Effective Date: April 19th, 2026
Last Updated: April 19th, 2026
Packwise is a multi-platform order fulfillment app operated by Packable, Inc (“we,” “our,” “us”). This Privacy Policy explains what data we collect, how we use it, who we share it with, how long we keep it, and how you can exercise your rights over it. By using Packwise, you agree to the practices described in this policy.
If you have questions, contact us at support@packable.io.
1. Who This Policy Applies To
This policy applies to:
- Merchants: businesses and their team members who sign up for Packwise to manage order fulfillment.
- Connected-Store Data Subjects: buyers whose order data flows through Packwise when merchants connect their Shopify, Amazon, Etsy, or other e-commerce stores.
2. Information We Collect
From merchants (our direct users):
- Account Data: name, email address, hashed password, multi-factor authentication configuration, and role (admin, manager, or packer).
- Store Metadata: store name, domain, connected platform, and platform access tokens (encrypted at rest).
- Usage Data: login timestamps, IP addresses, and actions performed in the app.
- Billing Data: Stripe customer ID and subscription status. We do not store payment card numbers; Stripe handles all card data.
From connected platforms (on behalf of merchants):
When a merchant connects a store, Packwise retrieves data about that store’s orders. This may include:
- Order Metadata: order ID, order date, status, line items, SKUs, quantities, prices, taxes, and shipping charges.
- Buyer Contact Data: buyer name, shipping address, billing address, email address, and phone number.
- Product Catalog Data: titles, images, dimensions, weights, and inventory levels.
For Amazon specifically, the data above is retrieved via the Amazon Selling Partner API and SP-API notifications.
3. How We Use Your Information
- Operate the App: render order queues, pick/pack workflows, and shipment confirmations for the merchant who authorized the connection.
- Submit Shipment Confirmations: send confirmations back to the originating platform (including Amazon’s POST_ORDER_FULFILLMENT_DATA feed) so the buyer sees tracking information.
- Customer Support: respond to merchant inquiries, troubleshoot issues, and provide support.
- Maintain, Secure, and Improve the Service: monitor performance, diagnose problems, and improve the product.
- Compliance and Legal Obligations: comply with legal obligations, resolve disputes, and enforce our agreements.
We do not use buyer data for marketing, retargeting, analytics resale, or any purpose other than fulfilling the buyer’s own order on behalf of the merchant.
4. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information or the personal information of your customers to third parties. We share data only with service providers (“subprocessors”) that help us operate the service, under written contractual data-protection terms.
Current subprocessors:
| Subprocessor | Purpose | Data Categories | Location |
|---|---|---|---|
| Google Cloud Platform | Application hosting, logging, secret management | All platform data, metadata, logs | United States |
| MongoDB Atlas | Primary database | All platform data (encrypted at rest) | United States |
| ShipStation | Shipping label generation (when merchant opts in) | Order and buyer shipping address data | United States |
| Stripe | Billing and subscription management | Merchant billing data only; no buyer order data | United States |
We may also disclose your information if required by law or in response to legal processes, such as a court order or subpoena. Where legally permitted, we will notify the affected merchant before disclosure.
5. Data Retention
- Merchant Account Data: retained for the life of the account and for a reasonable period after termination to handle billing and legal obligations.
- Amazon Buyer PII (names, addresses, contact details): retained no more than 30 days after order shipment, in compliance with Amazon’s Data Protection Policy. After 30 days, PII fields are automatically purged; non-PII order metadata (order ID, SKUs, quantities, status) is retained for merchant reporting and reconciliation.
- Shopify and Etsy Buyer Data: retained for the life of the merchant’s account, or deleted on request under the platform’s GDPR or buyer-redact workflows.
- Logs: application and access logs retained for 12 months; security-relevant audit logs retained for 12 months.
- Backups: database backups retained for 35 days.
6. Security
- All data is encrypted in transit using TLS 1.2 or higher.
- All data is encrypted at rest using AES-256.
- Highly sensitive fields such as platform API tokens are additionally encrypted at the application layer (AES-256-GCM) using keys managed in Google Cloud Secret Manager.
- Access is restricted by role-based access control and multi-factor authentication.
- All access to production data is logged and reviewed.
- We maintain a written incident response plan with a 24-hour notification commitment to affected parties and regulators.
However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
7. International Transfers
Packwise operates from the United States. If you are located outside the US, your data is transferred to and processed in the US under appropriate safeguards (standard contractual clauses where applicable).
8. Your Rights and Choices
Depending on where you live, you may have the right to:
- Access: request access to personal data we hold about you.
- Correction: request correction of inaccurate data.
- Deletion: request deletion of your personal data, subject to legal and contractual obligations.
- Objection or Restriction: object to or restrict certain processing.
- Portability: request a portable copy of your data.
To exercise any of these rights, email support@packable.io. We respond within 30 days. Identity verification may be required.
Buyers whose data was transmitted via a merchant’s store should also contact the merchant directly, as the merchant is the data controller for their own orders.
9. Children
Packwise is an order-fulfillment tool for businesses and is not directed at children under 13. We do not knowingly collect personal data from children.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be announced to registered merchants by email. The “Last Updated” date at the top reflects the latest change. Your continued use of the App after such changes constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
support@packable.io
Incident Management Point of Contact: Cole Laidlaw — cole@packable.io