At Shipturtle, data security, privacy, and compliance are foundational to how our marketplace platform is built and operated. We follow industry-leading standards to ensure your business data and your customers’ information remain secure at all times.
Customer Data Protection
Shipturtle complies with Shopify’s Customer Data Protection requirements (Level 3).
This ensures that sensitive customer information such as personal details, order data, and contact information is handled securely and responsibly.
Learn more about Shopify’s customer data protection standards here:
Customer Data Protection (Protected Customer Data)
https://shopify.dev/docs/apps/store/data-protection/protected-customer-data
GDPR Compliance
Shipturtle is GDPR compliant.
As a listed app on Shopify, we are required to adhere to the General Data Protection Regulation (GDPR), ensuring:
- Lawful and transparent processing of personal data
- Data minimization and purpose limitation
- Secure storage and controlled access
- Rights for users to access, correct, or delete their data
Reference:
GDPR & Protected Customer Data (Shopify)
https://shopify.dev/docs/apps/store/data-protection/protected-customer-data
Infrastructure & Hosting (AWS)
All Shipturtle services are hosted on Amazon Web Services (AWS).
Our AWS-based architecture is designed with:
- Secure cloud infrastructure
- Regular backups and redundancy
- High availability and fail-safe mechanisms
- Continuous monitoring and access control
Learn more about AWS security standards:
https://aws.amazon.com
PCI Compliance & Encryption
Shipturtle Marketplace is PCI compliant.
To protect financial and transactional data:
- All sensitive data is encrypted at rest and in transit
- Industry-standard encryption protocols are used
- Secure communication channels are enforced across the platform
This ensures safe handling of payment-related information and transactional workflows.
Data Sharing & Third-Party Access
Shipturtle does not share customer or business data with third parties for any commercial, marketing, or unauthorized purposes.
Allowed Exceptions (User-Approved Integrations Only)
Data is shared only when explicitly authorized by you, and strictly for operational purposes, such as:
- Sharing order details with shipping providers to generate shipping labels
- Sending WhatsApp or email notifications through enabled communication tools
- Processing payments via integrations like Stripe or PayPal
These integrations are optional and fully controlled by the merchant.
Legal & Compliance Documents
For complete transparency, you can review our legal policies below:
- Privacy Policy
https://www.shipturtle.com/privacy-policy - Terms & Conditions
https://www.shipturtle.com/terms-and-conditions - Data Processing Agreement (DPA)
https://www.shipturtle.com/dpa
Shipturtle is built to meet the security and compliance expectations of modern marketplaces, enterprises, and global merchants.
If you need compliance documentation or security clarification for audits or enterprise onboarding, our team is happy to assist.
If you’re stuck, reach us at team@shipturtle.com or open a ticket on the support page.