Privacy Policy

1. Information We Collect
When you create an account, we collect your email address and a hashed version of your password. When you create a shipping label, we collect the sender and recipient names, phone numbers, and addresses you provide, as well as package dimensions and weight. We also store order history, wallet transaction records, and payment reference IDs for service operation and dispute resolution.

2. Information We Do Not Collect
We do not collect government-issued identification, bank account details, credit card numbers, or cryptocurrency wallet private keys. We do not require identity verification (KYC) to use our service. Crypto payments are processed entirely by NOWPayments — we receive only a payment reference ID and confirmation status, never your blockchain credentials.

3. How We Use Your Information
Your email is used for account authentication, password resets, and service-related notifications. Shipping details are used solely to generate your labels and are passed to the relevant carrier (USPS, UPS, or FedEx) for fulfillment. Order and wallet history is retained for your account records, fraud prevention, and customer support inquiries.

4. Data Sharing
We do not sell, rent, or trade your personal information to third parties. Shipping data is shared only with the carrier fulfilling your label. Payment processing data is handled by NOWPayments under their own privacy policy. We may disclose information if required by law or to protect the rights and safety of our users and service.

5. Security
Passwords are hashed with bcrypt and never stored in plain text. All sessions are encrypted and protected with CSRF tokens, strict rate limiting, and security headers including HSTS. We enforce session timeouts and secure cookie policies. While no system is perfectly secure, we take reasonable and industry-standard measures to protect your data.

6. Data Retention & Deletion
Your account data and order history are retained as long as your account is active. You can delete your account at any time from the Settings page, which will permanently remove your login credentials and associated data. Some transaction records may be retained for a limited period for legal compliance and fraud prevention purposes.

7. Cookies & Sessions
We use server-side sessions to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics. Session cookies are marked HttpOnly and Secure, and are set to expire after one hour of inactivity.

This is a simplified privacy policy. You should consult a qualified privacy professional or attorney to draft a complete, legally compliant version before launching in production.