Security Incident Response Policy
Last updated: December 2024
1. About This Policy
ParcelRush is a shipping label generation platform. We temporarily process order data to create labels, then delete it once the shipment is complete. We do not retain customer personal data long-term.
This policy describes how we handle security incidents, in compliance with the GDPR and the requirements of marketplace partner programs.
2. What Constitutes a Security Incident
For ParcelRush, a security incident includes:
- Unauthorized access to our systems or merchant accounts.
- Accidental exposure of order or shipping data.
- Loss or theft of login credentials.
- Malware or suspicious activity on our infrastructure.
- Breaches of carrier API connections.
3. Our Incident Response
When a security incident is detected or reported, we follow this process:
- Containment: We immediately isolate the affected system or revoke compromised access.
- Assessment: We determine which data (if any) was affected and the scope of the incident.
- Remediation: We address the root cause and restore secure operations.
- Notification: We inform relevant parties as required (see below).
- Post-incident review: We document the incident and improve our processes.
4. Notification Timelines
In the event of a personal data breach:
- Supervisory authority (CNIL / relevant DPA): within 72 hours, in accordance with the GDPR.
- Shopify: within 72 hours if merchant data is affected.
- Affected merchants: without undue delay if their data is at risk.
5. Data We Process
ParcelRush temporarily processes:
- Recipient names and delivery addresses.
- Order details (products, weight, dimensions).
- Merchant account information.
Order data is deleted as soon as the shipment is complete. We do not retain customer personal information beyond what is necessary to generate shipping labels.
6. Reporting a Security Issue
If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately at [email protected].
We take all security reports seriously and will respond promptly to investigate and resolve any concern.