The CCPA grants California residents new rights regarding the collection of their personal information and requires companies to comply with certain obligations.
How the CCPA Applies to ShipLeaf
ShipLeaf Users are considered “Businesses” under the terms of the CCPA. In those terms, Businesses are primarily responsible for ensuring their processing of personal data is compliant with all relevant data protection laws, including the CCPA.
ShipLeaf acts as a “Service Provider” and shall collect, access, maintain, use, process and transfer the personal information of Businesses and their end customers solely for the purpose of performing our obligations to our Users, and for no other commercial purpose other than the performance of such obligations and improvement of the Services we provide.
Data Processing, Transfers and Sales
ShipLeaf will only process User Personal Data on the instructions of the User unless required by law to act without such instructions.
By using the ShipLeaf Service, the User agrees to the ShipLeaf Terms, including this addendum, and instructs ShipLeaf to process User Personal Data as follows:
- to provide the Service to the User;
- as further instructed by the User through use of the Service, including by instructions given on the ShipLeaf interface, by the uploading of CSV files to the ShipLeaf Service, or importing data from other sources;
- as set our in the Terms and this addendum; and
- as otherwise instructed in writing by the User, which ShipLeaf acknowlesdges to be instructions for the purposes of this addendum.
The User can submit User Personal Data to ShipLeaf to an extent determined and controlled by the User in its sole discretion, and which may include (but not necessarily limited to) personal data on the following categories of data subjects:
- the User’s end customers, suppliers, and business partners;
- employees and points of contact of the User’s end customers, suppliers, and business partners; and
- the User’s employees, agents, advisors, and contractors, including but not limited to those with authorized access to the Service.
ShipLeaf does not “sell” User Personal Data as defined under the CCPA, which means that ShipLeaf also does not rent, disclose, transfer, make available or otherwise communicate that data to any third party for monetary or other valuable consideration. ShipLeaf may share aggregated and/or anonymized information regarding Users’ use of the Service with third parties to assist with developing and improving the Service as detailed in our Terms.
Data Retention and Deletion
The User may delete User Personal Data in a manner consistent with the functionality of the Service during the term of service. If the User uses a Service function to delete any User Personal Data in such a way that it can not be recovered by the User, this will constitute an instruction to ShipLeaf to delete the relevant data from its systems in accordance with applicable law.
If the User wishes to delete User Personal Data that can not be deleted via functionality provided by the Service, the User should send a deletion request to [email protected]. ShipLeaf will strive to respond to all such requests as soon as reasonably practical.
If the User ceases to subscribe and use the Service, or ShipLeaf permanently discontinues access to the User’s account, all User Personal Data will be deleted or anonymized unless ShipLeaf is required by applicable law to retain the data.
Data Security Measures
ShipLeaf follows industry standards on information security management to safeguard sensitive information, such as User Personal Data. Our information security systems apply to people, processes and information technology systems on a risk management basis.
Because no method of transmission over the Internet, or method of electronic storage, is 100% secure, ShipLeaf cannot guarantee that unauthorised parties will not gain access to User Personal Data. To the extent permitted by applicable law, ShipLeaf expressly excludes any liability arising from any unauthorised access to User Personal Data.
ShipLeaf uses the following subprocessors for User data:
- Aircall (User Support)
- Amazon Web Services (Cloud Infrastructure Provider)
- Datadog (Analytics)
- Digital Ocean (Cloud Infrastructure Provider)
- EasyPost (Fulfillment Services)
- Google (User Support and Analytics)
- Intercom (User Support and Analytics)
- Postmark (Email Delivery Provider)
- Slack (User Support and Analytics)
- Stripe (Payment Gateway)
Limitation of Liability
ShipLeaf and all of its entities' aggregate liability to the User, arising from or related to this addendum, are subject to the "Limitation of Liability" section of the Terms.