Privacy Policy

1. Information We Collect

Merchant Information

When merchants apply to join the OrderShield network, we collect:

• Business name, legal entity type, and registration details
• Employer Identification Number (EIN) or Tax ID
• Banking and financial information for settlement purposes
• Contact information for authorized representatives

Customer Information

When customers use the OrderShield platform, we collect:

• Full name and contact information
• Email address and phone number
• Payment details (processed through our secure payment gateway)
• Transaction history and OrderShield Protection records

Automatic Data Collection

When you access the OrderShield platform, we automatically collect:

• IP address and geolocation data
• Browser type, version, and language preferences
• Device information, including operating system and device identifiers
• Usage data, including pages visited and actions taken on the platform

Third-Party Data

We may receive information from third parties, including:

• Payment processors and card networks for transaction verification
• Identity verification services
• Fraud prevention and risk management services

2. How We Use Your Information

We use the information we collect for the following purposes:

• Transaction Processing: To process OrderShield Protection purchases, manage shipping protection coverage, and facilitate merchant settlements
• Fraud Prevention: To detect, prevent, and investigate fraudulent transactions and unauthorized access to the platform
• Risk Management: To assess and manage risk related to merchant onboarding, transaction processing, and platform operations
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements
• Platform Improvement: To analyze usage patterns, improve platform functionality, and develop new features and services
• Communications: To send transactional notifications, account updates, and marketing communications (with your consent)

3. Data Sharing

Service Providers

We share information with trusted service providers who assist in operating our platform, including:

• Payment gateway providers for secure transaction processing
• Cloud hosting and infrastructure providers
• Card networks for authorization and settlement
• Analytics and monitoring services

Legal Disclosures

We may disclose your information when required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

No Sale of Personal Information

OrderShield does not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted to and from the OrderShield platform is encrypted using TLS 1.3 protocols
• Encryption at Rest: Stored data is encrypted using AES-256-GCM encryption
• Payment Tokenization: Payment card data is tokenized and never stored in raw form on our servers
• Audit Logging: All access to sensitive data is logged and monitored for unauthorized activity
• Access Controls: Role-based access controls limit data access to authorized personnel only

5. Data Retention

We retain your information for the following periods:

• Transaction Records: 7 years from the date of transaction, as required by financial regulations
• Merchant Account Data: 10 years following account closure
• Customer Data: Duration of the OrderShield Protection coverage period plus 7 years
• Platform Logs: 90 days for operational and security purposes

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a copy of your data in a structured, machine-readable format

To exercise any of these rights, please contact us through our website.

7. Cookies and Tracking

The OrderShield platform uses cookies and similar tracking technologies for the following purposes:

• Essential Cookies: Required for platform functionality, including authentication, session management, and security
• Analytics Cookies: Used to understand how visitors interact with the platform, helping us improve the user experience

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect platform functionality.

8. Children's Privacy

The OrderShield platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to, stored on, and processed by servers located in the United States. If you are accessing the OrderShield platform from outside the United States, please be aware that your information may be transferred to a jurisdiction with different data protection laws than your home jurisdiction.

10. CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information held by businesses
• The right to opt out of the sale of personal information (note: OrderShield does not sell personal information)
• The right to non-discrimination for exercising your CCPA rights

11. GDPR Rights (EU Residents)

If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights related to automated decision-making and profiling

12. Contact Us