Privacy Policy

This Privacy Policy describes how Seven Peas LLC ("Seven Peas," "we," "us," or "our") collects, uses, stores, and shares information in connection with Parcello (the "Service"), a Shopify embedded application.

This policy is written for two audiences:

• Merchants who install Parcello on their Shopify store
• End customers of those merchants whose order data flows through the Service

Where the practices differ, we note which audience is addressed.

1. Information we collect

From Merchants

When a merchant installs and configures Parcello, we collect:

• Shop identifiers: Shopify shop domain, shop ID, store name, store address, primary contact email
• Authentication tokens: Shopify OAuth access tokens
• Carrier credentials:
  • UPS: OAuth access tokens and refresh tokens obtained via UPS's OAuth authorization code flow
  • FedEx: Child API keys and secrets obtained via FedEx's Account Registration API, the merchant's FedEx account number, and a record of the merchant's acceptance of the FedEx End-User License Agreement
  • All carrier credentials are encrypted at rest using AES-256-GCM
• Configuration data: Box and package definitions, ship-from addresses, carrier preferences, variant-to-box mappings, and similar shipping configuration
• EULA acceptance records: For FedEx, we record the merchant identity, EULA version, acceptance timestamp, and IP address. Per FedEx Integrator Provider requirements, these records are retained for ten (10) years and may be produced to FedEx on request

From Shopify (about orders and end customers)

When merchants process orders through Parcello, we receive from Shopify:

• Order metadata: order numbers, line items, quantities, fulfillment status
• End-customer information necessary for shipping: recipient name, shipping address, recipient email and phone (where provided by Shopify and necessary for label creation or carrier notifications)

We do not receive or store payment card numbers, passwords, or other sensitive financial information about end customers. Payment information is handled by Shopify and is never transmitted to Parcello.

Automatically collected

• Logs and diagnostic data: Logs may contain shop identifiers, order data including customer shipping information, and request paths. Carrier credentials are scrubbed before storage.
• Usage data: feature usage patterns to help us improve the Service.

We do not use third-party analytics, advertising, or behavioral tracking on the Parcello embedded app surface. We do not place tracking cookies on Shopify storefronts.

2. How we use information

We use the information described above to:

• Provide the Service: fetch shipping rates, create labels, manage fulfillments, write tracking numbers back to Shopify
• Authenticate with Shopify and connected carriers on the merchant's behalf
• Communicate with merchants about the Service (support, security notices, billing, service updates)
• Diagnose and fix bugs, monitor performance, and improve reliability
• Comply with legal obligations, including responding to lawful requests from authorities
• Enforce our Terms of Service and protect against fraud, abuse, and security threats

We do not sell personal information. We do not use end-customer data for marketing, advertising, or profiling.

3. How we share information

We share information only as follows:

With shipping carriers

To create labels and fetch rates, we transmit order and shipping data — including recipient name, address, phone, package dimensions and weight, and declared value — to the carrier the merchant has selected (currently UPS or FedEx). The carrier processes this data under its own terms and privacy policy.

With Shopify

We write tracking numbers and fulfillment information back to Shopify on the merchant's behalf via authenticated Shopify API calls.

With Labelary (and similar rendering tools)

Where the Service uses third-party rendering tools to convert label formats (e.g., ZPL to PDF), only the label image data is sent. Label payloads sent to such tools contain recipient name, address, and tracking number but are not stored by Labelary after rendering. We will update this policy if we change rendering providers.

With infrastructure providers

We use third-party infrastructure to operate the Service:

• Railway — application hosting (United States)
• PostgreSQL via Railway — database (United States)
• Sentry — error monitoring and diagnostic data (United States). PII is scrubbed before transmission.

These providers act as data processors under our instructions and do not use Merchant Data or end-customer data for their own purposes.

Legal disclosures

We may disclose information when required by law, subpoena, court order, or other valid legal process, or to protect the rights, property, or safety of Seven Peas, our users, or others.

Business transfers

If Seven Peas is acquired or merged, information may be transferred as part of that transaction. We will provide notice before any such transfer becomes effective.

4. Encryption and security

We implement reasonable technical and organizational measures to protect information, including:

• Encryption in transit: All API traffic uses TLS (HTTPS).
• Encryption at rest: Carrier credentials (UPS OAuth tokens, FedEx child keys and secrets, FedEx account numbers) are encrypted using AES-256-GCM. Database storage is encrypted at the storage layer.
• Access controls: Production access is limited to authorized Seven Peas personnel. Access is logged.
• Environment separation: Production and staging environments use separate credentials and databases.
• Webhook verification: All inbound webhooks from Shopify are HMAC-verified before processing.

No security program is perfect. We do not warrant that the Service is invulnerable to breach. If we become aware of a security incident affecting your data, we will notify affected parties as required by applicable law.

5. Data retention

Data type	Retention
Merchant configuration data (boxes, addresses, preferences)	While the app is installed, plus 48 hours after uninstall
Order and shipment records	While the app is installed, plus 48 hours after uninstall
End-customer shipping data	While the app is installed, plus 48 hours after uninstall
Carrier credentials	While the app is installed; deleted on uninstall per shop/redact
FedEx EULA acceptance records	Ten (10) years, per FedEx Integrator Provider requirements
Application logs	As set by our hosting provider, currently approximately thirty (30) days
Billing records (if applicable)	Seven (7) years, as required for tax and accounting

After the 48-hour grace period following app uninstall, we delete Merchant Data and end-customer data pursuant to Shopify's shop/redact webhook. The 48-hour window allows accidental uninstalls to be recovered by reinstalling.

EULA acceptance records and billing records are preserved for the periods stated above regardless of uninstall.

6. Shopify compliance webhooks

Per Shopify's requirements for apps that handle customer data, we implement the following webhooks:

• customers/data_request — When a merchant requests a copy of an end customer's data, we provide the shipping records associated with that customer within thirty (30) days.
• customers/redact — When a merchant requests deletion of an end customer's data, we delete the associated records.
• shop/redact — Forty-eight (48) hours after uninstall, we delete all shop data, subject to the legal-retention exceptions in Section 5.

7. International data transfers

Seven Peas operates from the United States, and our infrastructure is located in the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States.

For merchants and end customers in the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards for such transfers, including standard contractual clauses where required.

8. Your rights (GDPR, CCPA, and similar laws)

Depending on your location, you may have rights regarding your personal information, including:

• Access: Request a copy of the information we hold about you
• Correction: Request that we correct inaccurate information
• Deletion: Request that we delete your information
• Portability: Request a machine-readable copy of information you provided
• Objection / restriction: Object to or restrict certain processing
• Non-discrimination: Receive non-discriminatory treatment for exercising your rights (CCPA)

For end customers: The merchant whose store generated the order is the data controller for the order data. Submit access, correction, or deletion requests through that merchant. The merchant can then trigger the relevant Shopify compliance webhook, which we will honor.

For merchants: Submit requests directly to us at the contact address below. We will respond within the timeframes required by applicable law (typically thirty days under GDPR, forty-five days under CCPA).

Right to lodge a complaint: EEA/UK residents may lodge a complaint with their local data protection authority. California residents may contact the California Attorney General.

We do not sell personal information, and we do not engage in "sharing" of personal information for cross-context behavioral advertising as those terms are defined under California law.

9. Children

Parcello is not directed to children under sixteen (16) and we do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service, by email to the merchant contact on file, or via your Shopify admin. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy.

11. Contact

Privacy questions or requests can be sent to:

Seven Peas LLC
Email: parcello-support@oursevenpeas.com

For GDPR purposes, Seven Peas LLC is the data controller for Merchant Data and a data processor for end-customer data (the merchant is the controller).