[Legal / Privacy]

Privacy Policy

What we collect, why we collect it, and what control you have over it. Plain English first; the legal hooks are in the section bodies.

Last updated · 2026-05-09

1. Information we collect

Account information. Name, email, password (hashed), business name and country (vendors), 2FA secrets (if enabled), and the role assigned to your user.

Identity / KYC documents. For vendors we collect government-issued ID, proof of business registration and the social-handle declarations required by our compliance partner. These are processed by our third-party verification provider; we store only the verification outcome and a reference token.

Shipping & order data. Recipient names, addresses, phone numbers, email addresses, line items, declared values, tracking numbers, and inspection notes.

Personal Shopper request data. Buyer email, optional name, shipping address, product URLs, message thread contents, attachments (R2-hosted), and the payment-intent identifiers Stripe returns to us. We never see or store full card numbers.

Wallet & financial data. Vendor wallet balance and append-only ledger of debits and credits. Bank account details for payouts (when applicable) are tokenised by our payments processor; we hold the token, not the underlying number.

Operational telemetry. IP address, user agent, page paths, and correlation ids on every request — used to debug issues, detect abuse, and meet our audit obligations. We strip personally-identifying fields before sending error reports to our monitoring providers.

2. How we use it

We use this information to provide the service: receive and ship inventory, procure shopper requests, settle payments, communicate with you about your account, and satisfy legal obligations (tax reporting, anti-money-laundering checks, court orders).

We do not sell personal information. We do not run advertising on this site and we don't use your data to train AI models for resale.

3. Who we share it with

We share data with service providers strictly as needed to operate the platform. Current providers include:

  • Stripe — payment processing, refunds, payouts.
  • EasyPost — carrier label purchase, tracking, delivery webhooks.
  • Smarty — U.S. address verification at order entry.
  • Cloudflare R2 — storage of attachments and shipping label PDFs.
  • Resend — transactional email delivery.
  • Sentry — error reporting (PII-scrubbed).
  • Railway / Vercel — application hosting.

We share with carriers (USPS, UPS, FedEx, DHL, etc.) the minimum data required to deliver a shipment — typically the recipient address, declared value, and weight.

We disclose information when required by law, when responding to a valid legal process, or when we reasonably believe disclosure is necessary to protect our rights, our users, or the public.

4. International transfers

Our infrastructure is hosted in the United States. If you're outside the U.S., using the platform involves your data being transferred to and processed in the U.S. We rely on Standard Contractual Clauses (SCCs) where applicable for transfers from jurisdictions that require them.

5. Retention

We retain account and transaction data for as long as your account is active and for up to 7 years afterwards to satisfy financial-record retention obligations. Audit log entries are retained for 7 years from the date of the entry. Shopper attachments are retained for 1 year after the request resolves; you can request earlier deletion via support.

6. Your rights

Depending on your jurisdiction you may have rights to access, correct, port, restrict, or delete your personal information; to object to certain processing; and to withdraw consent where we relied on it. Email privacy@myusaerrands.com and we'll respond within 30 days.

We honour Do Not Track signals at the browser level by not enabling third-party analytics that depend on cross-site tracking.

7. Security

We use industry-standard practices to protect your data: TLS in transit, encryption at rest for sensitive fields, principle-of-least-privilege access controls, audit logging of every administrative action, and regular security review. We require 2FA for all staff with access to production systems.

No system is perfectly secure. If we discover a breach affecting your data we'll notify you and the relevant authorities within the timelines required by applicable law.

8. Cookies

We use essential session cookies to keep you signed in and to remember your portal preferences (e.g. last-viewed page, sidebar state). We do not use third-party advertising cookies. You can clear cookies through your browser at any time, but doing so will sign you out.

9. Children

The platform isn't directed at children under 16, and we don't knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact privacy@myusaerrands.com and we'll delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted here with an updated "Last updated" date and (for material changes) communicated via email.

11. Contact

Questions about this Policy or about how we handle your data? Email privacy@myusaerrands.com. For terms-of-service questions see our Terms of Service.