How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. Data at-rest is stored after being encrypted using industry standards.

Do we use cookies?

Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

What information do we collect?

We collect information from you when you register on our site, fill out a form or interact in anyway with your Shiptheory account.

When subscribing or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or third party API credentials. Data may also be collected from any third party systems you connect to your Shiptheory account via any third party API's.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

To personalise your experience (your information helps us to better respond to your individual needs)

To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)

To provide service functions (This includes functions such as creating orders and shipments with third-party partners, such as carriers and technology firm, where data is shared solely for the purpose of providing said service functions)

To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)

To process transactions

To administer a contest, promotion, survey or other site features

To send periodic emails (the email address you provide may be used to send you

information, respond to inquiries, and/or other requests or questions)

Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.

How long do we retain your personal information?

We will retain your personal information and any data gathered from your Shiptheory usage for so long as you are registered with Shiptheory, and for up to 6 years thereafter. In some cases, data may be deleted sooner, where the requirements of our partners specify.

Moreover, where personal information is no longer necessary we may delete it sooner.

Transfer of your data out of the EU & EEA

We store your data on servers located across different countries and your data may be stored and processed outside of the country you reside in.

Regardless of the country where we may store and process your data, the principles described in this Policy will apply.

When we transfer data outside the EEA, the following frameworks apply to lawfully transfer EU & EEA data to a third country.

  • Adequacy decision under article 45(3) EU GDPR

The European Commission has declared in accordance with article 45(3) of the EU GDPR that certain countries offer an adequate level of protection for personal data and that personal data can be transferred to those countries without any extra measures.

For the list of countries with adequacy status:


  • Article 46 GDPR and Standard Contractual Clauses

When we transfer data outside the EU&EEA to a country with no adequacy status, we rely on the Standard Contractual Clauses(SCCs) approved by the EU in accordance with the EU GDPR Article 46(2).

The SCCs approved and issued by the EU Commission can be found at:




When we act as a data controller or when we act as a processor and appoint sub-processors for certain services, we incorporate the SCCs (2021 Version) approved by the EU Commission into our data processing agreements to lawfully transfer data outside the EEA area.

To obtain a copy of our Data processing Agreement incorporating SCCs, contact us at: support@shiptheory.com

Transfer of your data out of the UK

When we transfer data outside the UK, the following frameworks apply:

  • UK Adequacy Framework

The UK has approved similar adequacy decisions and when we transfer UK data to these countries & territories, we do not implement any supplementary measures.

The UK Adequacy Regulations, including the list of adequate countries, can be found at:


  • Transfer of UK Data to a non-adequate third country and Standard Contractual Clauses

When we transfer UK data to a non-adequate country, we rely on the old SCCs approved by the EU Commission, by the Commission Decision 2010/87/ on 5 February 2010 in accordance with article 46(2) of the UK GDPR.

The 2010 SCCs we rely on can be found at:


When we act as a data controller or when we act as a processor and appoint sub-processors for certain services, we incorporate the old SCCs(2010 Version) approved by the EU Commission into our data processing agreements to lawfully transfer data outside the UK.

To obtain a copy of our Data processing Agreement incorporating SCCs, contact Us at: support@shiptheory.com

Note that the old EU SCCs will remain in force in the UK until March 2024. For more detailed Guidance, please refer to:


What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a fee for this service.

The right to rectification – You have the right to request we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions. To protect your data, if you wish to request your data is erased, we ask you to complete our data erasure form.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us here.

Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Your Consent

By using our site, you consent to our privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

This policy was last modified on 20/05/2022