Shipstar

Privacy Policy

Last updated: June 16, 2026

Privacy Notice

Thank you for choosing to be part of our community at Shipstar Inc. ("Company," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at [email protected].

This privacy notice describes how we might use your information if you:

  • Visit our website at shipstar.ai
  • Use our web application or API
  • Install our Slack application in your workspace
  • Engage with us in other related ways — including any sales, marketing, or events

What Information Do We Collect?

Personal information you disclose to us. We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Information automatically collected. We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

Third-party platform data. When you connect third-party services to Shipstar, we collect the information necessary to operate the integration:

  • Slack: Workspace ID, workspace name, bot user ID, bot access token, default channel selection, and incoming webhook URL. We do not read or store your Slack messages, files, or private channel content.
  • GitHub: Repository metadata, commit messages, and pull request titles/descriptions from repositories you explicitly connect. We do not access your source code.

Information we do not collect. We do not read, store, or process the content of your Slack messages, direct messages, or files. We do not access Slack channels beyond those you explicitly authorize for publishing. We do not use any data collected through our Slack integration to train machine learning models.

How Do We Use Your Information?

We use personal information collected via our Services for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations.

  • To facilitate account creation and authentication
  • To publish content to your connected channels (e.g., Slack) on your behalf
  • To send administrative information to you
  • To fulfill and manage your orders
  • To post testimonials with your consent
  • To request feedback
  • To protect our Services
  • To respond to legal requests and prevent harm

Will Your Information Be Shared With Anyone?

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations. We may process or share your data that we hold based on the following legal basis:

  • Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
  • Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
  • Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law.

We do not sell your personal information or share it with third parties for their marketing purposes. Third-party access tokens (such as Slack bot tokens) are encrypted at rest and used solely to operate integrations you have authorized.

How Long Do We Keep Your Information?

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy notice:

  • Account data: Retained for the lifetime of your account. When you delete your account, your personal data is permanently removed within 30 days.
  • Integration tokens (Slack, GitHub): Stored only while the integration is active. When you disconnect an integration or uninstall the Slack app, associated tokens and workspace data are deleted immediately.
  • Generated content: Retained for the lifetime of your account. You may delete individual content items at any time.
  • Usage and analytics data: Retained for up to 24 months for service improvement purposes.
  • Billing records: Retained as required by applicable tax and accounting laws (typically 7 years).

If a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements), we will retain your information for the required period.

How Do We Keep Your Information Safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include:

  • Encryption of sensitive data at rest (including third-party access tokens)
  • TLS 1.2+ encryption for all data in transit
  • Secure OAuth 2.0 flows with state parameter validation for all integrations
  • HMAC-SHA256 request signature verification for incoming Slack requests

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

What Are Your Privacy Rights?

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data. You can delete your account from your profile settings, or email us at [email protected].
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request a machine-readable copy of data you provided to us.
  • Right to object: Object to processing of your personal data for certain purposes.

How to exercise your rights: To make a data access, correction, portability, or deletion request, email us at [email protected]. We will respond to all verifiable requests within 30 days. You do not need to create an account to submit a request.

California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, email [email protected].

European residents (GDPR): If you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

Contact Us

If you have questions or comments about this notice, or wish to exercise your data rights, you may email us at [email protected] or by post to:

Shipstar Inc.
United States