Security Incident Response Policy

1. About This Policy

ParcelRush is a shipping label generation platform. We process order data temporarily to create shipping labels, then delete it once the shipment is completed. We do not store personal customer data long-term. This policy outlines how we handle security incidents, in compliance with GDPR and Shopify Partner requirements.

2. What Is a Security Incident?

For ParcelRush, a security incident includes:

• Unauthorized access to our systems or merchant accounts

• Accidental exposure of order or shipping data

• Loss or theft of credentials

• Malware or suspicious activity on our infrastructure

• Any breach of carrier API connections

3. How We Respond

When a security incident is detected or reported:

• Contain: We immediately isolate the affected system or revoke compromised access

• Assess: We determine what data (if any) was affected and the scope of the incident

• Fix: We address the root cause and restore secure operations

• Notify: We inform affected parties as required (see below)

• Learn: We document what happened and improve our processes

4. Notification Timeline

In case of a data breach affecting personal data:

• Supervisory authority (CNIL): Within 72 hours, as required by GDPR

• Shopify: Within 72 hours if merchant data is affected

• Affected merchants: Without undue delay if their data is at risk

5. Data We Process

ParcelRush temporarily processes:

• Recipient names and shipping addresses

• Order details (products, weight, dimensions)

• Merchant account information

Note: Order data is deleted once the shipment is completed. We do not retain personal customer information beyond what is necessary for label generation.

6. Report a Security Concern

If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately at [email protected].

We take all security reports seriously and will respond promptly to investigate and address any concerns.