Security illustration

Security & privacy

Understanding your users is important, but it needs to happen in a safe and respectful way. That's why we take security & privacy very seriously.

  • Secure by design

    Shipright is based on a single-tenant architecture. Your customer data and feedback docs are stored in their own database, separate from other teams. Encrypted backups are being made regularly.

  • GDPR-ready

    As an EU-based company, we follow GDPR guidelines strictly. Your data is treated with care and is only used for your team, to give you the tools to understand your users better.

  • Privacy is key

    Feedback documents and information about your end users never leave the Shipright system. You are in control of this data, and we don't transfer it to third parties or use it disrespectfully.

  • Keeping pirates out

    We want to make sure bad people and robots don't get access. That's why we use security principles such as CSRF, CORS, TLS and HSTS to protect you while using Shipright.


    Our payment providers Chargebee & Stripe are audited by external parties and certified to the highest industry standards, being PCI DSS Level 1 Service Providers. We never store payment details ourselves.

Frequently asked questions

  • Where do you store my data?

    Your information is stored on servers at Google Cloud and Amazon Web Services. These are ISO-certified providers with very high-standard security practices. We host data, including encrypted backups, solely within EU availability zones.

  • Is data encrypted in transit over networks?

    Yes. Connections to the platform are carried out over a TLS 1.2 encrypted HTTPS connection. Servers within our platform communicate through a private network which is not publicly accessible.

  • Who has access to my customer data?

    Access to your workspace is restricted to Shipright founders only. Our policy is to use customer data to support you, when requested, or to solve problems.

  • Can I get all my data removed?

    To remove your team's workspace, your personal data and email subscriptions, send us a message. Note that this means you can't reactivate your account at a later point in time.

  • Are you tracking me?

    Yes. We track in-app usage to see which features are used, and how frequent, so that we can improve our tooling for you. We never transfer your customer data outside the Shipright platform. It is also not accessible by analytical tooling.

  • Can I host Shipright on-premise?

    Shipright is software-as-a-service. We can only ensure a pleasant and safe experience when managed through our online platform. On-premise solutions are only negotiable based on an enterprise plan, for which you can get in touch with us.

  • Do you have a point of contact for security?

    For further questions or concerns around security & privacy you can reach out to our Data Protection Officer Lennart Nederstigt at

  • Other questions?

    Check out the Help Center for more information about privacy, security, and GDPR compliance. You can also shoot us an email, we're always happy to help out.

Sign up for a 14-day trial