Privacy Policy

Last updated: February 17, 2026

Scope

This policy explains how Shipr collects, uses, and protects personal data when you use our website, authentication flows, dashboard, file uploads, analytics-enabled UI, and API routes.

Current production stack covered by this policy: Next.js 16, Clerk, Convex, PostHog, Sentry, Vercel Analytics, Vercel Speed Insights, and Resend.

Data We Collect

Depending on the feature you use, we process the following data:

  • Account and identity data: user ID, name, email, and session metadata via Clerk.
  • Application data: records you create in the app and related metadata stored in Convex.
  • Uploaded files: file content, file name, MIME type, and size for file upload features backed by Convex storage.
  • Product analytics: events and page-level interactions collected through PostHog.
  • Performance telemetry: web vitals and performance metrics from Vercel Analytics and Vercel Speed Insights.
  • Error and diagnostic data: crash/error context and stack traces through Sentry.
  • Email delivery metadata: recipient, template, and send status for transactional email sent through Resend.

How We Collect Data

We collect data from:

  • Information you provide directly in forms and app inputs
  • Authentication and session flows handled by Clerk
  • Client-side telemetry scripts and SDKs configured in the app
  • Server-side logs and monitoring pipelines

Why We Use Your Information

  • Authenticate users and secure private dashboard routes
  • Store and serve app data and uploaded files
  • Operate transactional emails and account notifications
  • Measure feature usage and improve product UX
  • Detect, investigate, and resolve errors and abuse

Processors We Use

  • Clerk: Authentication, account sessions, and billing surfaces.
  • Convex: Database, backend functions, and file storage.
  • Vercel: Hosting, deployment, analytics, and speed insights.
  • PostHog: Product analytics and event tracking.
  • Sentry: Error monitoring and diagnostics.
  • Resend: Transactional email delivery.

These providers process data under their own terms and privacy policies.

Security Controls

Shipr applies technical controls such as route protection with Clerk, CSP and transport/security headers in middleware, payload validation on API routes, and endpoint-specific rate limits (for example, the email API route is limited per IP).

No system is completely risk-free, but we continuously improve safeguards and monitoring coverage.

Data Retention and Deletion

We retain data for as long as needed to operate the service, maintain security/audit history, and comply with legal obligations. You can request account or data deletion by contacting us.

Your Privacy Choices

  • Access and update account data through your account settings
  • Request export or deletion of your personal data
  • Control analytics and cookie behavior in browser settings

Contact

For privacy requests or questions, contact hi@egeuysal.com.

Policy Updates

We update this policy when product architecture, processors, or legal obligations change. Material changes are published on this page with a new "Last updated" date.