.

GDPR (European Economic Area and United Kingdom): Where the GDPR or UK GDPR applies, users have the rights granted by those regulations.

Deletion requests: To request account or data deletion, contact us at privacy@bridgeship.app. We will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling the request.

11.Children's privacy

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will take appropriate action.

12.Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

Material changes will be communicated through the platform, by email, or by other appropriate means before they take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

13.Contact information

Questions, requests, or concerns about this Privacy Policy or our data practices can be sent to privacy@bridgeship.app. For general support, please use support@bridgeship.app.


Contact our privacy team

If you have questions about this policy, want to exercise your data rights, or need to report a privacy or security concern, please reach out to us.

privacy@bridgeship.app · support@bridgeship.app