Privacy Policy

Last Updated: December 5, 2025

1. Data Controller

"SupShip" Ltd (EIK: 208444105)
ul. Vitinya 1B, bl. 1, ent. B, fl. 1, ap. 1
1517 Sofia, Bulgaria
Email: office@supship.io

2. Data We Collect

  • Account Data: Name, email, phone number
  • Business Data: Company name, VAT number, IBAN for payouts
  • Order Data: Customer shipping addresses (processed on your behalf)
  • Usage Data: Analytics, logs, device information

3. Legal Basis (GDPR Art. 6)

  • Contract Performance: To provide our services
  • Legitimate Interest: To improve our platform and prevent fraud
  • Legal Obligation: Tax records, compliance requirements
  • Consent: Marketing communications (opt-in only)

4. How We Use Your Data

  • Process orders and manage fulfillment
  • Transfer payouts to your IBAN
  • Send transactional emails (order confirmations, shipping)
  • Provide customer support
  • Comply with legal obligations

5. Data Sharing

We share data only with trusted partners necessary for our service:

  • Fulfillment Partners: To process and ship orders
  • Payment Processors: Stripe (PCI-DSS compliant)
  • Cloud Infrastructure: Supabase (EU region)

We never sell your personal data.

6. Data Security

  • All data transmitted via HTTPS/TLS encryption
  • Sensitive data (IBAN) encrypted at rest
  • Access controls and authentication
  • Regular security assessments

7. Data Retention

  • Active Accounts: Duration of business relationship
  • Closed Accounts: Up to 7 years (legal/tax requirements)
  • Server Logs: 12 months

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing
  • Withdraw Consent: At any time for consent-based processing

To exercise your rights, email us at . We respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. Analytics cookies (PostHog) help us improve the platform. You can manage cookies in your browser settings.

10. International Transfers

Your data is primarily stored in EU data centers. Any transfers outside the EU are protected by Standard Contractual Clauses or equivalent safeguards.

11. Changes to This Policy

We may update this policy periodically. Material changes will be notified via email or platform notification.

12. Contact & Complaints

For privacy inquiries:

You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) or your local supervisory authority.