Privacy Policy

Last Updated: 04/09/2026

1. Introduction

This Privacy Policy explains how Sourship (“we”, “us”, or “our”) collects, uses, processes, and protects personal data in connection with our sourcing, warehousing, and fulfillment services.

Role: Data Processor (primarily), Data Controller (limited cases)

We are committed to handling personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Roles & Responsibilities

Section Summary You (the seller) control the customer data. We simply process it on your behalf to ship the orders.

2.1 Sellers (Our Clients)

When you use Sourship to fulfill orders:

You act as the Data Controller.
You determine what customer data is collected and why.

2.2 Sourship

We act as:

Data Processor → when processing end-customer data on your behalf.
Data Controller → for your account, billing, and platform usage data.

We process data strictly based on your instructions and applicable legal obligations.

3. Information We Collect

We collect only data necessary to operate our services.

3.1 Seller Account Data

Name, email address, phone number
Business details and billing address
Payment and transaction metadata

3.2 End-Customer Data (Processed on Your Behalf)

Name
Shipping address
Phone number
Order details

We do not use this data for marketing or independent purposes.

3.3 Technical & Usage Data

IP address
Device and browser information
Login timestamps and activity logs

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

Contractual Necessity: To provide fulfillment, shipping, and account services.
Legitimate Interests: To improve platform performance, security, and reliability.
Legal Obligations: To comply with financial, tax, and regulatory requirements.
Consent (where applicable): For non-essential cookies or optional features.

5. How We Use Data

Section Summary We use data strictly to operate logistics. We will never sell your data or market to your end-customers.

We use data strictly to:

Process and fulfill orders
Purchase inventory and coordinate suppliers
Generate shipping labels and tracking
Manage billing, subscriptions, and wallet balances
Provide customer support and platform updates
Maintain platform security and fraud prevention

We do not:

Sell personal data
Market to your customers
Contact your customers directly

6. Data Sharing & Subprocessors

We share data only when necessary for service delivery.

6.1 Logistics Providers

We share shipping details with carriers (e.g., YunExpress, Yanwen, postal services) to deliver packages.

6.2 Suppliers

We share product specifications and quantities only. End-customer data is never shared with suppliers.

6.3 Payment Processors

Payments are handled by secure third-party providers. We do not store full credit card details.

6.4 Infrastructure & Technology Providers

We may use trusted providers for hosting, analytics, and security monitoring. All subprocessors are bound by data protection agreements.

7. International Data Transfers

Due to the global nature of fulfillment, data may be transferred outside the European Economic Area (EEA), including to China and other countries.

To ensure compliance, we implement safeguards such as:

Standard Contractual Clauses (SCCs)
Contractual data protection obligations
Restricted access controls

8. Data Retention

We retain data only as long as necessary:

Account Data: Duration of account + up to 6 years (legal/financial compliance).
Order Data: Up to 6 years for tax and dispute purposes.
Technical Logs: Typically 30–90 days unless required for security.

After retention periods, data is securely deleted or anonymized.

9. Data Security

We implement industry-standard security measures, including:

Encryption in transit (SSL/TLS)
Access control and authentication systems
Monitoring for unauthorized access
Secure infrastructure and storage practices

No system is 100% secure, but we continuously improve our defenses.

10. Data Breach Notification

In the event of a data breach:

We will investigate immediately.
Notify affected users where legally required.
Comply with the GDPR 72-hour notification rule (if applicable).

11. Your Rights

Depending on your location, you have the right to:

Access your data
Correct inaccurate data
Request deletion (“right to erasure”)
Restrict or object to processing
Request data portability
Withdraw consent where applicable

You also have the right to lodge a complaint with your local data protection authority.

12. Seller Responsibilities

Section Summary You must have your own Privacy Policy on your store and collect your customers’ data lawfully before sending it to us to fulfill.

As a Seller using Sourship:

You are responsible for collecting customer data lawfully.
You must provide your own Privacy Policy to your customers.
You must ensure compliance with applicable data laws.

Sourship acts only on your instructions regarding end-customer data.

13. Cookies & Tracking

We use:

Essential Cookies: Authentication and session management.
Analytics Cookies: Platform usage insights and performance optimization.

Where required, users are presented with a cookie consent mechanism.

14. Children’s Data

Our services are not intended for individuals under 16. We do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this Privacy Policy periodically. For material changes:

We will notify users via email or dashboard notice.

16. Contact & Data Requests

For privacy-related inquiries or requests, please contact:

Email: support@sourship.com

If applicable, you may also contact your local data protection authority.