Last updated: July 13, 2026
Connecting ShipExtension means handing us API access to your ShipStation account. That's a real decision, so this page explains exactly what we can touch, what we store, and how we protect it — in plain language. We take data retention and the handling of personal information seriously: we store only what your automations need, and delete it on the schedules listed below.
ShipStation API keys are account-wide — ShipStation doesn't offer read-only or scoped keys. So here is exactly how we use yours:
We never touch your ShipStation account settings, store or marketplace connections, user accounts, or billing details — our integration has no code paths to those endpoints. We never delete orders. And you can revoke our access instantly at any time by regenerating your API key inside ShipStation.
We never store your customers' payment details — ShipStation doesn't expose them to us, and your own card details are handled entirely by Stripe.
When you cancel, email [email protected] and we delete your account data, including your encrypted ShipStation credentials, except where we're required to keep records for legal or accounting reasons. Nothing about your orders stays behind for reuse — the data exists only to run your automations.
Your order data is shared only with the providers required to run the service — Stripe for payments, Postmark for transactional email, and our hosting infrastructure. No data brokers, no advertisers, no exceptions. Details are in our privacy policy.
Found a vulnerability? Email [email protected] — reports go straight to the founder, and we'll respond quickly. Please give us a reasonable chance to fix the issue before disclosing it publicly — we're grateful for responsible reports.