Skip to content
CanShip

Privacy policy

Effective date: May 4, 2026
Last updated: May 4, 2026

1. Overview

CanShip ("CanShip," "we," "us," "our") is a warehouse management system operated by My Passion Media Inc., a British Columbia corporation. We take privacy seriously and this policy explains, in plain language, what personal information we collect, why we collect it, how we use it, and your rights under Canadian privacy law and applicable foreign privacy laws.

This policy applies to the CanShip web application at canship.co and app.canship.co, our marketing site, transactional emails, the CanShip Shopify app, and any other CanShip service that links to this policy.

If you're a shopper of one of our customers (for example, you ordered something from a Shopify store that uses CanShip for fulfillment), your primary relationship is with that merchant. This policy still describes how we handle the data we process on their behalf.

2. Who We Are

Legal entity: My Passion Media Inc.
Registered office: 102-3A Burbidge St., Coquitlam, BC, Canada, V3K 7B2
Privacy contact: privacy@canship.co
Mailing address: 102-3A Burbidge St., Coquitlam, BC, Canada, V3K 7B2

We are the controller of data about our customers (the businesses who subscribe to CanShip). We are the processor of data about our customers' customers (shoppers and end recipients) on behalf of those customers.

3. What Information We Collect

3.1 Information you give us directly

When you sign up, log in, or use CanShip:

  • Name, business name, business address.
  • Email address, phone number.
  • Billing contact information and billing address.
  • Payment method details (processed by our payment provider, see Section 7).
  • Warehouse addresses and operational details.
  • Account credentials (usernames, hashed passwords, API tokens).
  • Any content you submit through support tickets, forms, or chat.

3.2 Information we collect automatically

When you use CanShip:

  • IP address, approximate location derived from IP.
  • Device, browser, and operating system information.
  • Log data: pages viewed, actions taken, timestamps, referring URLs.
  • Session identifiers and authentication tokens.
  • Performance and error telemetry.

3.3 Information we process on behalf of our customers

When our customers operate their warehouse using CanShip, the following shopper and end-recipient data flows through our system:

  • Recipient name, shipping address, phone, email.
  • Order details, SKUs, quantities, order value.
  • Tracking numbers and carrier interactions.
  • Shopper notes, gift messages, and any other order metadata supplied by the sales channel.

Our customers are the controllers of this data. We process it under their instructions, for the sole purpose of providing the CanShip service.

3.4 Information from integrated services

When a customer connects a sales channel (Shopify, Amazon, Extensiv) or a carrier (Canada Post, UPS Canada, FedEx Canada, FleetOptics, Purolator, UniUni, Wizmo, Canpar), we receive data from those services as required to import orders, generate labels, and write back tracking information.

4. Why We Collect It

We collect and use personal information to:

  • Provide the CanShip service: receiving, picking, packing, shipping, invoicing.
  • Authenticate users and secure accounts.
  • Bill customers and collect payment.
  • Communicate with customers about their accounts, service updates, and support requests.
  • Improve CanShip: product analytics, troubleshooting, performance optimization.
  • Comply with Canadian tax, accounting, and legal obligations (including GST/HST/PST/QST reporting and CRA record-keeping requirements).
  • Detect and prevent fraud, abuse, or security incidents.

We do not sell personal information. We do not use personal information for advertising to shoppers. We do not use personal information for any purpose beyond the operational, contractual, legal, and security purposes listed above.

5. Legal Basis (PIPEDA and Other Applicable Laws)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), we rely on the following bases to process personal information:

  • Consent: You or our customer has agreed to our processing (for example, by signing up).
  • Contractual necessity: Processing is required to deliver the service you or your employer signed up for.
  • Legal obligation: We must retain certain records for tax, accounting, or other Canadian legal requirements.
  • Legitimate interests: For example, to secure our service, prevent fraud, and improve the product, where those interests do not override your privacy rights.

Quebec residents: processing also complies with Quebec Law 25 where applicable. For merchants and end-customers in the European Economic Area or United Kingdom, our processing complies with the General Data Protection Regulation (GDPR) and UK GDPR. For merchants and end-customers in California, Colorado, Virginia, Connecticut, Utah, and other US states with consumer privacy laws, we comply with the applicable state law.

6. Where Your Data Lives

All customer data is stored in Canada.

CanShip's production infrastructure runs on Amazon Web Services in the ca-central-1 region (Montreal). This includes:

  • The application database (Aurora PostgreSQL).
  • File and document storage.
  • Backups.
  • Log and telemetry data.

We do not replicate Canadian customer data to US or other foreign regions as part of normal operations.

Limited exceptions, clearly disclosed:

  • Outbound email is delivered through Amazon Web Services Simple Email Service (AWS SES). Email metadata may transit AWS infrastructure outside ca-central-1 in the normal course of delivery.
  • Payment processing is handled by Stripe. Payment card data is tokenized by Stripe and never touches CanShip servers in raw form. Stripe's data location is governed by its own policy.
  • For US-bound shipments via Canada Post, duty prepayment is handled by Zonos. Customs declarations and recipient data are transmitted to Zonos solely for the purpose of duty calculation and payment.
  • When a customer integrates a third-party service (Shopify, Amazon, Extensiv, carrier APIs), data flows to and from those services under their respective terms and privacy policies.

7. Third Parties We Share Data With

We share personal information only with the parties needed to run the service:

  • Infrastructure providers: Amazon Web Services (ca-central-1 region for primary hosting; AWS SES for transactional email).
  • Payment processors: Stripe.
  • Carrier APIs: Canada Post, UPS Canada, FedEx Canada, FleetOptics, Purolator, UniUni, Wizmo, Canpar, for rate shopping, label generation, manifesting, and tracking.
  • Cross-border duty: Zonos, for US import duty prepayment on Canada Post shipments to the US.
  • Sales channels: Shopify, Amazon, Extensiv, when the customer authorizes the integration.
  • Professional advisors: Our accountants and lawyers, under confidentiality obligations.
  • Government or legal authorities: When we are legally required to disclose (valid court order, statutory requirement).

We do not sell, rent, or trade personal information. We do not share personal information for cross-context behavioural advertising or third-party marketing purposes.

8. How Long We Keep It

  • Active customer data: for as long as the customer has an active CanShip subscription.
  • Financial records (invoices, tax documents): at least six years, as required by the Canada Revenue Agency.
  • Shipment and fulfillment records: at least two years from shipment, then archived or deleted on customer instruction.
  • Support tickets: three years after the ticket is closed.
  • Marketing list data: until the subscriber unsubscribes, plus 30 days in the audit log.
  • Webhook event payloads (including Shopify webhook payloads): 90 days, then automatically purged.

When a customer cancels, we retain records as outlined above and then permanently delete remaining personal data. Backups are purged on a rolling basis within 7 days (Aurora point-in-time recovery window).

9. Your Rights

Under PIPEDA, applicable provincial privacy laws, GDPR, UK GDPR, and US state privacy laws, you have the right to:

  • Access: Ask what personal information we hold about you.
  • Correction: Ask us to correct inaccurate information.
  • Deletion or erasure: Ask us to delete or anonymize your personal information, subject to legal retention obligations.
  • Portability: Receive a structured, machine-readable export of your data.
  • Withdrawal of consent: Withdraw consent for processing, subject to contractual or legal constraints.
  • Opt-out of sale or share: We do not sell or share personal information for cross-context behavioural advertising; this right is satisfied by default.
  • Object to or restrict processing: Where applicable under GDPR / UK GDPR.
  • Complaint: File a complaint with our Privacy Officer or with the Office of the Privacy Commissioner of Canada (or the comparable regulator in your jurisdiction).

Quebec residents additionally have rights under Law 25 including data portability and the right to de-indexing in specific circumstances.

To exercise any right, email privacy@canship.co. We respond within 30 days. If we need longer, we'll tell you why and give an updated timeline.

Shoppers and end recipients: if you're trying to exercise a privacy right about an order you placed with one of our customers, please contact that merchant directly. They are the controller of your data. We'll support their response where needed. For Shopify-store customers, the merchant can also trigger an automated data request or redaction directly from their Shopify Admin's Customer privacy controls.

10. Security

We implement the following security measures to protect personal data, including measures required under Shopify's Protected Customer Data Level 1 and Level 2 requirements:

Data protection in motion and at rest:

  • All data is encrypted in transit (TLS 1.2+).
  • All data is encrypted at rest in our primary database (AES-256, AWS RDS-managed keys).
  • Sales-channel and carrier credentials are encrypted with AWS Key Management Service (KMS) envelope encryption with a separate sidecar metadata column.
  • Database backups (Aurora point-in-time recovery) are encrypted with the same standards as production data.

Environment separation:

  • Test, sandbox, and production environments are strictly isolated. Sandbox tenants run on the same infrastructure but are flagged at the database row level, with UI banners and tenancy enforcement.
  • Production personal data does not flow into development or sandbox environments. Sandbox seed data is synthetic.

Access controls:

  • Authentication is JWT-based via AWS Cognito with refresh tokens stored in HttpOnly cookies (not accessible to client-side JavaScript).
  • Role-based access controls govern access inside the application and across our infrastructure.
  • Staff access to protected customer data is limited to personnel whose roles require it. Access requires named-user authentication with strong password requirements (minimum length, complexity, MFA where supported).
  • AWS WAF and CloudFront protect public endpoints with managed rule sets and per-route rate limiting.

Audit trail:

  • Every access and mutation of protected customer data is logged with actor identifier, timestamp, source type, and source identifier. The audit log is implemented at the database layer via PostgreSQL triggers and is retained for security and compliance purposes.
  • A static-analysis gate in our continuous-integration pipeline blocks any backend code change that ships a query against protected data without the tenant predicate.

Data loss prevention:

  • Pre-deploy security pipeline includes secret scanning (TruffleHog), dependency vulnerability scanning (npm audit), and static-analysis security testing (Semgrep), with a manual production approval gate.
  • Webhook payloads carrying personal data are purged on a 90-day retention window.
  • Outbound data egress is monitored.

Incident response:

  • We maintain a documented security incident response policy with severity classifications, escalation paths, and notification timelines.
  • If we become aware of a breach affecting your personal information, we will notify affected individuals and the Office of the Privacy Commissioner of Canada where required under PIPEDA's breach notification rules, as quickly as reasonably possible. For Shopify merchants, breach notification follows Shopify's API Terms of Service and Partner Program Agreement.
  • Annual review of access controls and security posture.

No system is perfectly secure. We continuously improve our controls and welcome responsible disclosure to security@canship.co.

11. Shopify-Specific Protected Customer Data

When a CanShip customer installs our Shopify app to integrate their Shopify store, we handle data tied to that store under Shopify's Protected Customer Data requirements. CanShip is approved for Shopify Protected Customer Data Level 2 access, which covers customer data including name, address, phone, and email fields. We comply with the full Shopify Protected Customer Data Level 1 and Level 2 requirements.

11.1 Minimum data principle

We request and process only the minimum personal data required to deliver fulfillment functionality. We do not request data fields beyond those needed for order import, label generation, fulfillment writeback, and inventory synchronization. Our requested data scopes are listed publicly on our Shopify App Store listing and in the OAuth consent screen during app installation.

11.2 What Shopify data we ingest

When a Shopify store is connected, we receive:

  • Order records routed to CanShip: customer name, shipping address, phone (where provided), email, line items, item-level metadata, and tracking information once we ship.
  • Product and variant records, for inventory synchronization with the merchant's CanShip catalog.
  • Channel configuration and webhook subscriptions.

We do not ingest payment card details, customer billing addresses, account passwords, or login session data. We do not ingest orders that the merchant has not routed to CanShip for fulfillment. We do not use protected customer data for marketing, advertising, automated decision-making, profiling, or any purpose beyond fulfillment of the merchant's orders.

11.3 No data sale, no cross-context behavioural advertising

CanShip does not sell, rent, or trade protected customer data. CanShip does not use protected customer data for cross-context behavioural advertising, audience-segment generation, or any "data sale" or "data sharing" concept under applicable laws (including the California Consumer Privacy Act / CPRA, Colorado Privacy Act, Virginia Consumer Data Protection Act, and similar US state privacy laws).

11.4 Mandatory compliance webhooks

CanShip implements Shopify's three mandatory GDPR webhooks. We respond to each within 30 days of receipt:

  • customers/data_request: When a merchant or end-customer requests an export of personal data, CanShip assembles a structured export of orders, line items, shipments, and shipping labels tied to that customer (matched by explicit customer ID or by ship-to email). The export is delivered through the audit log accessible to the merchant on request to support@canship.co.
  • customers/redact: When a merchant or end-customer requests deletion of personal data, CanShip anonymizes the ship-to fields (first name, last name, name, phone, email, address line 1, address line 2, full address) on every order tied to that customer. Non-PII fields (city, state, postal code, country, residential flag) are retained for aggregate analytics. Line items, costs, and audit trails are retained to meet Canadian financial-record retention obligations.
  • shop/redact: Fired 48 hours after a merchant uninstalls our app. CanShip anonymizes ship-to PII on all orders tied to that specific Shopify channel. We also purge webhook event payloads tied to the uninstalled shop. The redaction scope is the specific Shopify channel; data from other connected channels (Amazon, manual orders, other Shopify stores under the same CanShip account) is not affected.

11.5 Re-install behaviour

If a merchant reinstalls our app within the 48-hour shop/redact window, CanShip detects the reactivation and skips the redaction, preserving operational continuity.

11.6 Direct merchant and end-customer requests

Merchants and end-customers can request data export or deletion directly by emailing privacy@canship.co or support@canship.co, in addition to the in-Shopify request flow.

11.7 Data Processing Agreement (DPA)

A Data Processing Agreement covering the merchant-controller / CanShip-processor relationship is available on request to legal@canship.co. The DPA addresses processing purpose, sub-processor list, retention, security measures, and the parties' respective obligations under PIPEDA, GDPR (where applicable), UK GDPR, and US state privacy laws.

11.8 Cross-border data transfers

For merchants in the European Economic Area, United Kingdom, or other jurisdictions with cross-border transfer restrictions, personal data is processed in our primary Canadian data centre (AWS ca-central-1). Canada is recognized by the European Commission as providing adequate data protection (adequacy decision under GDPR Article 45 for commercial organizations subject to PIPEDA). Where additional safeguards are required, we enter into Standard Contractual Clauses as part of our DPA.

12. Automated Decision-Making

CanShip does not make automated decisions with legal or significant effects about customers or end-recipients. Our processing is operational (receive, pick, pack, ship, reconcile) and does not include profiling, scoring, or algorithmic ranking that materially affects any individual's rights, services, or obligations.

If we introduce a feature in the future that involves automated decision-making with legal or significant effects, we will (a) update this policy, (b) notify affected merchants by email, and (c) provide an opt-out mechanism.

13. Cookies and Tracking

The CanShip application uses cookies and similar technologies for:

  • Authentication (session cookies, required for the product to work).
  • Preference storage (UI settings).
  • Basic first-party analytics to understand how customers use the product.

We do not use third-party advertising cookies on the application. The marketing site at canship.co may use a limited set of analytics tools for understanding visitor flow. We do not place tracking cookies that survive the session except for authentication and preference storage.

14. Children

CanShip is a business-to-business product and is not directed at anyone under the age of majority in their province or territory, and is not directed at children under 13 in any jurisdiction. We do not knowingly collect personal information from children. If you believe we have, email privacy@canship.co and we'll delete it.

15. Changes to This Policy

We may update this policy as the product evolves or as the law requires. When we make material changes, we will notify customers by email and update the "Last updated" date above. For non-material edits (typos, clarifications), we update the date only.

Previous versions are available on request at privacy@canship.co.

16. Contact

Privacy Officer
My Passion Media Inc.
privacy@canship.co
102-3A Burbidge St., Coquitlam, BC, Canada, V3K 7B2

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada:

  • priv.gc.ca
  • 1-800-282-1376