Security

Last updated: July 13, 2026

Connecting ShipExtension means handing us API access to your ShipStation account. That's a real decision, so this page explains exactly what we can touch, what we store, and how we protect it — in plain language. We take data retention and the handling of personal information seriously: we store only what your automations need, and delete it on the schedules listed below.

What we do with your ShipStation access

ShipStation API keys are account-wide — ShipStation doesn't offer read-only or scoped keys. So here is exactly how we use yours:

  • We read your orders, products, stores, tags, carriers, and warehouses — the inputs your automation rules need.
  • We write only order-level fields your rules are configured to change: weight, dimensions, package, carrier and service, tags, notes, and custom fields.
  • We purchase labels only if you enable auto-purchase. It's off unless you turn it on.

We never touch your ShipStation account settings, store or marketplace connections, user accounts, or billing details — our integration has no code paths to those endpoints. We never delete orders. And you can revoke our access instantly at any time by regenerating your API key inside ShipStation.

How your credentials are stored

  • ShipStation API keys are encrypted at rest with AES-256-GCM (Rails Active Record Encryption). The encryption key lives outside the database, so a copy of the database alone can't expose your credentials.
  • Passwords are hashed with BCrypt — we can't read them, and neither can anyone else.
  • If you sign in with Google, we never see or store a password at all.

What order data we store, and for how long

  • Order details — order number, status, items, weights, tags, and recipient name and destination, synced so your rules can run and you can review what changed. Kept while your account is active.
  • Product dimensions and packaging data — used for box selection. Kept while your account is active.
  • Activity and automation logs — deleted automatically after 30 days.
  • Rule debugging traces — deleted automatically after 14 days.

We never store your customers' payment details — ShipStation doesn't expose them to us, and your own card details are handled entirely by Stripe.

Deleting your data

When you cancel, email [email protected] and we delete your account data, including your encrypted ShipStation credentials, except where we're required to keep records for legal or accounting reasons. Nothing about your orders stays behind for reuse — the data exists only to run your automations.

We never sell or share your data

Your order data is shared only with the providers required to run the service — Stripe for payments, Postmark for transactional email, and our hosting infrastructure. No data brokers, no advertisers, no exceptions. Details are in our privacy policy.

Infrastructure

  • Hosted on Hetzner Cloud, fronted by Cloudflare for TLS and DDoS protection.
  • HTTPS is enforced everywhere — the app refuses plain-HTTP connections, and traffic between Cloudflare and our servers is also encrypted.
  • Production access is limited to the founder. No offshore contractors, no shared logins.

Reporting a security issue

Found a vulnerability? Email [email protected] — reports go straight to the founder, and we'll respond quickly. Please give us a reasonable chance to fix the issue before disclosing it publicly — we're grateful for responsible reports.