Privacy Policy
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.
SECTION 1: INTRODUCTION AND SCOPE
1.1 Unified Governance
This Privacy Policy (the “Policy”) is established by Shipnovia Group Inc., dba SHIPVIA
COURIERS (collectively, “ShipVia Couriers,” the “Platform,” or the “Company”).
This Policy governs the collection, use, disclosure, processing, retention, storage, transfer, and
safeguarding of personal information across all ShipVia Couriers platforms, including but not
limited to shipviacouriers.ca and shipviacouriers.com, together with all associated dashboards,
APIs, support interfaces, mobile-optimized views, and digital integrations.
This Policy is inextricably linked to the Master Terms and Conditions. Together, the two
documents form a unified contractual and governance framework. By accessing the Platform,
generating a Shipping Label, purchasing ShipVia Package Protection, purchasing any optional
services or completing checkout, you provide unified, binding consent to both this Policy and
the Master Terms and Conditions.
In the event of an irreconcilable conflict between this Policy and the Master Terms and
Conditions, the Master Terms shall prevail with respect to commercial liability, fee
adjudication, and operational disputes. This Policy governs specifically the handling,
protection, and lawful processing of personal information.
1.2 Compliance Baselines (Canada & USA)
ShipVia Couriers maintains a centralized privacy governance model that aligns with the
following baseline regulatory frameworks:
Canadian Operations: For data collected, processed, or stored in connection with Canadian
operations, ShipVia Couriers adheres to the Personal Information Protection and Electronic
Documents Act (PIPEDA), including its principles of accountability, identifying purposes,
consent, limiting collection, limiting use, safeguarding, openness, and individual access rights.
United States Operations: For U.S.-based operations, ShipVia Couriers adopts the California
Consumer Privacy Act (CCPA) as its operational baseline standard for transparency, consumer
rights, disclosure obligations, and limitations on the “sale” of personal information. Where
additional U.S. state privacy laws apply, we endeavor to apply protections consistent with or
exceeding the CCPA baseline.
Centralized Standard: Where data flows cross provincial, state, or international boundaries,
ShipVia Couriers applies a unified privacy standard designed to meet or exceed the stricter
applicable requirement.
1.3 Regional Accommodations & Special Requests
ShipVia Couriers recognizes that privacy regulations may vary by jurisdiction. While we
maintain a centralized compliance standard, we respect local mandates and reasonable regional
accommodation requests.
Users located in specific provinces, states, or countries may submit written inquiries regarding
region-specific rights, access requests, or compliance accommodations to our central privacy
office at privacy@shipviacouriers.ca.
All requests are reviewed in good faith and assessed in accordance with applicable legal
obligations, operational feasibility, and data retention constraints.
1.4 Non-Commercialization & Authorized Data Use
ShipVia Couriers maintains a strict operational principle regarding the integrity of User data.
Our “Zero-Sale” policy is defined and limited as follows:
Prohibition of Data Brokerage: ShipVia Couriers does not sell, rent, lease, trade, or monetize
personal information by transferring it to third-party data brokers, advertising networks,
analytics resellers, or marketing firms for their independent commercial exploitation.
Authorized Logistics Purpose: Personal information is collected and processed exclusively as
a professional logistics asset to facilitate shipment fulfillment, security verification, fraud
prevention, regulatory compliance, claim adjudication, billing reconciliation, loyalty or
volume-tier administration, and other legitimate operational purposes directly connected to the
Platform’s services.
No Authorization for Unauthorized Sale: ShipVia Couriers does not authorize, permit,
condone, or tolerate the sale, disclosure, or exploitation of User data by any individual
employee, independent contractor, intern, support staff member, or affiliated personnel for
personal or unauthorized commercial gain. Any such unauthorized action would constitute a
breach of internal Governance Standards, employment or contractor agreements, and
potentially applicable criminal or civil law. Such unauthorized conduct does not reflect the
Company’s corporate business model and is expressly prohibited.
Limitation on “Sale” Definition: The transfer of personal information to authorized service
partners, including Carriers, EU-based Protection Partners, upstream aggregators, Community
Partners, Support and business development team members, auditors, or Successor Entities,
where such transfer is strictly necessary for shipment fulfillment, claims adjudication, rebate
verification, or lawful business continuity, constitutes a functional and contractual requirement
of the Platform’s services and does not constitute a “sale” of data under our operational
interpretation of applicable law.
No Secondary Exploitation: Authorized partners receiving data for operational purposes are
contractually restricted from using such data for unrelated marketing, resale, or independent
commercial exploitation.
SECTION 2: COMPREHENSIVE DATA COLLECTION AND STORAGE
2.1 Categories of Data Collected
To facilitate logistics, security, regulatory compliance, financial reconciliation, and dispute
adjudication, ShipVia Couriers collects and processes a comprehensive range of personal and
transactional information, including but not limited to:
Personal & Account Details: Full names, physical and mailing addresses, email addresses,
telephone numbers, billing details, and communication preferences associated with account
creation or guest checkout.
Security & Verification Data: One-Time Passwords (OTPs), multi-factor authentication logs,
password reset history, IP verification data, device confirmation markers, and identity
verification records submitted for claims or fraud review.
Logistics & Shipment Data: Complete shipment information for both sender and recipient,
including parcel weights, dimensions, declared contents, declared values, chosen service
levels, selected Carriers, origin and destination data, routing decisions, Pickup or drop off hub
service details and tracking history.
Customs & Regulatory Data: All information included in customs declarations, including
itemized descriptions, harmonized system (HS) codes, country of origin data, declared values,
exporter/importer details, and any additional regulatory documentation required for
International transit.
Interaction & Support Records: Chatbot transcripts, support ticket logs, email correspondence,
dispute submissions, promotional or coupon code usage history, loyalty or volume-tier
participation records, and acknowledgment of disclaimers, waivers, or legal notices.
Audit & Interaction Records: Real-time tracking data, historical shipment logs, Carrier
Adjustment disputes, administrative fee adjudication records, promotional eligibility
verifications, rate display history, pre-rate safety screening inputs, customs declaration entries
submitted prior to ShipVia Rate visibility, and documentation of all legally binding
acknowledgments accepted by the User during any stage of session activity or checkout.
Financial & ShipVia Package Protection Data: Declared values for protection coverage, base
and total transaction amounts (including taxes), documentation submitted in support of claims,
and tokenized payment identifiers generated by PCI-compliant payment providers. Billing
records, wallet balances or email credit, invoice metadata, and post-billing adjustment records
may be administered through the Company’s designated Administrative Billing Provider used
for invoicing, financial reconciliation, ShipVia Wallet ledger management, and related billing
administration functions.
Note: ShipVia Couriers does not store raw credit card numbers or CVV data. All sensitive
payment information is processed exclusively through secure, PCI-compliant payment
processors utilizing tokenization.
2.2 Technical Metadata Repository (“Interaction Trail”)
ShipVia Couriers maintains a structured technical metadata repository, referred to internally as
the “Interaction Trail,” for each user session and transaction.
This repository may include:
• IP addresses and approximate geolocation data;
• Device fingerprints and browser identifiers;
• Session duration and navigation paths;
• Timestamped records of platform acknowledgments;
• Version-controlled acceptance logs for the Master Terms and this Privacy Policy;
• Promotional code or affiliate code usage logs;
• Login attempt history and anomaly detection markers.
Purpose of Metadata Collection: This metadata is collected and processed for legitimate
operational purposes, including but not limited to:
• Fraud detection and prevention;
• Identification of unauthorized account access;
• Bot detection and automated abuse mitigation;
• Validation of promotional eligibility and reward integrity;
• Defense against payment disputes and credit card chargebacks;
• Adjudication of Carrier Adjustments;
• Verification of legally binding consent at checkout.
In addition to technical session data, the Interaction Trail includes timestamped records of all
shipment-related and financial inputs entered or generated by the User or system, including but
not limited to shipment details entered prior to rate display, safety screening responses, customs
declarations, ShipVia Rate display and selection activity, ShipVia Package Protection
elections, declared values, payment confirmations, Pickup or drop off hub related data, Carrier
integration responses, billing adjustments, refund processing events, and claim submissions.
These records form part of the structured evidentiary metadata repository.
Evidentiary Function: The Interaction Trail serves as an authoritative internal record of User
actions, acknowledgments, and transactional behavior. Such records may be relied upon in
internal investigations, dispute resolution processes, arbitration proceedings, regulatory
inquiries, or court proceedings where necessary.
2.3 Storage and Security Protocols
Digital Storage: Collected data is stored within secure Wix Collections, restricted-access digital
drives, or comparable secure cloud infrastructure environments. Access is role-based and
limited strictly to authorized personnel on a need-to-know basis.
Encryption & Infrastructure Safeguards: Data is protected using industry-standard encryption
protocols while in transit and at rest. The Platform leverages enterprise-grade cloud
environments featuring firewalls, intrusion monitoring, access logging, and segregation of
environments where feasible.
Access Controls: Administrative access to personal information is restricted through credential
management, multi-factor authentication (where feasible), and periodic access review
processes.
Physical Records: Although ShipVia Couriers operates primarily in a digital-first environment,
any physical copies of shipping labels, customs declarations, claim documentation, or other
materials containing personal data are stored securely and destroyed via secure shredd ing
protocols once their operational purpose has been fulfilled.
Minimization Principle: Where feasible, personal data is limited to what is reasonably
necessary to fulfill the identified operational purpose.
2.4 Communications Governance
All operational communications issued by ShipVia Couriers, including platform notifications,
rate displays, system alerts, shipping confirmations, tracking updates, Protection claims data
handling and claims updates, SMS notifications, email communications, policy updates,
promotional communications, loyalty or fundback notices, customer support responses, and
website announcements, are processed in accordance with this Privacy Policy.
Communication records may be logged, timestamped, stored, and retained as part of the
Interaction Trail and metadata repository for fraud prevention, dispute resolution, compliance
verification, and evidentiary purposes.
SECTION 3: HOW WE USE AND DISCLOSE YOUR INFORMATION
3.1 Operational Fulfillment and Carrier Integration
The primary purpose for collecting and processing your personal information is to facilitate the
end-to-end logistics chain and associated financial reconciliation.
Carrier Integration via Technology and Rate Integrations: We disclose necessary shipment and
customs data through authorized rate, technology, and logistics integration partners that
facilitate access to third-party Carrier networks. Such disclosures enable Shipping Label
generation, transit initiation, tracking, customs data facilitation to carriers, Return to Sender
processing, and Carrier liability coordination. ShipVia Couriers does not independently operate
transportation services but facilitates logistics services through integrated upstream rate and
technology providers.
Upstream Aggregator Partners and Carriers: We may share operational data with authorized
wholesale logistics aggregators, carriers and upstream technology partners to secure volume-
based discounted shipping rates, enable label generation and shipment processing through
integrated APIs.
Purpose Limitation: Such disclosures are strictly limited to the operational necessity of
fulfilling Shipments and reconciling Carrier adjustments. Carriers and upstream partners are
not authorized to independently market unrelated products to you using this data unless
governed by their own separate relationship with you.
Administrative Billing Infrastructure: ShipVia Couriers may utilize a designated
Administrative Billing Provider to administer invoicing, financial reconciliation, ShipVia
Wallet balances and email credit, Carrier Adjustment pass-through charges, and related billing
records. This administrative billing platform operates as a secure operational layer between the
Platform, payment processors (including Stripe and PayPal), and operational partners. Payment
processing itself remains handled exclusively by PCI-compliant payment processors, while the
Administrative Billing Provider maintains invoice records, billing logs, and related financial
metadata required for operational reconciliation.
3.2 ShipVia Package Protection and International Claims
To administer and adjudicate ShipVia Package Protection claims, we share comprehensive
claim-related data with designated Service Partners, including partners located in the European
Union or other jurisdictions.
Scope of Data Shared: Data shared for claims adjudication may include:
• Customer and Recipient identity and contact details, including sender and recipient names,
addresses, contact numbers, and any declarations made in connection with shipment or customs
processing;
• Protection purchase confirmation;
• Declared values and original purchase invoices;
• Shipment tracking history and Carrier scan records;
• Carrier loss or damage confirmations;
• Photographic evidence of damage or packaging;
• Police reports (where applicable);
• Customs documentation for international Shipments.
• Interaction metadata and other documentation submitted relevant to the claim.
Cross-Border or International Data Transfers: Where Service Partners operate outside Canada,
personal information may be transferred internationally for underwriting review and claim
adjudication. Such transfers occur under contractual safeguards requiring confidentiality,
restricted purpose use, and commercially reasonable data protection standards. Data processed
in foreign jurisdictions may be subject to the lawful access requirements of those jurisdictions.
Operational Necessity: Such transfers are strictly necessary for the professional evaluation and
payment of protection claims and do not constitute a commercial sale of data.
Underwriting Autonomy: Service Partners process claim data solely for adjudication and
compliance purposes and are contractually prohibited from independent exploitation of such
information.
3.3 Regulatory, Customs, and Law Enforcement Disclosure
ShipVia Couriers complies with applicable legal obligations and lawful government requests.
Customs Authorities: We disclose customs declarations, shipment values, sender and recipient
information, and related documentation to customs authorities through our carrier or upstream
partner integrations to facilitate border clearance, tariff assessment, and regulatory compliance.
Legal and Law Enforcement: We may disclose relevant personal information and metadata:
• In response to subpoenas, court orders, or legally binding requests;
• To prevent imminent physical harm or financial fraud;
• To investigate Fraud, Misrepresentation, or Account Abuse;
• To defend the Company in legal proceedings.
Data Minimization in Legal Disclosure: Where disclosure is required, we limit such disclosure
to what is reasonably necessary to comply with the legal mandate.
3.4 Community Partners, Volume Perks or Affiliate code users, and Audit
Disclosures
For Users participating in Partner Clubs, Volume Tiers or Perks, loyalty programs, or
community-based incentives, certain transactional and operational data may be shared with
authorized Community Partners and auditors.
Fundback & Loyalty Facilitation: We may disclose transactional metrics, including shipment
frequency, total spend, qualifying thresholds, and relevant metadata necessary to calculate and
verify eligibility for rebates, Fundbacks and volume-based pricing incentives.
Audit and Compliance: Data may be disclosed to independent auditors or authorized
administrators to:
• Verify promotional integrity;
• Confirm eligibility thresholds;
• Prevent misuse of promotional codes or affiliate codes;
• Ensure compliance with the Master Terms and Conditions.
Anonymized Analytics: Where feasible, we may provide anonymized or pseudonymized trend
data to Community Partners for optimization of logistics performance.
Confidentiality & NDA Safeguards: Where personally identifiable information (PII) must be
disclosed to a Community Partner or Volume Perks users or affiliate code user administrator,
we require formal confidentiality agreements or Non-Disclosure Agreements (NDAs) to
restrict use exclusively to the authorized administrative purpose.
3.5 Internal Support, Platform Optimization, Fraud Defense, and
Automated Oversight
Support Resolution: Communication history, chatbot transcripts (stored only when required),
support ticket logs, and dispute records are used to resolve customer inquiries, investigate
shipment discrepancies, and improve support training systems.
Routing and Carrier Optimization: Aggregated shipment data, transit times, Carrier
performance metrics, and historical delivery outcomes are analyzed to refine routing logic,
improve pricing accuracy, and enhance Carrier integrations.
Promotion and Incentive Validation: Interaction logs, transaction history, and metadata are
used to verify eligibility for coupon codes, referral programs, Volume perks or affiliate code
user eligibility, loyalty benefits, Fundbacks, and Volume Tier pricing. These controls are
designed to prevent promotional abuse, duplicate account manipulation, and circumvention of
program rules.
Chargeback and Dispute Defense: Stored interaction logs and checkout acknowledgment
records may be used to defend against payment processor disputes, credit card chargebacks,
and regulatory complaints.
Automated Processing and Human Oversight: Certain fraud detection and risk monitoring
functions may involve automated analytical systems. However, ShipVia Couriers does not rely
solely on fully automated decision-making to impose account termination, financial penalties,
or denial of ShipVia Package Protection claims. Material enforcement decisions are subject to
human review and oversight to ensure fairness, proportionality, and consistency with
contractual obligations.
No Automated Legal Determinations: ShipVia Couriers does not engage in automated profiling
that produces solely automated legal or similarly significant effects without meaningful human
intervention.
3.6 Dispute, Adjustment Resolution, and Investigative Audits
We utilize stored communication logs, transaction history, and shipment metadata to:
Financial Adjudication: Resolve disputes relating to Administrative Fees (including $15.00
Weight Adjustments), $3.00 Label Void Fees, Carrier Adjustments, and other service charges.
Internal Investigations: Investigate suspected systematic under-declaration, repeated
adjustment disputes, promotional abuse, or account-level misconduct.
Evidentiary Documentation: Maintain a timestamped record of truth for use in credit card
chargebacks, arbitration, regulatory inquiries, or court proceedings.
Carrier Accountability: Cross-reference Carrier or upstream partner audit data against User-
declared metrics to verify billing accuracy and, where appropriate, contest erroneous
surcharges.
SECTION 4: DATA RETENTION, SECURITY, CONSENT, AND INCIDENT
RESPONSE
4.1 Retention Period
Data Retention & Minimization: In alignment with Canadian and U.S. tax and audit
obligations, ShipVia Couriers retains primary transactional records, billing logs, and platform
metadata for a minimum of seven (7) years. To maintain system efficiency and uphold our
commitment to privacy, we systematically purge non-essential shipment data, claims data,
platform interaction trails, support chat or ticket logs and transcripts, and user-uploaded files
once they are no longer required for operational or legal purposes. We strive to retain only the
minimum data necessary, proactively excluding unnecessary files or redundant metadata to
reduce our data footprint.
Extended Retention: Where required by legal hold, litigation, regulatory investigation, fraud
review, or ongoing dispute, relevant data may be retained beyond seven years until final
resolution.
Archived records are subject to restricted access controls.
Operational Data Minimization: ShipVia Couriers retains only the minimum categories of data
necessary to comply with operational, financial, tax, regulatory, and dispute-resolution
obligations. Certain categories of secondary operational data, support materials, user-uploaded
files, or historical metadata may be periodically purged or anonymized once their operational
purpose has been fulfilled. As a result, not all historical operational records may remain
available indefinitely.
4.2 Technical Security Standards
Encryption Protocols: All personal information is encrypted in transit and at rest using industry-
standard encryption methodologies.
Secure Cloud Infrastructure: ShipVia Couriers utilizes enterprise-grade cloud environments,
including secure Wix infrastructure and similar service providers with activity logging, and
controlled access segmentation.
Payment Security: All payment processing occurs through PCI-compliant payment processors
utilizing tokenization technology. ShipVia Couriers does not store raw credit card numbers or
CVV data. In the event of accidental or operational collection, storage and retention is noticed,
we immediately remove the information from our sites and servers. We never intentionally
store the payment information.
Access Controls: Internal access to sensitive systems is governed by role-based permissions,
least-privilege principles, multi-factor authentication (where possible), and periodic access
audits.
Physical Record Safeguards: Any physical documents containing personal information are
stored securely and destroyed via controlled shredding procedures once operational necessity
concludes.
4.3 Security Incidents and Breach Notification
ShipVia Couriers maintains internal incident response protocols designed to detect, contain,
investigate, and remediate unauthorized access, data breaches, or cybersecurity incidents.
Incident Assessment: In the event of a suspected or confirmed security incident involving
personal information, the Company will assess:
• The nature and scope of the incident;
• The sensitivity of affected information;
• The likelihood of misuse;
• The risk of significant harm to affected individuals.
Regulatory Notification: Where required under applicable law, including PIPEDA or relevant
U.S. state breach notification statutes, ShipVia Couriers will notify affected individuals and
applicable regulatory authorities within legally mandated timeframes.
Containment and Remediation: Reasonable steps will be taken to contain the incident, mitigate
potential harm, and prevent recurrence.
No Guarantee of Absolute Security: While ShipVia Couriers implements commercially
reasonable safeguards, no electronic transmission or storage system can be guaranteed to be
completely secure.
4.4 Binding Consent at Checkout
ShipVia Couriers requires explicit, affirmative acknowledgment of both this Privacy Policy
and the Master Terms and Conditions at checkout.
Record of Consent: Timestamped and IP-logged confirmation of acknowledgment is stored
within our metadata repository and may be retained pursuant to the 7-Year Rule.
Version Control: The specific version of this Privacy Policy accepted by the User is recorded
to ensure traceability and legal clarity in dispute resolution or regulatory review.
SECTION 5: YOUR RIGHTS AND COOKIE POLICY
5.1 Your Privacy Rights
Regardless of geographic location, ShipVia Couriers provides a high standard of transparency
and control.
You have the right to: Access & Portability: Request a structured digital copy of personal
information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Withdrawal of Consent: Withdraw consent for future processing, recognizing that withdrawal
may result in account suspension or termination of services.
Inquiry & Redress: Contact our Privacy Officer at privacy@shipviacouriers.ca regarding
questions, complaints, or concerns.
5.2 Data Deletion Requests & Limitations
While we respect the principle commonly referred to as the “Right to be Forgotten,” deletion
requests are subject to mandatory retention obligations under tax, audit, fraud-prevention, and
dispute-defense requirements.
ShipVia Couriers retains only those categories of data required for operational and statutory
obligations. Certain categories of platform interaction data, shipment metadata, or support
documentation may already have been minimized, anonymized, or permanently deleted in
accordance with the Company’s operational data minimization practices. Consequently,
responses to access, correction, or deletion requests are limited to the categories of information
that remain available within the Company’s retained records at the time the request is
processed.
5.3 Cookie & Tracking Technology
ShipVia Couriers uses cookies and similar technologies to enhance performance, security, and
analytics. Users may manage cookie preferences through browser settings. However, disabling
essential or security cookies may impair the ability to complete Shipments, access secure areas,
or verify account identity.
SECTION 6: ADDITIONAL OPERATIONAL DISCLOSURES
6.1 Accuracy of User-Provided Data
ShipVia Couriers relies entirely upon the accuracy and lawfulness of the data provided by the
User when generating Shipments.
User Responsibility as Data Provider: You are solely responsible for ensuring that all sender
and recipient information entered into the Platform is accurate, lawfully obtained, and
authorized for disclosure.
Data Controller Status for Recipient Information: For recipient information that you input
(including names, addresses, phone numbers, and customs details), you act as the data
controller responsible for the lawful collection and disclosure of that information to ShipVia
Couriers and its authorized service partners, carriers and upstream partners.
Limitation of Liability: ShipVia Couriers shall not be responsible for privacy breaches, delivery
failures, regulatory penalties, customs seizures, or legal claims arising from:
• Inaccurate address entry;
• Unauthorized disclosure of recipient information;
• Misdeclared contents or values;
• Entry of personal information without lawful authority.
Indemnity Alignment: To the extent permitted by applicable law, you agree that any privacy
complaint or regulatory action arising from inaccurate or unauthorized data entry shall arise
from the User’s data submission and not from the Company’s independent processing
practices.
6.2 Children’s Privacy
ShipVia Couriers services are intended exclusively for individuals who have reached the age
of majority in their applicable jurisdiction.
No Knowing Collection: We do not knowingly collect, solicit, or process personal information
from individuals under the age of 18 (or the applicable age of majority).
Remedial Action: If we become aware that personal information has been collected from a
minor without lawful consent, such data will be deleted promptly upon verification.
6.3 Updates to this Policy
Notice of Material Changes: Material changes will be communicated by updating the “Last
Updated” date and posting the revised Policy on our Platform.
Continued Use as Acceptance: Continued use of the Platform after publication of changes
constitutes acceptance of the updated Policy.
Version Logging: The specific version of this Policy accepted at checkout is recorded in our
metadata repository to preserve contractual clarity.
SECTION 7: INTERNAL ACCESS, GLOBAL GOVERNANCE, AND
INTERNATIONAL TRANSFERS
7.1 Controlled Access (Need-to-Know Basis)
ShipVia Couriers maintains strict internal governance standards regarding access to personal
information.
Role-Based Access: Access to User data is granted only to authorized employees, interns,
independent contractors, technical developers, support personnel, and logistics staff on a
strictly limited “need-to-know” basis.
Authorized Operational Purposes Include:
• Resolving customer support tickets or chat inquiries, shipment inquiries, and operational
disputes;
• Assisting with ShipVia Package Protection claims administration and documentation review;
• Supporting customer communications and partner relationship management;
• Facilitating parcel routing support, Coordinating ShipVia Pick up or drop off hub services or
support, operational troubleshooting, or logistics coordination where applicable;
• Performing essential platform maintenance, security audits, and fraud detection activities;
• Conducting internal investigations relating to account misuse, billing discrepancies, or
operational compliance.
These functions may be performed by authorized employees or independent support
contractors operating under confidentiality obligations and secure system access controls.
Access Logging: Administrative access to sensitive systems is logged and monitored to ensure
accountability.
7.2 Data Storage Location and Limited Cross-Border Transfers
Primary Storage: ShipVia Couriers stores primary platform data, metadata repositories, and
user account information within secure cloud infrastructure environments managed from
Canada.
Controlled International Access: While ShipVia Couriers maintains its primary operational
governance from Canada, authorized personnel, business development team and independent
support contractors or employees located outside Canada may access certain customer data
through secure administrative systems for the limited purposes of customer support, claims
administration, operational troubleshooting, business outreach and partner communications.
Such personnel operate under confidentiality obligations, contractual data protection
requirements, and role-based system access controls. These individuals are not separate
establishments of ShipVia Couriers but operate as authorized service providers supporting the
Platform’s administrative operations.
Foreign Legal Access Notice: Where personal information is accessed or processed outside
Canada by authorized service providers, such information may be subject to the lawful access
requirements of the jurisdiction in which the service provider operates.
Limited Cross-Border Data Transfers to Independent Partners: Where operationally necessary,
shipment-related or claim-related data may be shared with independent third-party service
providers, logistics technology partners, protection underwriting partners, or customs
intermediaries located outside Canada for the limited purpose of fulfilling shipments,
adjudicating claims, or complying with regulatory requirements.
Such third parties are independent entities and are not employees, agents, or establishments of
ShipVia Couriers.
Contractual Safeguards: ShipVia Couriers implements contractual controls requiring such
partners to use personal information solely for authorized operational purposes and to maintain
appropriate confidentiality and security measures.
7.3 Personnel Compliance & Accountability
Contractual Safeguards: Employees and contractors are bound by confidentiality agreements
and data protection obligations.
Usage Restriction: Authorized personnel may access personal information solely for the
administrative, investigative, technical, or logistics purpose for which access is granted.
Prohibition of Unauthorized Use: Any unauthorized access, misuse, or disclosure of personal
information by personnel that occurs outside the scope of their authorized duties and in
violation of Company policies constitutes a breach of internal governance standards. ShipVia
Couriers does not authorize such conduct and will take appropriate remedial action. Nothing
in this clause limits the Company’s statutory obligations under applicable privacy laws.
Secure Channels: All internal access to sensitive data repositories, including Wix Collections
and related systems, is conducted through secure and encrypted channels.
SECTION 8: GOVERNING LAW, SEVERABILITY, AND ENTIRE AGREEMENT
8.1 Governing Law and Jurisdiction
This Privacy Policy and all matters relating to the collection, use, processing, or disclosure of
personal information are governed by and construed in accordance with the laws of the
Province of Ontario and the federal laws of Canada applicable therein.
Exclusive Jurisdiction: Any legal action or proceeding arising specifically out of this Policy
shall be brought exclusively before the courts located in Toronto, Ontario, Canada.
You irrevocably submit to the jurisdiction of such courts and waive any objection based on
forum non conveniens or similar doctrines.
8.2 Severability
If any provision of this Policy is found to be invalid, illegal, or unenforceable by a court of
competent jurisdiction, such provision shall be severed to the minimum extent necessary.
The remaining provisions shall continue in full force and effect as though the invalid portion
had never been included.
8.3 Entire Agreement
This Privacy Policy, together with the Master Terms and Conditions, constitutes the entire
agreement between you and ShipVia Couriers regarding privacy governance and data handling
practices.
This Policy supersedes all prior informal representations, support communications, marketing
materials, or unofficial explanations regarding privacy practices.
8.4 Changes and Updates
ShipVia Couriers reserves the right to modify this Policy at any time.
Material updates will be reflected by updating the “Last Updated” date and publishing the
revised version on the Platform.
Continued use of the Platform following such updates constitutes acceptance of the revised
Policy.
SECTION 9: MISCELLANEOUS PROVISIONS
9.1 Business Transfers and Successors
ShipVia Couriers reserves the right to modify this Policy at any time.
Material updates will be reflected by updating the “Last Updated” date and publishing the
revised version on the Platform.
Continued use of the Platform following such updates constitutes acceptance of the revised
Policy.
9.2 Third-Party Links and API Integrations
The Platform may contain links to, or technical integrations with, third-party platforms,
including upstream aggregators, carriers, rate and logistics technology partners, payment
processors, protection underwriting partners, and Partner Club portals.
This Privacy Policy does not apply to external third-party platforms. We encourage Users to
review the privacy policies of such third parties independently.
9.3 Non-Waiver
Failure by ShipVia Couriers to enforce any provision of this Policy shall not constitute a waiver
of such provision or any other right.
No waiver shall be deemed continuing unless expressly confirmed in writing by the Company.
9.4 Language, Interpretation, and Precedence
Definitive Version: The English language version of this Policy is the authoritative and legally
binding version. Any translations are provided for convenience only.
Headings: Section titles and headings are included for convenience and do not affect
interpretation.
Incorporation & Precedence: This Privacy Policy is incorporated by reference into the Master
Terms and Conditions. Together, both documents govern your use of the Platform.
In the event of an irreconcilable conflict, the Master Terms and Conditions shall prevail
specifically with respect to fee adjudication, service adjustments, and commercial liabilities,
while this Privacy Policy governs data handling practices.
