Is ShipStation GDPR and CCPA compliant?

Quick references on how GDPR affects ShipStation users.

Yes, ShipStation is compliant with both GDPR and CCPA statutes.

Personal data is any information related to a natural person (individual) that can be used to directly or indirectly identify the person. It can be anything from a name or photo to an email address. The official term for this data is Personally Identifiable Information, or PII.

ShipStation has undergone a thorough review of our policies and procedures to ensure our own compliance and give you the peace of mind you need from your shipping software. Below we've compiled some details about how we're compliant with GDPR and CCPA and why it's important.


This article is for informational purposes only and is not meant to serve as legal advice. For your particular situation, we recommend that you contact your legal advisor.

How does ShipStation protect Personal Data?

Depending on where you do business, there are certain regulations and requirements surrounding a company’s responsibilities toward PII.

ShipStation outlines how we use personal data within our Privacy Policy and Terms of Service. If applicable to you and your customers, we added information in our Privacy Policy on how to exercise rights around your data and how to control the use of your personal information through our services.

What is Personal Data?

Personal data is any information related to a natural person (individual) that can be used to directly or indirectly identify the person. It can be anything from a name or photo to an email address.

What is GDPR?

The General Data Protection Regulation (commonly referred to as GDPR) is a comprehensive data protection law that replaces existing European privacy laws. Its purpose is to strengthen the protection of personal data, something we care about here at ShipStation. The GDPR is enforceable in each European Union (EU) member state and gives individuals more control over their personal data.

When did it go into effect?

GDPR took effect on May 25th, 2018. We have updated our processes, systems, and policies to make sure we and our customers are compliant.

ShipStation obtained certification within the EU-US Privacy Shield Framework, a precursor to GDPR compliance that covers the lawful transfer of data outside the EU. This certification means ShipStation has been compliant with many aspects of the GDPR from before the date it went into effect.

Does this apply to me?

The GDPR applies to organizations processing the personal data of EU individuals. So even if you aren't a company based in the EU, the GDPR matters if you are selling to customers in the EU.

Before you enter the Personal Data of European Union Data Subjects into our software to use our services, you are obligated to be in compliance with the GDPR and to get the affirmative consent of your customers according to our Privacy Policy and Terms of Service.

What is CCPA?

The California Consumer Privacy Act (CCPA) is a California law that protects consumer’s private information. It gives consumers the right to request that their personal information not be sold to other parties.  

In order to be eligible for any of the following requests, you must be a resident of the state of California or have been a resident within the last 24 months.

Some exclusions apply based on the restrictions set forth within the California Consumer Privacy Act (CCPA). Please contact or review your locality’s requirements for data protection as it relates to your request. Some requests may be denied if eligibility cannot be verified.

File a CCPA Request

To request your data not be shared, either fill in the form at the following URL:

Or call 1-855-712-5819.