Privacy Policy

Welcome to BorderFlow!

BorderFlow, LLC ("BorderFlow," "we," "us," and "our") takes the privacy of our users ("User," "you") very seriously. This Privacy Policy is designed to provide you with a clear understanding of how information is collected, stored, and used by BorderFlow ("Policy"). This Privacy Policy is legally binding between you (and your client, employer, or another entity if you are acting on their behalf) as the user of BorderFlow's services and BorderFlow and/or its affiliates.

By signing up for any of the services or products offered by BorderFlow (collectively, the "Services"), accessing our website at borderflow.io ("Website"), creating and managing shipments through BorderFlow ("Shipment"), or receiving a Shipment, you acknowledge that you have read and understood this Policy and the information collection and handling practices outlined in it.

If you do not agree to the terms of this Policy, you must immediately cease using the Website or our Services. We reserve the right to occasionally update, revise, modify or amend this Policy. We encourage you to check back at this page regularly for any changes to our policy.

2.1 Personal Information You Provide

We collect information you directly provide to us, including:

• Account Information: Name, email address, phone number, company name, and billing address
• Shipping Information: Sender and recipient details including names, addresses, phone numbers, and email addresses
• Payment Information: Credit card details, PayPal information, or other payment method details
• Communication Data: Information you provide when contacting us for support, feedback, or inquiries
• Profile Information: Preferences, settings, and other account customizations

2.2 Information We Collect Automatically

When you use our Services, we automatically collect certain information, including:

• Device Information: IP address, browser type, device type, operating system
• Usage Data: Pages visited, time spent on our Website, clickstream data
• Location Information: General geographic location based on IP address
• Cookies and Tracking Technologies: Data collected through cookies, web beacons, and similar technologies

2.3 Information from Third Parties

We may receive information from:

• Shipping carriers and logistics partners
• Payment processors and financial institutions
• Address verification services
• Business partners and integrated platforms

We use your information for the following purposes:

• Service Provision: To provide, maintain, and improve our shipping and logistics services
• Account Management: To create and manage your account, process payments, and handle customer support
• Communication: To send service notices, updates, and respond to your inquiries
• Compliance: To comply with legal obligations and industry regulations
• Security: To protect against fraud, unauthorized access, and other security threats
• Analytics: To analyze usage patterns and improve our services
• Marketing: To send promotional materials and offers (with your consent)

We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who help us deliver our services, including:

• Shipping carriers (FedEx, UPS, DHL, USPS, and others)
• Payment processors
• Cloud storage and hosting providers
• Customer support platforms
• Analytics and marketing service providers

4.2 Third-Party Payment Processing

Stripe Payment Processing: We use Stripe, Inc. as our primary payment processor to handle credit card transactions and other payment methods. When you make a payment through our Services:

• Your payment information (including credit card details, billing address, and transaction data) is shared directly with Stripe
• This sharing is necessary to process your transactions securely
• Stripe maintains its own privacy practices and data protection standards
• For detailed information about how Stripe handles your data, please review their privacy policy at https://stripe.com/privacy

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Investigate potential violations of our terms of service
• Prevent fraud or other illegal activities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Secure hosting and infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

We use cookies and similar tracking technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Provide personalized content and recommendations
• Improve our services and user experience

You can control cookie settings through your browser preferences. However, disabling cookies may limit some functionality of our services.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data in a portable format
• Restriction: Request restriction of processing activities
• Objection: Object to certain processing activities
• Withdrawal of Consent: Withdraw consent for marketing communications

To exercise these rights, please contact us using the information provided below.

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Maintain records for business and audit purposes

When we no longer need your information, we will securely delete or anonymize it.

As BorderFlow provides services globally, your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification
• Displaying a prominent notice on our services

Your continued use of our services after such modifications constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiries as promptly as possible, typically within 30 days of receipt.

13.1 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information we collect, use, disclose, and sell
• Right to delete personal information we have collected
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising these rights

13.2 European Union Residents

If you are located in the European Union, you have rights under the General Data Protection Regulation (GDPR), including the rights listed in Section 7 above. You also have the right to lodge a complaint with your local data protection authority.

BorderFlow integrates with Amazon Services APIs to provide shipping and fulfillment services to Amazon sellers. This section describes how we handle Amazon-related data in compliance with Amazon's Data Protection Policy and Acceptable Use Policy.

14.1 Amazon Data We Process

When you authorize BorderFlow to access your Amazon seller account, we may process:

• Order Information: Order details, shipping addresses, and delivery preferences
• Product Data: Inventory levels, product catalogs, and fulfillment information
• Customer Information: Names, addresses, and contact details (for shipping purposes only)
• Transaction Data: Payment information necessary for tax calculations and regulatory compliance
• Performance Metrics: Shipping performance and delivery analytics

14.2 Purpose and Legal Basis

We process Amazon data solely for:

• Merchant fulfilled shipping services
• Tax calculation and compliance
• Regulatory reporting requirements
• Order fulfillment and delivery management

We act as a data processor on behalf of Amazon sellers (data controllers) and process Amazon customer personal data only on express written instructions from authorized sellers.

14.3 Amazon Data Security

We implement enhanced security measures for Amazon data, including:

• Encryption: AES-256 encryption at rest and TLS 1.2+ in transit
• Access Controls: Multi-factor authentication and role-based access
• Network Security: Firewalls, intrusion detection, and network segmentation
• Monitoring: Real-time security monitoring and incident response
• Personnel Security: Background checks and confidentiality agreements

14.4 Amazon Data Retention

We retain Amazon customer personal information for a maximum of 30 days after order delivery, except when:

• Extended retention is required by law (tax or regulatory requirements)
• Data is necessary for ongoing dispute resolution
• You specifically request extended retention for legitimate business purposes

Business data may be retained longer as necessary for service provision but is subject to regular review and purging.

14.5 Amazon Data Sharing

Amazon data may be shared only with:

• Shipping Carriers: For delivery and fulfillment purposes
• Payment Processors: For transaction completion and tax compliance
• Tax Authorities: As required by applicable law
• Legal Authorities: When required by valid legal process

We do not sell, rent, or otherwise commercialize Amazon data for marketing or advertising purposes.

14.6 Amazon Customer Rights

Amazon customers have rights regarding their personal data processed through our services. We assist authorized sellers in responding to customer requests for:

• Access to their personal information
• Correction of inaccurate data
• Deletion of personal information
• Restriction of processing activities
• Data portability

14.7 Compliance and Auditing

We maintain compliance with Amazon's policies through:

• Regular security assessments and audits
• Annual third-party security certifications
• Continuous monitoring and incident response
• Staff training on Amazon data protection requirements
• Documentation of all data processing activities

We cooperate fully with Amazon audits and provide compliance certifications upon request.

14.8 Data Disposal and Destruction

Amazon data is securely disposed of according to the following procedures:

• Automatic Deletion: Personal information is automatically deleted after the retention period
• Secure Sanitization: Data destruction follows NIST 800-88 guidelines
• Verification: Deletion processes are logged and verified
• Certificate of Destruction: Available upon Amazon's request
• Multi-location Cleanup: All copies across systems and backups are destroyed

14.9 Incident Response for Amazon Data

In the event of a security incident involving Amazon data, we implement comprehensive response procedures tailored to the type of incident:

Standard incident response procedures include:

• Notify Amazon within 24 hours via security@amazon.com
• Conduct immediate investigation and containment
• Document all incident details and remediation actions
• Implement corrective measures to prevent recurrence
• Maintain chain of custody for all evidence
• Coordinate with Amazon on customer and regulatory notifications

14.10 Amazon Data Processing Limitations

We commit to the following limitations on Amazon data processing:

• No use of Amazon customer data for marketing or advertising purposes
• No aggregation of data across different Amazon sellers
• No sharing of insights about Amazon's business operations
• No circumvention of Amazon's rate limits or access controls
• No storage of data in unauthorized locations or unsecured systems
• No processing beyond the scope authorized by the seller