Privacy Policy

Effective: March 6, 2026

This Privacy Policy (“Policy”) describes privacy practices of Auctane, Inc. a Delaware corporation, and its corporate affiliates, meaning companies related by common ownership or control and its brands, including but not limited to Endicia, GlobalPost, ShippingEasy, ShipEngine, ShipStation, ShipWorks, and Stamps.com (collectively referenced as “Auctane” “us,” “we,” and “our.”). This Policy describes how we collect and maintain certain information collected about you, through our websites, in our apps, and in our offices. Further country-specific or state-specific provisions may apply in addition to the terms of this Policy. These are set out in the Addenda at the end of this Policy.

We take the privacy of our customers and their downstream customers very seriously. We require our customers, where applicable, to undertake to respect all relevant data protection laws, including the European Union General Data Protection Regulation (“GDPR”), the General Data Protection Regulation as implemented or adopted under the laws of the United Kingdom (“UK GDPR”), the California Consumer Privacy Rights Act of 2018, as amended (“CCPA”) and other state and federal laws of the United States.

This Policy applies to all Personal Information (as defined below) we collect, process and store in relation to representatives or our customers, suppliers and service recipients and website visitors in the course of our activities, as defined in GDPR and CCPA, and other relevant laws.

When This Policy Applies

This Policy applies to our sites, products, and services (collectively, “Services“) that link to this Policy where we act as the controller. We are the controller of all Personal Information subject to this Policy for both our direct-to-consumer Services and in respect to certain activities in our business-to-business services. If a Service you use links to this Policy, this Policy applies to you. This Policy applies in conjunction with the terms of service or other agreement between you and us for the Services you use.

Please note that that this Policy does not cover the processing of Personal Information for which we are a processor. Our handling of Personal Information as a processor is instead governed by the applicable terms of service or other agreement between you and us for the Services you use and/or the applicable Data Processing Agreement entered into between you and us.

What We Do With Your Information

We want to be clear about what information we collect and how we use it to deliver our Services to you, operate our business, and make our Services work better for you. This Policy describes how we collect, use, share and secure the information that you provide which can be used directly or indirectly to identify you or your household and that is shared with us (“Personal Information”). It also describes your choices regarding use, access and correction of your Personal Information. You may opt out of the sharing of your Personal Information as follows, depending on the applicable brand:

Types of Information We Collect.

In connection with access to our Services, we may collect Personal Information, such as identifiers, internet or similar network activity, and geolocation information, where applicable, we have described this in more detail in the relevant Privacy Policy Addendum, which can be found below:

Privacy Policy Addendum for California Residents, which is available here;
Privacy Policy Addendum for Nevada Residents, which is available here;
Privacy Policy Addendum for Residents of other U.S. States (Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah and Virginia) which is available here,
Privacy Policy Addendum for UK and EEA Residents, which is available here;
Privacy Policy Addendum for Canadian Residents, which is available here;
Privacy Policy Addendum for Australia, which is available here; and
Privacy Policy Addendum for New Zealand, which is available here.

We collect or otherwise receive information when you register or open an account, sign in, pay fees, purchase or otherwise use a Service, call us for support, or give us feedback. We may also receive your Personal Information from vendors that have provided us with information to send you goods, products, services or information offered by the vendor, during which we act as a Service Provider to the vendor.

We may also obtain information from other companies or third parties, such as when you synchronize a third-party account or service with your account with us, or when we may use service providers to supplement the Personal Information you give us (e.g., validate your mailing address) to help us maintain the accuracy of your information and provide you with better service. We may collect content or other information that you may provide or create when you interact with our Services.

We may automatically collect certain usage information when you access our Services (“Usage Information“), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies. For example, we may collect IP addresses to track and aggregate, retained in pseudonym form (replacing any directly identifying characteristics of Personal Information), to monitor the locations from which users navigate to our Services. We may also collect IP addresses from users when they log into the Services as part of our log-in and security features. We may also, when you enable location-based Services, collect Global Positioning System (GPS) location information and/or motion information.

By providing us with your telephone number when you register or open an account, or fill out a webform, you are consenting to be contacted by SMS text message. Message and data rates may apply. You can reply “STOP” to opt-out of further messaging. No mobile information will be shared with third parties/affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Our Services may change over time and we may introduce new features that may collect new or different types of information.

Information You Provide About Third Parties

The Services may permit you to provide personal information about third parties (“Recipient Data”), like name, mailing address, email addresses, phone numbers, photos and other contact information.

If you use the Services to calculate postage, create mailing labels or other postal forms, notify recipients of mail or shipments that you have sent to them facilitated by the Services, we collect certain Recipient Data (for example, name, mailing address, and email address, as applicable). We may disclose the Recipient Data regarding your transactions with third parties as necessary to process your transaction (e.g., to calculate postage, create mailing labels or other postal forms, notify your recipients). If you choose to provide Recipient Data we will store that information only in connection with your relationship with us (e.g., calculating postage, creating mailing labels or other postal forms, notifying your recipients).

The Services may permit you to select contacts on your mobile device (your “Device”) and import them (“Device Contacts”) into our mobile application (“the App”). We access your Device Contacts only when you choose to import them. Device Contacts may be stored with your account to enable synchronization between the relevant mobile application and our website.

The Services may permit you to create individual contacts through the App (“Manual Contacts”). Device Contacts and Manual Contacts (together, “Contacts”) are used solely to provide address-book management, calculate and generate postage, and create and print mailing labels. We use Contacts for advertising, marketing, or unrelated analytics. You may revoke consent to access your Device Contacts or delete Contacts at any time. Please refer to “Managing Contacts” below.

How We Use Your Information.

We may use your information, including your Personal Information, for the following purposes:

Account Registration. We may use your name, address, phone number, billing information, and email address to register your account for certain Services we provide and to communicate important information to you. We may obtain additional Personal Information about you, such as address change information, from commercially available sources, to keep our records current. If you establish an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your Personal Information. Please be careful to whom you grant administrator access, as you are responsible for their actions.

To Provide Our Services and Operate Our Business. We may use your information to operate our business, including providing Services you requested, provide you with support related to our Services (such as customer service or fulfillment), and to help us protect our Services, including to combat fraud and protect your information.

Customer Service and Technical Support. We may use your name, address, phone number, email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience. We also offer various Internet chat services, for example, to speak with our customer support representative. Internet Chat transmissions are encrypted, but you should not supply more Personal Information than is required to address your specific issue. A transcript of the session may be retained to resolve questions or issues related to our Services.

Communicate with You and Tell You About Other Services. We may use your information to communicate with you about our Services and to give you offers for third party products and services that we think may be of use to you. Please see below under “What You Can Do to Manage Your Privacy” for the choices you have regarding these communications.

To Improve Services and Develop New Services. We will use your information to personalize or customize your experience and the Service, develop new features or services, and to improve the overall quality of our Services. This includes training, testing and the use of AI (see section 2(e) (“Use of ADMT and AI”) below).

For Profiling. We use Personal Information to create profiles that allow us to send communications and/or advertisements that may be more appropriate for or interesting to you.

Feedback. We may use any information you volunteer in surveys you answer for us and combine them with answers from other customers in order to better understand our Services and how we may improve them. Answering any survey is optional.

Claims and Litigation. We may also use any of your Personal Information for the purpose of managing claims or litigation related to you.

To comply with our legal and regulatory obligations. We may use any of your Personal Information where necessary to comply with our legal and regulatory obligations.

With Your Consent. We process certain Personal Information to fulfill any other business or commercial purposes at your direction or with your consent.

How We Share Your Personal Information.

We only share Personal Information in ways that we tell you about, including for the purposes set out above.

Third Party Service Providers. We may share your information, including Personal Information and Usage Information, with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, including, but not limited to, postal and delivery carriers, as well as platforms and software that provide the following: shopping and payment processing; website design; email, telephone and SMS (text messaging) communications, advertising, fraud detection and prevention, customer care, third party surveys; or analytics.

United States Postal Service (USPS) and Other Carriers. We are regulated by the USPS. As part of the regulatory relationship, we collect certain information about you on behalf of the USPS. The USPS also may send us tracking information from their scans of your mail and packages in the mailstream. Our uses for the information include informing you about the status of your mail and packages through options like USPS Tracking, fraud detection and aggregating the information to help the USPS and us provide you better service. We may also share your Personal Information with the USPS for them to contact you about products and services that may be of interest to you. To learn more about USPS postage technology and our relationship with the USPS, please visit the USPS Postage Solutions page. Information collected on behalf of USPS is used for the regulatory oversight function of USPS.

As part of our providing services of the USPS, the USPS requires that you agree to the USPS Privacy Act Statement and to provide information about yourself that will be maintained in a Privacy Act System of Records by the Postal Service.

Privacy Act Statement: Your information will be used to facilitate the purchase of USPS postage and fulfill transactional reporting requirements for USPS postage systems. Collection is authorized by 39 U.S.C. 401, 403, and 404. Providing the information is voluntary, but if not provided, your transaction may not be processed. The USPS does not disclose your information to third parties without your consent, except to facilitate the transaction, to act on your behalf or request, or as legally required. This includes the following limited circumstances: to a congressional office on your behalf; to financial entities regarding financial transaction issues; to a USPS auditor; to entities, including law enforcement, as required by law or in legal proceedings; and to contractors and other entities aiding us to fulfill the Services (service providers). For more information regarding the USPS privacy policies, visit www.usps.com/privacypolicy.

For more information regarding other specific carriers you may use via our Services, please see the privacy policies provided by each specific carrier you select.

Use of carrier services via our platform is at your own risk. We are not responsible for your use of carrier services. Your use of carrier services is as a direct customer of the specific carrier of your choosing and you agree to be bound by the terms and conditions of that carrier for use of services. By providing information to certain carrier services, you understand and consent to the collection, use, processing disclosure and transfer of such information and they may have different data protection practices. Your interactions with these service carriers are governed by each carrier’s privacy policy.

Response to Subpoenas and Other Legal Requests. We may share your information with courts, law enforcement agencies, or other government bodies when we have a good faith belief that we are required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.

Protection of Auctane and Others. We may share account information, Personal Information and Usage Information when we believe it is appropriate to enforce or apply our products’ Terms of Service and other agreements; or protect the rights, property, or safety of us, our Services, our users, or others. For example, this includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing Personal Information of our customers for commercial purposes outside of the practices set forth in this Policy.

Information Sharing Between Our Entities. We share your information, including your Personal Information, with and among our subsidiaries, except where prohibited by law. Subsidiaries means companies related by common ownership or control. The reasons why we share your information include for our everyday business purposes, such as to process your transactions, maintain your accounts, operate our business etc. We may also share information about your transactions and experience so that we can operate our business effectively, detect and prevent fraud, and improve our Services.

Sharing with Third Parties Generally. We may share certain personal information with carefully selected third parties, including postal and delivery carriers and other business partners. We may also share your information with marketing cooperatives, which will allow them to share your information with other cooperative members to allow those members to advertise their own products to you or send you promotional materials about quality goods and services (including special offers and promotions) that may be of interest to you. The information shared with these carriers, business partners, mailing entities and cooperatives may include information related to your postage, mailing activity or postage meter license and Personal Information such as your name, email address, mailing address, phone number, and account information with Auctane (such as subscriptions fees and consumer profile), but will not include any Personal Information of your customers or address lists. We may also share certain information regarding our existing customers with third parties to exclude them from future marketing or advertising campaigns.

You may contact Auctane at any time to request that your information not be shared with such third parties. Information about European Economic Area (“EEA”) and United Kingdom (“UK”) data subjects will not be shared unless they have opted-in to such sharing. Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, as well as Canadian residents and individuals located in Australia or New Zealand may have certain additional rights. Please see the applicable Privacy Policy Addendum below.

We may contract with third parties, such as Facebook, to provide us with anonymized information enabling us to show ads to you based on Personal Information that we have obtained (or inferred) about you based on your actions on third party (non-affiliated) websites or apps. We also share hashed information with third party advertising platforms.

Finally, we may aggregate and anonymize any information, including Personal Information, collected through the Services such that this information is no longer linked to your personally identifiable information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our entities and third parties, including carriers, advertisers, promotional partners and others.

Sale of Our Business. If we sell, merge, or transfer any part of our business, we may be required to share your information. If so, you will be asked if you’d like to stop receiving promotional information following any change of control.

With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your Personal Information may be shared with other third parties where required by law.

Syncing, Linking, Connecting Other Third Party Services

We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third party services with the Services. Sometimes we may let you know about the service or product, or another company may let you know about one of our services or products. If you choose to accept these services, providing your consent to either the third party or to us, we may exchange your information, including your Personal Information, as well as information about how you interact with each provider’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service that you have requested.

By requesting or accepting these products or services, you are permitting us to provide your information, including your Personal Information, to the other party. Prior consent from EEA and UK data subjects would be required prior to offering any information discussed in this section.

Use of ADMT and AI

We may use automated decision-making technology (“ADMT”) in connection with certain aspects of our Services. ADMT refers to systems, software, or processes (including algorithms, artificial intelligence (“AI”), and machine learning) that use automated processing of Personal Information to support decisions or assist human decision-making, consistent with the purposes described in Section 2(b) (How We Use Your Information).

We may use ADMT, for example, to help:

protect the security and integrity of our Services;
detect, prevent, or investigate fraudulent, abusive, or illegal activity;
protect consumer safety;
personalize or tailor content, recommendations, or advertisements;
determine whether certain transactions require additional verification;
support customer service interactions, including by generating automated responses or suggestions.

Depending on how you interact with our Services, the use of ADMT may affect the content or recommendations you see, the security or monitoring applied to your activity, your access to certain features or service tiers, or whether additional verification steps are required.

We may use machine learning to help us respond more efficiently to customer inquiries and to improve our internal customer support processes. We do not permit third parties to use your Personal Information to train their AI models or to make automated decisions about you except where permitted by law and subject to appropriate contractual and legal safeguards.

We do not use ADMT to make decisions about you that produce legal or similarly significant effects without providing any rights required under applicable law, which may include the right to obtain human intervention, to express your point of view, or to contest a decision.

What You Can Do To Manage Your Privacy

You can view and edit information that identifies you online through the Service. How you can access and control information that identifies you will depend on which Services you use. You have a choice about the use of information that identifies you, marketing communications you receive from us, and our use of cookies and other tracking technologies.

Updating Your Personal Information

In connection with your right to manage your Personal Information you provide to us, you may under certain circumstances access, update, change, correct or request deletion of your information either through the Service or through our customer support. You can reach our customer support by using the contact information provided in the “How to Contact Us” section of this Policy. Please note that your exercise of these rights is subject to certain exemptions. We will respond to your request within a reasonable timeframe.

Managing Marketing Communications From Us

We will honor your choices when it comes to receiving marketing communications from us.

You have the following choices if you have been receiving marketing communications from us that you no longer wish to receive:

You may contact Auctane at any time to opt-out from marketing or to request that your information not be shared with third parties (other than the USPS) or set preferences when you register with us. Use the contact information for the applicable brand in our “How to Contact Us” section below.
Access the opt-out link in any email communication from us.
Text “Stop” in any text message communication from us or follow provided instructions on how to quit.

Remember that even if you choose not to receive marketing communications from us, we will continue to send you mandatory service or transactional communications.

Managing Contacts

You may withdraw your consent to allow Device Contacts at any time by modifying the relevant device settings on your Device or through your account settings. You may delete Contacts at any time by deleting them through your account settings.

If a vendor has provided your Personal Information to us as a contact or recipient of the vendor’s products or services, we may require you to contact the vendor or “controller” of the information to request deletion of your information. Our ability to use or disclose such information is limited by our Service Provider agreement with the vendor.

Cookies and Other Tracking Technologies.

We use cookies and other tools (“Tracking Technologies”) to understand how people use our Site, make it work correctly, and to improve your experience. These Tracking Technologies store and collect Usage Information. Tracking Technologies may set, change, alter or modify settings or configurations on your Device. By using this Site, you consent to our use of Tracking Technologies – where required by law, we will collect your affirmative consent before using these Tracking Technologies. In jurisdictions that require prior consent, we only set non-essential cookies after you grant permission.

Generally we use these tracking technologies to fulfill your requests for products and services and improve our services.

What Are Cookies?

Cookies are small files that your browser stores on your Device. They help the website remember things like your preferences or whether you’ve logged in. Some cookies are placed by us (“first-party cookies”) and some are placed by our partners (“third-party cookies”) such as companies that provide analytics, video, or advertising. Third-party cookies we use may include Google, Meta, Microsoft or others.

We classify our cookies into the following categories:

• Essential/Strictly Necessary Cookies. These cookies are need for the Site to work (for example, keeping you logged in or letting the Site load properly). You cannot disable this type of cookie on our Site.

• Functionality Cookies. Also known as “preference cookies,” these cookies allow the Sites to remember choices you have made in the past, like what language you prefer, or what your username and password are so you can automatically log in. Disabling these cookies can cause some parts of the Site to not work properly, so we discourage you from disabling these cookies.

• Performance and Analytics Cookies. These cookies collect information about how you use a website, like which pages you visited and which links you clicked on. Their purpose is to improve website functions. In some jurisdictions, you may be able to turn these cookies off.

• Targeting and Advertising Cookies. These are used by us or our partners to deliver more relevant advertising, measure our marketing, or prevent you from seeing the same ad too many times. These cookies can share that information with other organizations or advertisers. In some jurisdictions, you may be able to turn these cookies off.

These cookies allow us to:

Remind us of who you are on return visits in order to deliver to you a better and more personalized service. This cookie is set when you first visit our Site.
Estimate our audience size and measure traffic patterns regarding usage of our network of Sites. Each browser accessing our Site is given a unique cookie which is then used to determine the extent of repeat usage and usage by a registered user versus by an unregistered user.
Track the number of entries in our promotions.
Customize the advertising and content you see.

Depending on your browser settings or your location, you may be able to:

• Adjust your cookie preferences through our cookie banner;

• Block or delete cookies in your browser;

• Opt out of certain analytics or advertising tools; or

• Change your Device settings to limit tracking.

If you turn off or delete our cookie, you may not be able to receive special offers or personalized content from us.

Technologies such as cookies, or similar technologies, are used by us and our partners (e.g. network advertising partners), affiliates, or analytics or service providers (e.g. online customer support providers). These technologies are used in analyzing trends, administering the site, tracking user movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

Other Tracking Technologies we use may include:

• HTML5 local or session storage and IndexedDB or cache storage: browser-based storage used to remember certain settings or behaviors;

• Pixel tags, clear GIFs and web beacons: small images or snippets of code that load when you visit a page or open an email, telling us or partners that you have engaged with content, such as a Meta pixel;

• Tags, scripts and containers (e.g., tag managers): snippets of code provided by analytics or marketing vendors to measure behavior or deliver functionality, or tools used to deploy and manage other tags (like Google Tag Manager);

• Software Development Kits (SDKs): a set of tools or code provided by a third party that developers add into an app or website to enable certain features, such analytics, advertising, or login, and that may also collect information from users’ Devices;

• Embedded Scripts: snippets of code that are designed to collect information about your interactions with the Site, such as the links you click on;

• Click Identifiers and URL parameters: short tags added to the end of a URL that help track where website traffic comes from, including UTM parameters, such as which email, ad, or social media post a visitor clicked before landing on a page;

• Device Identifiers and probabilistic identifiers: Identifiers unique to your Device (e.g., mobile advertising IDs), or technology that creates an identifier by analyzing characteristics of your Device or browser;

• Server-Side Tracking and APIs: technologies that transmit interaction or event data directly from our servers to analytics, advertising or measurement partners (like conversion APIs or server-side tag management);

• Analytics and Session Replay Technologies: tools that help us understand how users interact with our Services, which may record page views, clicks, scrolling, or other usage activity for analytics and service improvement purposes;

• Social Media Plugins and Embedded Controls: Features such as “Like” or “Share” buttons, embedded videos, or other third-party content that may collect information when you interact with our Services;

• Log Files and Network-Level Data Collection: Automatic collection of technical information when you access our Services, including IP Address, browser type, device type, operating system, referring URLs, and timestamps; and

• Other data technologies may be used that collect comparable information for security and fraud detection purposes.

We partner with third parties to either display advertising on our Web site or to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.

In some jurisdictions, you can make individual selections on your Device or browser to opt out of cookies. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below to learn how to modify your web browser’s settings on the most popular browsers:

Note that if you turn cookies off, you may be unable to access certain parts or benefit from the full functionality of the Sites or App. To learn more about cookies and similar technologies or to opt-out of targeted advertising cookies, visit resources from the Digital Advertising Alliance (“DAA”). We do not control these opt-out links or whether any organization chooses to participate in these opt-out programs.

EEA and UK data subjects will only have cookies placed on their system if they affirmatively opt-in to such tracking (as required by applicable data protection law). EEA and UK data subjects may visit http://www.youronlinechoices.eu/ to understand more about Cookies and other tracking technologies in each EEA/UK country.

Customers in Canada may visit http://youradchoices.ca/ to understand more about Cookies and other tracking technologies in Canada.

Your Choices for Google Tools

Our Google Analytics Advertising tools may include remarketing, impression reporting, demographics and interest reporting, and cross-service integrations. Google offers several ways to control how your information is used for advertising.

Google Ads Settings – You can opt out of personalized ads from Google by adjusting your settings here.
Google Analytics Opt-Out Browser Add-On – You can block Google Analytics from accessing your online activity with a browser add-on here.

Google AdWords Remarketing – You can opt out of Google AdWords Remarketing here.
Direct-Level Advertising Settings – Many mobile devices allow you to limit the use of Advertising IDs (Android Ad ID or Apple IDFA). See your Device’s settings for more information.

With respect to these advertising features, Company is the sole controller under all applicable data protection legislation. We will not identify users or facilitate the merging of Personal Information with additional information collected through any Google advertising product or feature unless we have your affirmative opt-in consent to that identification or merger.

Your Choices for Meta (Facebook) Tools

If we use the Meta Pixel, Meta may use information about your activity on our Site to personalize ads you see on Facebook, Instagram, and other Meta services. You can control your ad preferences directly with Meta:

Meta Ad Preferences – You can view or change your Facebook Ad Preferences here.

Your Choices for Microsoft (Bing Ads, UET Tag) Tools

If we use Microsoft Tracking Technologies, you can control your ad preferences directly with Microsoft:

Microsoft Link to Opt-Out of Targeted Advertising – You can view or change Microsoft Personalized ads and offers settings here.

Please note that even if you opt-out of such Cookies or otherwise opt-out of interest-based advertising, you will still receive advertisements, they just will not be tailored to your interests. Also, if you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.

Do Not Track/ Global Privacy Control

We recognize the Global Privacy Control (GPC).

Your opt-out preference signal will be processed for the consumer by device. You can click on the opt out links we have provided or use the Global Privacy Control (GPC) as described below.
You can implement opt-out preference signals by following the steps here: https://globalprivacycontrol.org/ In certain territories, when we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting, as required by applicable law.

Our Services are not currently configured to respond to browsers’ “Do Not Track” signals because at this time no formal “Do Not Track” standard has been adopted. However, the practices of our partners and other third party providers may change as a result of this feature being utilized. Click here for more information on “Do Not Track.”

Social Media Features

Our Services may use social media features, such as Facebook sharing (“Social Media Features“). These features may collect your IP address and which page you are visiting within our Service and may set a cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Services. Your information may also be provided to the third party social media provider to opt you in to or to remove you from our direct or indirect marketing, based on your stated preferences. Your interactions with these features are governed by the privacy policy of the company providing the relevant Social Media Features.

Data Retention And Your Access Rights
Data Retention

We retain Device Contacts only for as long as your account remains active or as needed to provide the relevant features, unless a longer retention period is required or permitted by law. You may delete Contacts at any time through the App and you may withdraw consent to access your Device Contacts as noted above in “Managing Contacts.” Deleted Contacts are removed from our systems within a commercially reasonable period, subject to backup and legal retention requirements.

In accordance with and as permitted by applicable law and regulations, we will retain your information as long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business. When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have opted out of receiving marketing communications. We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones. We will retain and use your information as required by applicable regulations and our records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.

Your Access Rights

Upon request and as required by applicable law, you may contact us to confirm whether we maintain, or process on behalf of a third party, your Personal Information and to review it in order to verify its accuracy and the lawfulness of our processing of such Personal Information. Where you have determined that the Personal Information we collected about you is inaccurate or processed in violation of applicable law you may also request that your Personal Information be corrected, amended, or deleted. Requests for access to your Personal Information and to have it corrected, amended, or deleted should be sent to the email address or mailing address provided under “How to Contact Us.“

Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah and Virginia as well as Canadian residents and individuals located in Australia or New Zealand may have additional rights. Please see the applicable Privacy Policy Addendum below.

EEA and UK data subjects have certain rights to access Personal Information about them, and to limit use and disclosure of their Personal Information. Please see our ”Privacy Policy Addendum for UK and EEA Residents.“ If you wish to request access, to limit use, or to limit disclosure, please contact us at the email address or mailing address provided under “How to Contact Us” and please provide the name of the Auctane customer who submitted your Personal Information to our services.

Security Of Your Information

You can find out more from the U.S. government about keeping your Personal Information safe while on line by clicking here. We provide reasonable and appropriate security measures in connection with securing Personal Information we collect, but please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure.

If you have any questions about the security of your Personal Information, please refer to the “How to Contact Us” section below.

International Data Transfers

(a) In accordance with and as permitted by applicable law and regulations, we reserve the right to transfer your Personal Information, process and store it outside your country of residence to wherever we or our third-party service providers operate. At this time any United States person’s information shall be stored and kept within the United States. EEA and UK data subjects may have their data stored in the EEA or the United States, and such information may be transferred to the United States to allow for completion of the Services required. For more information about this, please see our “Privacy Policy Addendum for GDPR and UK GDPR“. If a data processing agreement is needed for a transaction involving an international transfer of data, the Customer Data Processing Agreement is located here.

(b) Auctane complies with the EU-U.S. Data Privacy Framework (“EU-US DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Auctane has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. In the context of an onward transfer, Auctane has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on our behalf. Auctane remains liable under the DPF if our agent processes such personal information in a manner inconsistent with the DPF, unless Auctane can prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The following U.S. subsidiaries of Auctane, as identified in our self-certification submission, also adhere to the DPF Principles: PSI Systems, Inc.; ShippingEasy, Inc.; Interapptive, Inc.; and Auctane, LLC.

Auctane collects the types of personal data identified in the “Types of Information We Collect” section above, and processes that data for the purposes set out in the “How We Use Your Information” section above. Your individual rights and choices are set out in the “Data Retention and Your Access Rights” section and applicable Addenda and may differ from your rights under the DPF. To transfer personal data to a third party acting as an agent, Auctane certifies that it will (i) transfer such data only for limited and specific purposes, (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles, (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles, (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles, (v) upon notice, including under, (vi) take reasonable and appropriate steps to stop and remediate unauthorized processing, and (vii) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce, upon request.

If you have a question or complaint related to Auctane’s participation in the DPF program, we encourage you to contact us at [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Auctane commits to refer unresolved complaints concerning our handling of Non-HR personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to TRUSTe Dispute Resolution, an alternative dispute resolution provider based in the United States (https://trustarc.com/dispute-resolution/). Non-HR data includes all personal data processed by Auctane on behalf of its customers. The services of TRUSTe are provided at no cost to you.

For any HR data complaints related to the DPF that Auctane cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en) or the UK Information Commissioner (https://ico.org.uk/) for UK individuals. Please contact us if you’d like us to direct you to your data protection authority contacts.

As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

Auctane is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Auctane may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Changes To This Policy

From time to time we may change or update this Policy. We reserve the right to make changes or updates at any time. More information about how we will notify you is below.

If we make material changes to the way we process your Personal Information, we will use all reasonable endeavors to provide you notice via our Service or by other communication channels, such as by email or posting on our Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may close your account(s). All changes are effective immediately upon posting and your use of our Service after a notice of material change or posting of an updated Policy shall constitute your consent to all changes.

Collection And Use Of Children’s Personal Information

We do not knowingly collect information from minors.

Our Services are intended for and directed to adults. Our Services are not directed to minors (as defined under applicable law) and we do not knowingly collect Personal Information from minors. If you are the parent or guardian of a child under 16 who you believe has provided her or his information to us, please contact us using the information in the “How to Contact Us” section below to request the deletion of that information.

Country / U.S. State-Specific Privacy Rights

Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, as well as Canadian residents, and individuals located in Australia or New Zealand may have certain additional rights. Please see the applicable Privacy Policy Addendum below.

EEA and UK data subjects have certain rights to access Personal Information about them, and to limit use and disclosure of their Personal Information. Please see our ”Privacy Policy Addendum for UK and EEA Residents.“ If you wish to request access, to limit use, or to limit disclosure, please contact us as described in the “How to Contact Us” section and provide the name of the Auctane customer who submitted your Personal Information to our services.

How To Contact Us

If you have questions or comments about this Policy, please contact us. We want your feedback and comments.

Via email or webform (as applicable). If you have questions or complaints regarding our Policy or practices, please contact us by email as follows, depending on the applicable brand:

Stamps.com: www.auctane.com/privacy-form/
Endicia: www.auctane.com/privacy-form/
ShipStation: [email protected]
ShippingEasy: [email protected]
ShipWorks: [email protected]
ShipEngine: [email protected]
GlobalPost: www.auctane.com/privacy-form/

Via direct mail. Auctane, Inc., Attention: Customer Care, Privacy Policy Issues, 4301 Bull Creek Rd, Austin, TX 78731

Via our toll free number (applicable to Stamps.com, Endicia and ShipStation only). Please call us as follows:

Stamps.com: (855) 889-7867

Endicia: (855) 889-7867

ShipStation: (855) 712-5819

If you have an unresolved privacy or information use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Privacy Policy Addendum for California Residents

This PRIVACY POLICY ADDENDUM FOR CALIFORNIA RESIDENTS supplements the information contained in our Policy and applies solely to visitors, customers, and others who reside in the State of California (“consumers” or “you”). We adopt this addendum to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this addendum. In the event of a conflict between the App Privacy Policy and this PRIVACY POLICY ADDENDUM FOR CALIFORNIA RESIDENTS, this PRIVACY POLICY ADDENDUM FOR CALIFORNIA RESIDENTS takes precedence.

California Residents

California Notice At Collection

We collect Personal Information for the business and commercial purposes outlined below. The categories of Personal Information we intend to collect and the purposes for which we use each category are set forth in the table below. We do not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without providing notice.

We retain each category of Personal Information for the period reasonably necessary to fulfill the purposes described below, unless a longer retention period is required or permitted by law. Please see our “Data Retention” section above.

If we sell or share Personal Information or use or disclose Sensitive Personal Information (“SPI”), we indicate that in the table below.

Some Identifiers (below) are collected by user-initiated import from Device Contacts and are subject to additional use and retention limitations.

Category of Personal Information	Business Purpose for Collection or Use	Sold/Shared?	Retention Period
Identifiers: such as name, email, phone number	Provide services, communication, enforce agreements, personalization, advertising, analytics, improve services, comply with law, account management, processing transactions, security/fraud prevention	Yes/No	Duration of customer relationship with you and/or legal retention periods
Customer Records: such as billing information, account credentials	Provide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud prevention	Yes/No	7 years or life of account
Commercial Information: such as purchases, transaction history	Provide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud prevention	Yes/Yes	Duration of customer relationship with you and/or legal retention periods
Internet or Network Activity: such as browsing history, information regarding interaction with a website	Improve services, personalization, advertising, analytics, security/fraud prevention	Yes/Yes	2 years or per cookie lifecycle
Geolocation Data: such as physical location and/or movements	Improve services, personalization, advertising, analytics, security/fraud prevention	Yes/Yes	2 years or per cookie lifecycle
Inferences: information used to create a profile about you, such as preferences or likes	Improve services, communication, personalization, profiling, advertising, analytics	Yes/Yes	Duration of customer relationship with you and/or legal retention periods
Sensitive Personal Information: like social security number, precise geolocation (within 1850 sq ft), religious beliefs, contents of emails	Provide services, communication, enforce agreements, comply with law, account management, processing transactions, security/fraud prevention	No/No	During period of employment (if needed to administer benefits); during customer relationship for tax or other regulatory purposes

Notice of California Privacy Rights

In addition to the rights set forth in the “What You Can Do To Manage Your Privacy” section above, California residents have the following additional privacy rights:

• Right to Know (Categories): To know the categories of Personal Information we collect, the categories of sources from which it is collected, the purposes for which we use it, whether we sell or share it, and the categories of third parties to whom we disclose it.

• Right to Know (Retention): To know the length of time we intend to retain each category of Personal Information, or the criteria used to determine such period;

• Right to Know (Specific Pieces): To access the specific pieces of Personal Information we have collected about you;

• Right to Delete: To request deletion of the Personal Information you have provided to us, subject to certain exceptions;

• Right to Correct: To request that we correct inaccurate Personal Information that we maintain about you;

• Right to Opt-Out of Sale of Personal Information: To direct us not to sell your Personal Information;

• Right to Opt-Out of Sharing: To direct us not to share your Personal Information for cross-contextual behavioral advertising;

• Right to Know About Sensitive Personal Information: To know whether we collect Sensitive Personal Information (“SPI”), the categories of SPI, the purposes for which we use the SPI, and whether the SPI is sold or shared;

• Right to Limit the Use and Disclosure of Sensitive Personal Information: To request that we limit our use and disclosure of your SPI to the purposes permitted by the CCPA; and

• Right to Non-Discrimination: Not to receive discriminatory treatment for exercising any of your CCPA privacy rights.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

Privacy rights apply to all Personal Information we collect. Where data is subject to additional use or retention restrictions, those restrictions apply automatically and do not limit the user’s ability to exercise applicable rights.

Request for Information, Correction, or Deletion

California residents have the right to request, under certain circumstances, that a business that collects Personal Information about them disclose the information listed below for the preceding 12 months:

• The categories of Personal Information collected about you;

• The categories of sources from which the Personal Information is collected;

• The business or commercial purpose for collecting, selling or sharing Personal Information;

• The categories of third parties to whom the business discloses Personal Information;

• The categories of Personal Information that we sold or shared, and the categories of third parties to whom we sold or shared Personal Information; and

• The specific pieces of Personal Information collected about you.

You can also request that we correct or delete your Personal Information. There may be certain exceptions to our obligation to correct or delete your information such as if you have an existing account or transaction with us or if we have a legitimate business reason to keep your information.

Personal Information Collected Within Last Twelve (12) Months

Below are the categories of Personal Information that we collected and disclosed for a business purpose or shared with third parties in the past twelve (12) months.

Category of Personal Information	Sources of Information	Business Purpose for Collection, Use or Disclosure	Categories of Service Providers or other Third Parties To Whom Information is Provided for a Business Purpose	Categories of Third Parties To Whom Information is Sold or Shared
Identifiers: such as name, email, phone number	You, Automatically, Third Parties	Provide services, communication, enforce agreements, personalization, advertising, analytics, improve services, comply with law, account management, processing transactions, security/fraud prevention	Affiliates, Collaborators, Data processing and analytics vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendors, government/law enforcement where necessary.	Analytics and advertising vendors
Customer Records: such as billing information, account credentials	You, Automatically, Third Parties	Provide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud prevention	Affiliates, Collaborators, Data processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendors	None
Commercial Information: such as purchases, transaction history	You, Automatically	Provide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud prevention	Affiliates, Collaborators, Data processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendors, government/law enforcement where necessary.	Analytics and advertising vendors
Internet or Network Activity: such as browsing history, information regarding interaction with a website	Automatically, Third Parties	Improve services, personalization, advertising, analytics, security/fraud prevention	Affiliates, Collaborators, Data processing vendors, service providers such as website hosting, security vendors, or customer service vendors	Analytics and advertising vendors
Geolocation Data: such as physical location and/or movements	Automatically, if provided via Device	Improve services, personalization, advertising, analytics, security/fraud prevention	Affiliates, Collaborators, Data processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendors	Analytics and advertising vendors
Inferences: information used to create a profile about you, such as preferences or likes	You, Automatically, Third Parties	Improve services, communication, personalization, profiling, advertising, analytics	Affiliates, Collaborators, Data processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendors	Analytics and advertising vendors
Sensitive Personal Information: like social security number, precise geolocation (within 1850 sq ft), religious beliefs, contents of emails	You	Comply with law, provide employee benefits, security/fraud prevention	Affiliates, Collaborators, Employee benefits; government/law enforcement where necessary.	None

Information related to how long we retain each category of Personal Information is included in the Data Retention section above.

Do Not Sell My Personal Information

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. We do not sell Personal Information, but we recognize that some privacy laws define “Personal Information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale.” To opt-out of this, please use the tools in the “How to Contact Us” section.

Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use of each type of Sensitive Personal Information for each purpose with each type of third-party partner. Please note that we only keep your Sensitive Personal Information for a limited time, and only for the transaction for which it is required. Currently, we do not use Sensitive Personal Information for purposes that give rise to the right to limit its use under California law. Specifically, we do not provide your Sensitive Personal Information to any third parties other than those service providers that are necessary for us to provide our Services to you.

To submit any of the above requests, please contact us using the information in the “How To Contact Us” section.

If you opt to exercise your privacy rights, we are required to verify your identity in order to prevent unauthorized access of your information. This may require us to ask you certain questions to confirm your identity or require you to provide state-issued identification. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. Where required by applicable law, we will notify you if we reject your request and notify you of the reasons we are unable to honor your request.

You may designate an authorized agent to make a request to exercise your rights on your behalf. For your protection, we reserve the right to deny any request from an agent who does not submit proof that they have been authorized to act on your behalf.

We have no actual knowledge that we sell Personal Information of minors under age 16.

If you are a current or former employee and would like to exercise your rights under CPRA, please submit your request to [email protected].

Financial Incentives

We do not currently offer any financial incentives for your data. If we do begin a financial incentive program, the value of your personal information will be based upon a comparison of the amount spent by incentive program customers compared to similarly situated customers who do not participate in the incentive program over a 12-month period and also includes the following considerations:

categories of personal information collected;
transferability of such personal information;
the use of such personal information in connection with marketing activities; and/or
the volume of consumers enrolled in the incentive program.

We will update this information over time as appropriate.

Note that you will be provided with the material terms of the incentive program when you join and are asked to provide your opt-in consent to participate, which you can withdraw from at any time.

California’s ‘Shine the Light’ Law

Under California’s “Shine the Light” law, a California resident with whom Auctane has an established business relationship has the right to request information about Auctane’s disclosure of personal information to affiliated companies or third parties for their direct marketing purposes, within the immediately preceding calendar year, subject to certain exceptions. To exercise this right, please contact us as per the below, depending on the applicable brand and include “Shine the Light Opt Out” in your request. We do not disclose Personal Information to third parties for their own direct marketing purposes if you have exercised your opt out right.

Stamps.com: [email protected]
Endicia: [email protected]
ShipStation: [email protected]
ShippingEasy: [email protected]
Shipworks: [email protected]
ShipEngine: [email protected]

Privacy Policy Addendum for Nevada Residents

This PRIVACY POLICY ADDENDUM FOR NEVADA RESIDENTS supplements the information contained in our Policy and applies solely to visitors, customers, and others who reside in the State of Nevada (“consumers” or “you”).

If you are a resident of Nevada, you have the right to request certain information from us regarding the collection and sale of your Personal Information (as defined in Nevada Revised Statutes 603A.320) during your visit to our websites or when you otherwise interact with us online. If you have sought or acquired, by purchase or lease, any goods or services for personal, family, or household purposes from our us, you may ask us to disclose whether we have sold (for monetary consideration) certain information about you (including your first and last name, physical address, email address, telephone number, social security number, an identifier that allows you to be contacted either physically or online, or other contact information that allows us to identify you personally).

As a Nevada resident, you may also request to opt out of us sharing such information about you. To make this inquiry, please submit a request using the information in our “How to Contact Us” section, depending on the applicable brand and include “Nevada Privacy Rights” in your inquiry.

You must include your full name, email address, account number and attest that you are a Nevada resident by providing a Nevada postal address in your request. Please state whether you are requesting information and/or opting out. We will respond to your request within 60 days or let you know if we need additional time. We may require additional information to verify your identity before we can respond.

Privacy Policy Addendum for Residents of Other U.S. States (Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah and Virginia).

This PRIVACY POLICY ADDENDUM FOR RESIDENTS OF OTHER U.S. STATES (including Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah and Virginia) supplements the information contained in our Policy and applies solely to visitors, customers, and others who reside in each of the listed states (“consumers” or “you”).

Information Collected and Processed

Category of Personal Information Collected	Purpose for processing	Shared with Third Parties?	Categories of Third Parties Shared With	Is Personal Information collected, Sold or processed for Targeted Advertising
Real nameContact informationGovernment issued identification numbersPayment informationRecords of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies,Browsing historySearch history, information on a consumer’s interaction with a website, application, or advertisement, geolocation information,Information from CookiesOther Personal Information disclosed in surveys	To fulfill or meet the reason for which the information is provided.To provide you with information, products or services that you request from us or to remove you from our direct or indirect marketing, based on your preferences.To provide you with email or direct mail alerts and other notices concerning our products or services, or events or news, that may be of interest to you.To contact you by telephone, if you have provided a contact number, in order to provide you with information, products, or services that you have requested or may have attempted to access on our website.To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for fraud prevention, billing and collections; as necessary or appropriate to protect the rights of our clients or others.To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. We also collect this information for our internal analysis purposes and other internal uses that are reasonably aligned with consumer expectations based on your relationship with us.	Yes	Service providers, analytics companies, data brokers, third party advertisers, payment processors, lenders, other merchants, collaborators, government agencies, and law enforcement where necessary.	We process Personal Information for Targeted Advertising. We may contract with third parties, such as Facebook, to provide us with anonymized information enabling us to show ads to you based on Personal Information that we have obtained (or inferred) about you based on your actions on third party (non-affiliated) websites or apps.
Sensitive Information or the Personal Information of a Child is not Processed.	N/A	N/A	N/A	N/A

Your Rights

Based on the applicable law in the state in which you live, you may have the following rights with respect to your Personal Information:

Access, including confirming whether we are a controller and/or are processing Personal Information concerning you, as well as identifying the categories of Personal Information we collect about you, the purposes for the collection, how long we retain your Personal Information and whether that information is sold or shared and to whom.
Correction, including correcting inaccuracies in your Personal Information if we are the controller of the information, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information.
Deletion.
Data portability, to the extent technically feasible, obtaining in a portable and readily usable format Personal Information that you previously provided to us.
Non-Discrimination, we will not discriminate against you for exercising these rights, including by denying you Services, charging different prices or rates for our Services, providing a different level or quality of Services and/or suggesting that you will receive a different price, rate, or quality of Services.
Right to Opt Out. Depending on the state in which you live, you may have the right to opt out of the processing of your Personal Data for purposes of (i) targeted advertising, (ii) the sale of Personal Data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

To submit any of the above requests or designate an authorized agent to make a request to exercise your rights on your behalf, please contact us as described in the “How to Contact Us” section. You can also update and correct some of your Personal Information through your account. In some states, you also have the right to direct us to not sell or share your information or to opt out of the processing of your Personal Information for targeted advertising or profiling.

We may require you to confirm your identity and your residency in order to obtain the information, and you only entitled to make this request up to twice annually. We will respond within 45 days after receipt of the request. We may extend the 45-day period by 45 additional days where reasonably necessary, taking into account the complexity and number of the requests. We will inform you an extension within forty-five days after receipt of the request, together with the reasons for the delay.

In some states, including Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, and Texas, you may use an authorized agent to submit your opt out privacy request (subject to verification requirements). We will comply with an opt-out request received from a person authorized by you to act on your behalf if we are able to authenticate, with commercially reasonable effort, your identity and the authorized agent’s authority to act on your behalf. For your protection, we reserve the right to deny any request from an agent who does not submit proof that they have been authorized to act on your behalf.

Appeals

If you are a resident of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, and Virginia, and we have denied your verified request to exercise any of the privacy rights above, you have the right to appeal our decision within within a reasonable period after receipt of our decision. Please send an email to the applicable address in the “How to Contact Us” section below and include “Privacy Rights Appeal” in the subject line. We will inform you within 45 days after receipt of your appeal request (extended by an additional 60 days where reasonably necessary, taking into account the complexity and number of requests serving as the basis for the appeal), and we will include a written explanation of the reasons in support of our response. If we require the 60-day extension, we will inform you within 45 days after receipt of the appeal, together with the reasons for the delay.

If you have concerns about the results of your appeal, you have the right to contact your state attorney general at the information below. If you are a resident of:

Colorado – You may contact the Colorado Attorney General here.

Connecticut – You may contact the Connecticut Attorney General here.

Delaware – You may contact the Delaware Department of Justice, Attorney General’s Fraud & Consumer Protection Division here.

Indiana – You may contact the Indiana Attorney General here.

Iowa – You may contact the Iowa Attorney General, Consumer Protection Division here.

Kentucky – You may contact the Kentucky Attorney General, Consumer Protection Division here.

Maryland – You may contact the Maryland Attorney General, Consumer Protection Division here.

Minnesota – You may contact the Minnesota Attorney General here.

Montana – You may contact the Montana Department of Justice, Office of Consumer Protection here.

Nebraska – You may contact the Nebraska Attorney General here.

New Hampshire – You may contact the New Hampshire Department of Justice, Consumer Protection & Antitrust Bureau here.

New Jersey – You may contact the New Jersey Office of the Attorney General, Division of Consumer Affairs here.

Oregon – You may contact the Oregon Department of Justice (Attorney General) here.

Rhode Island – You may contact the Rhode Island Attorney General’s Consumer Protection Unit here.

Tennessee – You may contact the Tennessee Attorney General & Reporter’s Office here.

Texas – You may contact the Texas Attorney General’s Office here.

Virginia – You may contact the Virginia Attorney General, Consumer Protection Section here.

Changes to this Policy

We will notify you of substantive or material changes to this Policy, including, but not limited to, changes to: (1) categories of Personal Information Processed; (2) Processing purposes; (3) our identity; or (4) methods by which you can exercise your Data Rights request.

Privacy Policy Addendum for GDPR and UK GDPR

This PRIVACY POLICY ADDENDUM FOR GDPR and UK GDPR supplements the information contained in our Policy and applies solely to visitors, customers, and others who are located within the United Kingdom and/or the European Economic Area (“consumers” or “you”). This section is intended for compliance with the General Data Protection Regulation (“GDPR”) and UK GDPR.

If you are a resident of or located within the United Kingdom or European Economic Area (“EEA”), you have certain additional data protection rights (subject to certain exemptions). These rights include:

The right to access, update or delete the information we have about you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Information.
The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your Personal Information.
The right to lodge a complaint with the supervisory authority of your usual place of residence (details of which can be found at the end of this Addendum).
If you are a resident of France, you also have a right to give instructions concerning the use and disclosure of your Personal Information after your death (the “post-mortem privacy right”).

Please refer to the ‘Exercising your rights under GDPR’ section below for more information.

Legal Basis for Processing Personal Information Under GDPR and UK GDPR

Our legal basis for collecting and using the Personal Information described in this Policy depends on the Personal Information we collect and the specific context in which we collect it.

Please note that whilst there is no statutory or contractual obligation for you to provide your Personal Information, we may not be able to provide some or all of the Services if you do not provide your Personal Information.

With respect to the purposes set out in Section 2(b) of the Policy, the legal bases are set out below:

Processing activity	Type of Personal Information processed	Legal basis for processing
Account Registration	Includes name, address, phone number, billing information, and email address and address change information (Account Information)	If we have a contract with you: Contract Performance.If we do not have a contract with you: legitimate interests (to provide our services).
To Provide Our Services and Operate Our Business	Includes Account Information and transaction information	If we have a contract with you: Contract PerformanceIf we do not have a contract with you: legitimate interests (to provide our services).
Customer Service and Technical Support	Includes Account Information, transaction information and our correspondence	If we have a contract with you: Contract Performance.If we do not have a contract with you: legitimate interests (to provide you with support in respect of our services).
Communicate with You and Tell You About Other Services	Includes Account Information, transaction information, our correspondence and your marketing/communication preferences.	Legitimate interest (improving and enhancing our business model and services), unless consent is required by applicable data protection law.
To Improve Services and Develop New Services (including training, testing and use of AI)	Includes Account Information, transaction information, our correspondence and your marketing/communication preferences.	Legitimate interest (improving and enhancing our business model and services).
Feedback	Includes Account Information, transaction information, our correspondence and your marketing/communication preferences.	Legitimate interest (improving and enhancing our business model and services), unless consent is required by applicable data protection law.
Claims and Litigation	Includes Account Information, transaction information, our correspondence and your marketing/communication preferences.	Legal obligations, where the processing activity is required by law or regulation.In all other cases, legitimate interests (to comply with our obligations) and for the establishment of/defense against legal claims.
To comply with our legal and regulatory obligations	Includes Account Information, transaction information, our correspondence and your marketing/communication preferences.	Legal obligations, where the processing activity is required by law or regulation,In all other cases, legitimate interests (to comply with our obligations).

Transfer of Information

As mentioned above in the Policy, your Personal Information may be transferred to and stored in countries that have not been found to have an adequate level of data protection pursuant to the GDPR and UK GDPR, such as the United States. Auctane complies with the EU-U.S. Data Privacy Framework (“EU-US DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Auctane has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. In the context of an onward transfer, Auctane has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on our behalf. Auctane remains liable under the DPF if our agent processes such personal information in a manner inconsistent with the DPF, unless Auctane can prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The following U.S. subsidiaries of Auctane, as identified in our self-certification submission, also adhere to the DPF Principles: PSI Systems, Inc.; ShippingEasy, Inc.; Interapptive, Inc.; and Auctane, LLC.

If you have a question or complaint related to Auctane’s participation in the DPF program, we encourage you to contact us at [email protected].

If you would like to more information about the safeguards we put in place when we transfer your Personal Information overseas and the means to obtain a copy of them, please refer to the “How to Contact Us” section below.

Exercising Your Rights Under GDPR

If applicable, you may exercise any of the rights under GDPR and UK GDPR by submitting a verifiable data subject request to us by using our webform or emailing us as follows, depending on the applicable brand:

ShipStation: [email protected]
ShipEngine: [email protected]
GlobalPost: www.auctane.com/privacy-form/

You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are located within the UK or EEA by informing us of your country location in your request. We may require you to confirm your identity and/or legal standing for the request in order to obtain the information. We will generally respond to your request within 30 days or let you know if we need additional time.

Please note that we may deny your request if we are unable to verify your identity or authority to make the request.

Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us as set out above.

How to Contact Us

If you are located within the UK or EEA and have an unresolved privacy or data use concern, you may also contact our Data Protection Officer as follows, depending on the applicable brand:

ShipStation: [email protected]

ShipEngine: [email protected]

GlobalPost: www.auctane.com/privacy-form/

If you have an unresolved privacy or information use concern that we have not addressed satisfactorily, please contact our U.S. -based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

For more information about GDPR, please contact your local data protection authority in the EEA – details can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en .

Details of the UK data protection authority can be found at www.ico.org.uk.

Privacy Policy Addendum for Canadian Residents

This PRIVACY POLICY ADDENDUM FOR CANADIAN RESIDENTS supplements the information contained in the Policy and applies solely to visitors, customers, and others who are citizens of or reside in Canada (“you”). This section is intended for compliance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar provincial legislation in Canada (collectively, “Canadian Privacy Legislation”).

If you are a resident of Canada, you have certain additional data protection rights (subject to certain exemptions). These rights include:

The right to receive information about the existence, use, and disclosure of your Personal Information and be provided access to that Information,provided it does not violate any law or legal requirement.
The right to challenge the accuracy and completeness of your Personal Information and have it amended as appropriate. Depending on the nature of the challenged information, amendment may involve correction, deletion, or addition of information.
The right to withdraw your consent to our collection, use and transfer of your Personal Information at any time where we relied on your consent for such activities. Please note that if you withdraw your consent, we may not be able to provide you with certain Services.

Please refer to the ‘Exercising your rights under Canadian Privacy Legislation’ section below for more information.

Exercising Your Rights Under Canadian Privacy Legislation

If applicable, you may exercise any of your rights under Canadian Privacy Legislation by submitting a verifiable data subject request to us by using our webform or emailing us as set forth in the “How to Contact Us” section, depending on the applicable brand:

You may make a request related to your Personal Information. You must include your full name, email address, and attest to the fact that you are a citizen or resident of Canadian by including your country of citizenship or residence in your request. We may require you to confirm your identity for the request as well as your residency in Canada in order to obtain the information. We will generally respond to your request within 30 days or let you know if we need additional time.

Transfer of Personal Information

As mentioned above in the Policy, your Personal Information may be transferred to and stored in any other province or country worldwide, with different privacy laws that may not be as comprehensive as the applicable Canadian Privacy Legislation. Personal Information may be transferred to another jurisdiction in order to fulfil any of the purposes set out in the Policy above. Where Personal Information is transferred outside of your province or country of residence, the governments, courts, law enforcement, or regulatory agencies of that province or country may be able to obtain access to your Personal Information through their applicable laws.

Where we transfer Personal Information to other countries, we will generally require that the recipient’s privacy and security standards adhere to this Policy and applicable Canadian Privacy Legislation.

If you would like more information about our policies and practices with respect to the transfer of your Personal Information outside of your province or Country of residence or you have questions about the collection, use, disclosure or storage of your Personal Information by service providers outside of your province or Country of residence for or on behalf of us, please refer to the “How to Contact Us” section.

Marketing Communications

By opting into receiving (“CEMs”) (as defined by Canada’s Anti-Spam Legislation (“CASL”)), you confirm that you consent to receiving CEMs from us and our third party partners. You may withdraw your consent at any time by clicking the unsubscribe link in the CEM or emailing us or using a webform as set forth in our “How to Contact Us” section, depending on the applicable brand.

Unresolved Privacy ConcernsIf you are a resident of Canada and have an unresolved privacy or information use concern, you may also contact our Data Protection Officer at [email protected].

For more information about Canadian Privacy Law, please contact the applicable privacy regulator:

Canada (other than Alberta, British Columbia and Quebec): Contact the Information Centre – Office of the Privacy Commissioner of Canada
Alberta: Contact Us – Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca)
British Columbia: Contact Us – Office of the Information and Privacy Commissioner for BC (oipc.bc.ca)
Quebec: Contact Us | Commission d’accès à l’information du Québec (gouv.qc.ca)

Privacy Policy Addendum for Australia

This PRIVACY POLICY ADDENDUM FOR AUSTRALIA supplements the information contained in our Policy and applies solely to visitors, customers, and others who are located in Australia or whose information was collected by us in the course of us carrying on business in Australia (“consumers” or “you”). This section is intended for compliance with the Australian Privacy Act 1998 (Cth).

Information Collected and Processed

Category of Personal Information Collected	Purpose for which we collect, hold, use, disclose and otherwise process Personal Information	Categories of Third Parties Shared With
Real nameContact informationGovernment issued identification numbersPayment informationInformation from Cookies	To fulfill or meet the reason for which the information is provided.To provide you with information, products or services that you request from us or to remove you from our direct or indirect marketing, based on your preferences.To provide you with email or direct mail alerts and other notices concerning our products or services, or events or news, that may be of interest to you.To contact you by telephone, if you have provided a contact number, in order to provide you with information, products, or services that you have requested or may have attempted to access on our website.To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for fraud prevention, billing and collections; as necessary or appropriate to protect the rights of our clients or others. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. We also collect this information for our internal analysis purposes and other internal uses that are reasonably aligned with consumer expectations based on your relationship with us.	Service providers, analytics companies, data brokers, third party advertisers, payment processors, lenders, other merchants, collaborators, government agencies, and law enforcement where necessary.
Real nameContact informationPayment informationRecords of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, Browsing historySearch historyInformation on a consumer’s interaction with a website, application, or advertisement Geolocation information	To fulfill or meet the reason for which the information is provided.To provide you with information, products or services that you request from us or to remove you from our direct or indirect marketing, based on your preferences.To provide you with email or direct mail alerts and other notices concerning our products or services, or events or news, that may be of interest to you.To contact you by telephone, if you have provided a contact number, in order to provide you with information, products, or services that you have requested or may have attempted to access on our website.To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for fraud prevention, billing and collections; as necessary or appropriate to protect the rights of our clients or others.To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. We also collect this information for our internal analysis purposes and other internal uses that are reasonably aligned with consumer expectations based on your relationship with us.	Service providers, analytics companies, data brokers, third party advertisers, payment processors, lenders, other merchants, collaborators, government agencies, and law enforcement where necessary.

What Happens If We Can’t Collect Your Personal Information?

If we are not able to collect your Personal Information, some or all of the following may happen:

we may not be able to provide our products and services to you, either to the same standard or at all;
we may not be able to provide you with information about products and services that you may want, including information about special promotions;
we may be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.

Disclosure of Your Personal Information to Recipients Outside Australia

We may disclose Personal Information to related entities, third party suppliers and service providers located overseas for some of the purposes listed above.

We take reasonable steps to ensure that the overseas recipients of your Personal Information do not breach the privacy obligations relating to your Personal Information.

The overseas entities outside of Australia to whom we may disclose your Personal information are likely to be located in the USA (and other jurisdictions).

Your Rights

You have the following rights:

Access, including confirming whether we are processing Personal Information concerning you.
Correction, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information.
Complaints, including if you believe that we have breached the Australian Privacy Principles in the course of handling your Personal Information.

To submit any of the above requests or complaints, or to designate an authorised agent to make a request to exercise your rights or to make a complaint on your behalf, please contact us as described in the “How to Contact Us” section. You can also update and correct some of your Personal Information through your account.

We will respond within a reasonable time after receipt of the request or complaint.

For your protection, we reserve the right to deny any request from an agent who does not submit proof that they have been authorised to act on your behalf. Because the security and privacy of your information is paramount, we will ask that you identify such persons and directly confirm that such persons are authorised to act as your agent and exercise your applicable rights under law in such situations. This may require us to contact you directly and alert you that an individual has claimed to be your agent and is attempting to access or delete your information.

We will also independently verify your identity to ensure that an unauthorised person is not attempting to impersonate you and exercise your rights without authorization. We will comply with an opt-out request received from a person authorised by you to act on your behalf if we are able to authenticate, with commercially reasonable effort, your identity and the authorised agent’s authority to act on your behalf.

How to Access And Correct Your Personal Information

You may request access to any Personal Information we hold about you at any time by contacting us (using the details in the ‘How to Contact Us’ section below). You also have the right to ask us to confirm whether we hold any Personal Information about you. Before we provide you with access to your Personal Information, we may require some proof of identity. When contacting us to request access to or correction of any Personal Information we hold about you, we ask that you provide us with as much detail as you can about the information in question as this will help us to retrieve it.

Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by posting or emailing a copy to you). We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making an access request and will not charge for making any corrections to your Personal Information.

There may be instances where we cannot grant you access to the Personal Information that we hold about you. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal and set out any mechanisms available to you to complain about our refusal of your request.

If you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request that we correct it. We will then consider if the information requires correction. If we do not agree that there are grounds for correcting your Personal Information, then (if you so request) we will add a note to the Personal Information stating that you disagree with it. We will not charge you for making a request that your Personal Information be corrected, for correcting your Personal Information or adding a note to the Personal Information stating that you disagree with it.

Process For Complaining About A Breach Of Privacy

If you believe that we have breached your privacy, please contact us using the contact information below and provide details of the incident so that we can investigate it. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by applicable privacy laws).

We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome.

If you are dissatisfied with the outcome in respect of your rights or requests, please contact us. We will review your comments and any further information that you provide and advise if we have changed our view. Alternatively, you may take your complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available from the OAIC’s website at www.oaic.gov.au.

Privacy Policy Addendum for New Zealand

This PRIVACY POLICY ADDENDUM FOR NEW ZEALAND supplements the information contained in our Policy and applies where we collect or hold Personal Information about you in the course of carrying on business in New Zealand.

Your rights

Subject to certain grounds for refusal set out in the New Zealand Privacy Act 2020, you have the right to access your readily retrievable Personal Information that we hold and to request a correction to your Personal Information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the Personal Information relates.

With respect to a request for correction, if we think the correction is reasonable and we are reasonably able to change the Personal Information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the Personal Information that you requested the correction.

If you want to exercise either of the above rights, email us at the email address provided under “How to Contact Us“. Your email should provide evidence of who you are and set out the details of your request (e.g. the Personal Information, or the correction, that you are requesting).

CORPORATE AFFILIATES

This policy also applies to the following corporate affiliates:

Auctane LLC
Auctane, Limited
PSI Systems, Inc.
Interapptive, Inc.
ShippingEasy, Inc.