Privacy policy

Last updated 15 May 2026 · effective 1 June 2026

This policy explains what data Shiptrack collects when you use our platform (the dashboard, driver app, customer tracking page, and APIs), why we collect it, and what we do with it.

The TL;DR: We collect what we need to run a delivery platform — your orders, your customers, your team. We don't sell it, we don't share it for advertising, and we store it on Indian servers. You own the data and can export or delete it any time.

1. Who we are

Shiptrack is operated by Serves Technologies Pvt. Ltd., an Indian private limited company registered in Karnataka (CIN U72900KA2024PTC123456). Our registered address is 2nd Floor, 112 12th Main, Indiranagar, Bengaluru 560038.

2. What we collect

Account data: name, email, phone, business name, GSTIN. Created when you sign up.

Operational data: orders you process, customer records (name, phone, address), driver profiles, products, invoices. Stored as long as your account is active.

Device & usage data: IP, user-agent, pages viewed, actions taken — for security, debugging, and product analytics. Retained for 90 days, then aggregated.

Location data: driver GPS pings while on duty. Stored for 30 days for dispute resolution, then deleted.

3. How we use it

To provide the service you signed up for
To send transactional notifications (renewals, invoices, security alerts)
To respond to support requests
To improve the product — always against aggregated, de-identified data
To comply with Indian law (tax, anti-money-laundering, court orders)

We do not sell your data, use it for cross-customer training, or share it for advertising.

4. Sub-processors

We share data with a small list of sub-processors strictly to deliver the service. Current list:

Provider	Purpose	Location
AWS Mumbai & Hyderabad	Infrastructure	India
Supabase (Mumbai region)	Database & auth	India
Razorpay	Payments processing	India
Meta WhatsApp Business	WhatsApp messaging	India
Gupshup	SMS delivery	India
AWS SES	Transactional email	India
Google Maps	Routing & geocoding	Global

5. Where it lives

All operational data is hosted on Indian regions only (AWS Mumbai, Hyderabad). We never store production data outside India. Backups are encrypted and stored in the same regions.

6. Your rights

You can export, correct, or delete your data at any time from the Settings → Data screen, or by emailing privacy@shiptrack.in. We honour deletion requests within 30 days.

7. Children

Shiptrack is a B2B product. We do not knowingly collect data from anyone under 18.

8. Changes

If we make material changes to this policy, we will email account owners at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance.

Terms of service

Last updated 15 May 2026

By using Shiptrack, you agree to these terms. If you don't agree, please don't sign up.

1. The service

Shiptrack provides software for managing delivery operations. We host the service on our infrastructure and provide it to you over the internet. We do not own or operate delivery vehicles, employ drivers, or handle physical goods.

2. Your account

You're responsible for keeping your password safe and for everything that happens under your account. Notify us immediately if you suspect unauthorised access.

3. Acceptable use

Don't use Shiptrack to: send unsolicited messages, harass anyone, violate any law, run illegal businesses, or attempt to gain unauthorised access to other accounts.

4. Subscription & payment

Subscriptions are billed monthly or annually in advance. Razorpay processes payments. You authorise us to charge your saved payment method on each renewal until you cancel.

If a payment fails, we retry it 3 times over 7 days. After that the account enters a 15-day grace period at full functionality. After grace, the account becomes read-only until renewed. Data is never deleted as a consequence of non-payment.

5. Overage

If you exceed your plan's monthly order limit, additional orders are charged at ₹1.50/order, billed at the start of the next cycle. We'll show you a banner before this happens.

6. Cancellation

You can cancel any time from the billing screen. You keep access until the end of your current billing period. Annual plans are non-refundable mid-cycle but remain active through the end of the term.

7. Service availability

We target 99.5% uptime on paid plans, 99.9% on Enterprise. Scheduled maintenance is announced 72 hours in advance. We are not liable for outages caused by force majeure (natural disasters, government action, ISP failures, etc.).

8. Limitation of liability

Our maximum liability to you, for any reason, is capped at the fees you paid in the 12 months before the claim. We are never liable for indirect or consequential damages (lost profit, lost data, lost goodwill).

9. Termination

We may terminate accounts that violate these terms with 30 days' notice (or immediately if there's a safety / legal emergency). You can terminate any time. On termination, we provide a 30-day window to export your data, after which it's deleted.

10. Governing law

These terms are governed by Indian law. Disputes are subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka.

Data Processing Agreement (DPA)

Last updated 15 May 2026

When you process the personal data of your customers and drivers through Shiptrack, you are the data controller and we are the data processor. This DPA forms part of your terms of service and governs that processing.

A signed-PDF version of this DPA is available on request — email dpo@shiptrack.in with your business name and GSTIN.

1. Subject matter

We process personal data only to deliver the service: store orders, route deliveries, send notifications, generate invoices, and provide support.

2. Categories of data

Customer: name, phone, email, delivery address, order history
Driver: name, phone, vehicle registration, KYC documents, location (during shift)
Team: name, email, role, login activity

3. Confidentiality & security

Every Shiptrack employee signs a confidentiality agreement. Production data access requires 2FA, named approval, and is logged. We follow ISO 27001-aligned controls and are SOC 2 Type II audited annually.

4. Sub-processors

Listed in the Privacy section above. You can subscribe to email alerts when we add or change a sub-processor (settings → notifications → policy updates).

5. International transfers

No international transfers occur. All data stays in Indian regions.

6. Data subject requests

If your customer or driver asks you for access, correction, or deletion of their data, you can fulfil that request from the Shiptrack admin (Settings → Customers → ⋯ → Export / Delete). For complex cases, we'll assist within 5 business days.

7. Breach notification

If we become aware of a security incident affecting your data, we notify you within 24 hours with what we know, what we're doing, and what you should communicate to affected individuals.

8. Return / deletion on termination

On account termination, you have 30 days to export. After that, your data is permanently deleted from production systems within 30 days and from backups within 90 days.

Refund policy

Last updated 15 May 2026

Monthly subscriptions

Monthly subscriptions are non-refundable once charged. You can cancel any time from your billing screen and retain access until the end of the current billing period.

Annual subscriptions

We offer a 14-day money-back guarantee on first-time annual subscriptions. Email billing@shiptrack.in within 14 days of payment, and we'll refund the full amount (less Razorpay processing fees, which Razorpay does not return to us).

After 14 days, annual subscriptions are non-refundable. You can cancel and the plan remains active until the end of the term.

GST

GST collected is remitted to the government. If a refund is issued, the GST amount is refunded with it, and we generate a credit note for your records.

Failed payments / chargebacks

If a payment fails or is reversed, the corresponding service period is suspended. We don't dispute customer chargebacks against subscription fees — we'd rather refund and learn what went wrong.

Edge cases

If you upgrade or downgrade mid-cycle, we pro-rate. If we have a material outage of more than 4 hours in a single day, we credit a full day of your plan to your next invoice automatically.

Security

Last updated 15 May 2026

Security is a feature, not a checkbox. Here's how we handle yours.

Infrastructure

Hosted on AWS Mumbai & Hyderabad (Indian regions only)
All traffic over TLS 1.3
Database encrypted at rest with AES-256
Daily backups, point-in-time recovery up to 7 days (30 on Enterprise)
Multi-AZ deployment with automatic failover

Application

2FA available on all accounts; mandatory for Owner/Admin roles
SAML SSO on Enterprise plans (Google Workspace, Microsoft 365, Okta)
Granular role-based access control (RBAC)
Audit log of every action, retained 365 days (forever on Enterprise)
Webhooks signed with HMAC-SHA256; API tokens scoped per role

Process

SOC 2 Type II audited annually by an Indian Big-4-affiliated firm
Quarterly penetration tests by certified Indian InfoSec teams
Mandatory security training for all team members on hire
Vulnerability disclosure program at security@shiptrack.in

Need a security review document or SOC 2 report? Email security@shiptrack.in from your work address. We share under standard NDA.

Cookies

Last updated 15 May 2026

We use cookies sparingly. Here's the full list.

Cookie	Purpose	Expires
`sp_session`	Keeps you signed in	30 days
`sp_csrf`	Cross-site request forgery protection	Session
`sp_prefs`	UI preferences (theme, density)	1 year
`sp_consent`	Records your cookie choices	1 year

We do not use third-party advertising cookies, social media trackers, or behavioural analytics SDKs. Our product analytics (PostHog, self-hosted in Mumbai) uses a first-party cookie and respects Do Not Track.