Security & Compliance Q&A
Is Shipbook GDPR compliant?
Yes, Shipbook is fully GDPR compliant. We store logs only for essential purposes and retention periods. We provide tools for data access, deletion (right to be forgotten), and objection to processing.
For more details, see the GDPR Compliance.
Is Shipbook CCPA compliant?
Yes, Shipbook complies with the California Consumer Privacy Act (CCPA), respecting users' rights to be informed, access data, delete data, and opt-out of data collection.
For more details, see the CCPA Compliance.
Where is my data stored?
Shipbook uses server space from third-party providers based in the European Union, which are GDPR-compliant.
How safe is my data?
We use industry-standard firewalls and SSL encryption to protect data networks. Employee access to logs is restricted on a "need-to-know" basis.
Does Shipbook store personal information (PII)?
Shipbook advises against logging sensitive PII (credit cards, passwords, etc.). It is the customer's responsibility to ensure such data is not included in logs.
For user identification:
- Best Practice: Sending a
userIdoremailallows you to easily search and filter logs for specific users, significantly speeding up debugging. - Privacy Alternative: If you prefer not to share identifiable information, you can use a hash of the
userIdor an internal ID. Like this you wiil be abel to search for logs using this hashed/internal ID without exposing real user details to Shipbook.
Can logs be deleted upon user request?
Yes, specifically for GDPR and CCPA, if a user requests data deletion, Shipbook can comply without affecting other data. Additionally, all information is automatically deleted after your plan's retention time.