FShipp — Privacy Information (Privacy & Cookies)

Last updated: 18 September 2025

1. Personal identification information

1) Personal-Data Controller

The Service is provided by APH Services LLC, 16192 Coastal Highway, Lewes, Delaware 19958, USA (“FShipp”, “we”, “our”, “us”).

2) What Personal Data We Collect

CategoryExamplesHow we obtain it
IdentifiersName, email, account ID, country/regionYou provide when creating an account, filing a claim, or contacting support
Payment & SubscriptionLast 4 digits & expiry, billing address, payment token, plan, 7-day trial start/end, charges, credits/refundsVia our payment processors — we never store full card numbers
Claims DocumentationOrder confirmations, receipts/invoices, retailer details, delivery charges, purchase date, uploaded screenshots/PDFsYou upload via the claim portal or by email/chat
Device / UsageIP, time-zone, language, browser/OS, referral URL, pages visited, event & error logs, crash reportsAutomatically via cookies, SDKs and server logs
Marketing & PreferencesNewsletter/SMS opt-in, ad-campaign source/medium, in-app eventsYour choices; analytics & marketing partners
Support/FeedbackEmails, chat transcripts, satisfaction signalsYou provide during interactions with our team

We do not knowingly collect: children’s data (<18), biometric templates, or full credit-card numbers.

3) Why We Process Your Data

PurposeTypical processing activitiesMain data used
Provide & operate the ServiceAccount creation/login; claims workflow; apply Subscription Credits and refunds; troubleshootIdentifiers, Claims, Device/Usage
Billing & subscriptionsStart 7-day free trial; bill introductory month; renewals; credits/refunds; chargebacksIdentifiers, Payment
Customer supportRespond to email/chat; investigate issues; service noticesIdentifiers, Support, Claims
Improve & secureAnalytics, A/B tests, crash reports, fraud detectionDevice/Usage, Marketing
MarketingProduct updates/offers; (with consent) personalised ads/retargetingHashed identifiers, Device/Usage, Marketing
Legal & complianceTax/accounting records; lawful requests; enforce TermsAll as relevant

4) Legal Bases (EEA / UK)

  • Contract (GDPR Art. 6(1)(b)) — run your account, process claims/credits/refunds, billing, support.
  • Legitimate interests (Art. 6(1)(f)) — analytics, security/anti-fraud, direct marketing of similar services.
  • Consent (Art. 6(1)(a)) — non-essential cookies, personalised ads, newsletters/SMS.
  • Legal obligation (Art. 6(1)(c)) — tax/accounting retention, lawful requests.
You may withdraw consent or object to legitimate-interest processing at any time (see §7).

5) Cookies & Similar Technologies (Cookie Policy inside)

We use first-party and third-party cookies, pixels, local storage and SDKs to:

  • keep you logged in and remember preferences,
  • measure traffic, performance and conversions,
  • personalise advertising (only with consent).

Categories & legal bases (EEA/UK):

  • Strictly necessary — login, security, checkout, cookie banner (Contract / Legitimate interest).
  • Analytics / Performance — e.g., Google Analytics 4, Hotjar (Consent).
  • Functional — language, claim-form progress, chat status (Consent).
  • Marketing / Ads — e.g., Google Ads, Meta Pixel, Microsoft Advertising (Consent; Legitimate interest for comparable product marketing where permitted).

Illustrative cookie table (examples):

NameProviderTypePurposeExpiry
__Secure-sessionfshipp.comFirst-party, necessaryMaintains account session30 min idle / 7 days max
fshipp_cookie_consentfshipp.comFirst-party, necessaryStores your cookie choices6 months
_gaGoogleThird-party, analyticsDistinguishes users for site analytics13 months
hjSessionUser#######HotjarThird-party, analyticsHeatmap/session analysis12 months
_fbpMetaThird-party, marketingRetargeting on FB/IG3 months
_uetvidMicrosoft AdsThird-party, marketingRemarketing audience13 months
stripe_sidStripeThird-party, necessarySecure payments & fraud preventionSession

Managing your choices:

Open Cookie Preferences (footer) to grant/withdraw consent by category and view the live vendor list. You can also use browser settings to delete/block cookies. GA opt-out: https://tools.google.com/dlpage/gaoptout.

Do-Not-Track: no industry standard yet; please use Cookie Preferences.

6) Who Else Receives Your Data

Partner type Examples Why
Payments Stripe, Adyen Card tokenisation, charges, credits/refunds, anti-fraud
Cloud/hosting AWS, Google Cloud Infrastructure & backups
Analytics/product Google Analytics/Tag Manager, Amplitude, Hotjar Product analytics & UX
Comms HubSpot/Helpdesk, Customer.io (email), Twilio (SMS), chat widget Support & service messages
Marketing/ads Google Ads, Meta, Microsoft Advertising Ads/retargeting (with consent)
Advisors/authorities External counsel, auditors; courts/tax authorities Compliance and lawful requests
We do not sell your personal data for money. Some ad-tech “sharing” may be deemed a “sale”/“sharing” in certain U.S. states — see §10 for opt-out.

7) Your Privacy Rights & How to Exercise Them

EEA/UK Certain U.S. states How to exercise
Access; Rectify; Erase; Restrict; Portability; Object; Withdraw consent; lodge a complaint with a DPA Access/Know; Correct; Delete; Portability; Opt-out of Sale/Sharing/Targeted Ads; Limit Sensitive PI; Appeal Email privacy@fshipp.com (or help@fshipp.com). We verify identity before acting.
We aim to respond within 30 days (or 45 days where allowed).

8) Age Limitation

The Service is intended for adults 18+. If you believe a minor provided data, contact us for deletion.

9) International Data Transfers

As a U.S. company, we may process/store data in the United States or other countries where our processors operate. For transfers from the UK/EEA to countries without an adequacy decision, we use Standard Contractual Clauses (plus the UK Addendum) and additional safeguards as required.

10) U.S. State Privacy Notice (California + others)

Residents of California, Colorado, Connecticut, Utah, Virginia, and similar jurisdictions have additional rights, including to:
  • Opt out of “sale”/“sharing” for targeted ads (use the “Do Not Sell / Share” link in the footer),
  • request category disclosures for the last 12 months, and
  • appeal a denial of a privacy request. A dedicated U.S. States Privacy Notice is available on request.

11) Data Security

  • TLS 1.2+ in transit; encryption at rest for sensitive artefacts (e.g., claims uploads).
  • Access to production systems restricted to authorised staff with MFA.
  • Regular reviews, logging/monitoring, and an incident-response plan.

12) Data Retention

We keep personal data only as long as necessary for §3 purposes or to meet legal/accounting duties:

  • Account & billing records: 6 years (UK tax rules)
  • Claims documentation: 7 years after case closure
  • Marketing opt-out lists: kept to honour your request
  • Analytics raw logs: 13 months, then aggregated or deleted

On expiry, data is deleted or anonymised.

13) Changes to this Policy

We may update this Policy. Material changes will be announced by:

  • updating the “Last updated” date above, and
  • emailing active members or showing an in-app notice.

Your continued use after changes take effect means you accept them.

14) Contact Us

FShipp — APH Services LLC

16192 Coastal Highway, Lewes, DE 19958, USA

privacy@fshipp.com · help@fshipp.com

📞 +44 330 822 0973 (Mon–Fri 9am–6pm UK time)

Footer links to include: Privacy & Cookies (this page) • Terms of Service • Cancel subscription • Cookie Preferences • Do Not Sell / Share (for U.S. visitors)