Privacy Policy

Last updated: April 21, 2026 · Effective: April 21, 2026

ShipKaro is committed to protecting your privacy in compliance with the Information Technology Act, 2000, IT (Amendment) Act, 2008, and applicable data protection regulations.

1. Information We Collect

  • Account Information: Name, email address, phone number, business name, GSTIN, PAN, Aadhaar (for KYC verification).
  • Shipment Data: Sender and receiver names, addresses, phone numbers, product descriptions, and delivery instructions.
  • Payment Information: Bank account details, UPI IDs, transaction history. We do NOT store full card numbers — payments are processed by Razorpay (PCI-DSS compliant).
  • Device & Usage Data: IP address, browser type, device fingerprint, access logs, and usage patterns for fraud prevention.
  • Location Data: GPS coordinates of riders during active deliveries, and pickup/delivery location verification.

2. How We Use Your Information

  • Service Delivery: Processing shipments, assigning riders, generating labels, and tracking deliveries.
  • Payments & Settlements: Processing COD collections, wallet recharges, and seller settlements.
  • Fraud Prevention: Analyzing patterns to detect and prevent fraudulent orders and payments.
  • Communications: Sending order confirmations, tracking updates, OTPs, and service notifications via SMS, WhatsApp, and email.
  • Legal Compliance: Maintaining records as required by Indian tax laws, GST regulations, and court orders.
  • Service Improvement: Analyzing usage patterns to improve platform performance and features.

3. Data Sharing

  • Courier Partners: Delhivery, BlueDart, DTDC receive shipment details necessary for delivery.
  • Payment Processors: Razorpay receives payment information for transaction processing.
  • SMS/WhatsApp Providers: MSG91, Twilio receive phone numbers for notification delivery.
  • No Sale of Data: We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.
  • Legal Requirements: We may disclose information when required by law, court order, or government authority.

4. Data Security

  • All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Passwords are hashed using bcrypt with a minimum of 12 salt rounds.
  • JWT tokens expire after 7 days; refresh tokens after 30 days.
  • Two-factor authentication (2FA) is available for admin accounts.
  • Regular security audits and penetration testing are conducted.
  • Access to production data is restricted to authorized personnel only.

5. Data Retention

  • Account Data: Retained for the duration of your account plus 7 years (as required by Indian tax laws).
  • Shipment Records: Retained for 7 years for GST and audit compliance.
  • Payment Records: Retained for 8 years as required by RBI guidelines.
  • Activity Logs: Retained for 2 years for security and fraud investigation.
  • OTP Codes: Deleted immediately after use or expiry (10 minutes).

6. Your Rights

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
  • Portability: Request your data in a machine-readable format.
  • Opt-out: Unsubscribe from marketing communications at any time.
  • To exercise these rights, email: privacy@shipkaro.com

7. Cookies

  • We use essential cookies for authentication and session management.
  • Analytics cookies (if enabled) help us understand platform usage.
  • You can disable non-essential cookies in your browser settings.
  • We do not use third-party advertising cookies.

8. Children's Privacy

  • ShipKaro is not intended for users under 18 years of age.
  • We do not knowingly collect personal information from minors.
  • If you believe a minor has provided us with personal information, contact privacy@shipkaro.com.

9. Changes to This Policy

  • We may update this Privacy Policy periodically.
  • Material changes will be notified via email and in-app notification at least 30 days before taking effect.
  • Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact Us

  • Data Protection Officer: dpo@shipkaro.com
  • Privacy Inquiries: privacy@shipkaro.com
  • Registered Address: ShipKaro Technologies Pvt. Ltd., Hyderabad, Telangana - 500038, India
  • Grievance Officer: As required under IT Act Rule 5(9) — grievance@shipkaro.com | Response within 30 days

© 2026 ShipKaro Technologies Pvt. Ltd. All rights reserved.

CIN: U74999TG2026PTC000000 · GSTIN: 36AAAXX0000X1Z0