Privacy Policy

This Privacy Policy explains how Reliable International, the operator of ShipyBox (shipybox.in), collects, uses, stores, shares and protects your personal information. It is intended to comply with the Information Technology Act 2000 and the Digital Personal Data Protection (DPDP) Act 2023.

Last updated: 16 June 2026 · Operator: Reliable International · Brand: ShipyBox

Policies

1. About this Policy

This Privacy Policy describes the practices of Reliable International (the “Data Fiduciary” under the DPDP Act 2023), operator of the ShipyBox brand, regarding personal information collected through shipybox.in, the merchant panel and the ShipyBox APIs.

It applies to website visitors, merchants who register an account, and any individual whose data is shared with us by a merchant in the course of fulfilling a shipment (“Data Principals”).

2. Information We Collect

(a) Lead & enquiry information

When you fill any form on the website (contact, demo, pricing, calculator email-capture, lead magnet download): full name, business email, mobile or WhatsApp number, company name, monthly shipment volume, free-text message, and any other field you choose to provide.

(b) CRM & attribution information

Lead source, source page, UTM parameters (utm_source, medium, campaign, term, content), first landing page, first referrer, click path, session ID, calculator inputs and timestamp of first touch.

(c) Quote Engine information

Customer pricing profile (company name, contact person, GSTIN, pickup PIN, monthly shipment volume), margin preferences, quote requests, generated quotations, accepted or rejected statuses and revision history.

(d) Account & merchant data (post-onboarding)

KYC documents, business address, pickup addresses, registered email and phone, signatory details, GSTIN, PAN, bank-account details for COD remittance and refunds.

(e) Shipment metadata

Where you tender shipments through ShipyBox: AWB or order numbers, consignee name and address, product description, declared value and weight, COD amount, courier selection, scan events, NDR feedback and dispute history.

(f) Technical information

IP address (truncated for analytics), browser, operating system, device type, referring URL, cookies and similar identifiers, session duration, pages viewed and interactions recorded by analytics tools.

3. Lawful Basis & Purpose of Processing

We process personal data only for specified, lawful purposes. The legal basis under the DPDP Act 2023 may be your consent, performance of a contract you have entered with us, compliance with a legal obligation, or our legitimate business interests where they are not overridden by your rights.

  • Operate, maintain and improve the Platform.
  • Qualify leads, schedule demos, generate quotations and onboard merchants.
  • Provide customer support, resolve disputes and process refunds.
  • Detect, prevent and investigate fraud or abuse.
  • Send transactional emails (account, billing, shipment, support).
  • Send marketing communications you have opted into; you can unsubscribe at any time via the link in every marketing email or by writing to support@shipybox.in.
  • Comply with legal obligations, court orders, or regulatory requests.
  • Analyse aggregated, anonymised usage to improve our website, content and product.

4. Consent & Withdrawal of Consent

Where we rely on your consent, you provide it freely and explicitly by submitting a form, ticking a box or otherwise indicating agreement. You may withdraw your consent at any time by writing to support@shipybox.in from your registered email.

Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. It may, however, limit our ability to provide certain services (for example, we cannot fulfil shipments without consignee data).

5. Data Principal Rights (under the DPDP Act 2023)

Subject to applicable law, you have the following rights as a Data Principal:

  • Right to access — request a summary of personal data being processed and the activities undertaken.
  • Right to correction and erasure — ask us to correct inaccurate or outdated information, or to erase data that is no longer necessary for the purpose for which it was collected.
  • Right to grievance redressal — escalate any concern to our Grievance Officer (details below); we will respond within statutory timelines.
  • Right to nominate — nominate an individual who may exercise these rights in the event of your death or incapacity.
  • Right to withdraw consent — at any time, with effect prospectively.
  • Right to information about sharing — ask for a list of categories of third parties with whom your data has been shared.

To exercise any of these rights, send a verifiable request to support@shipybox.in with sufficient information to identify you (typically the email on file). We will respond within thirty (30) days, or such shorter period as required under applicable law.

6. Data Retention & Deletion

We retain information only for as long as necessary to fulfil the purpose for which it was collected, satisfy legal obligations, or resolve disputes. Indicative retention periods:

CategoryRetention period
Active merchant account dataDuration of the account + 12 months after closure
Closed or inactive leadsUp to 24 months from last interaction
Shipment metadataUp to 7 years (tax, audit and dispute purposes)
Quote requests & quotations7 years from issuance
Transactional emails & support communications36 months
Marketing-only subscribers (no transactional relationship)Until unsubscribe
Audit & compliance logs7 years

Deletion requests are honoured for data not subject to a statutory or contractual retention obligation. Where deletion is not legally possible, we will restrict processing to the minimum required to comply with the obligation and inform you accordingly.

7. Sharing of Information

We share your information only as needed and under contractual safeguards:

  • Courier Partners — shipment-level data required to dispatch, track and deliver each consignment.
  • Technology providers — MongoDB Atlas (database hosting), Resend (transactional email), payment processors (where applicable), cloud infrastructure providers, and AI/ML providers strictly for routing-and-allocation decisions on encrypted shipment metadata.
  • Analytics providers — Google Analytics 4 and Microsoft Clarity for aggregated, anonymised behavioural analytics.
  • Professional advisers — legal, accounting and audit professionals under confidentiality obligations.
  • Regulatory authorities — where required by Indian law, court order, or a legitimate government request.
  • Successors-in-interest — in the event of a merger, acquisition or asset sale, your data may be transferred subject to equivalent privacy protections.

We do not sell your personal data, and we do not rent your contact list to third-party advertisers.

8. Cookies & Analytics

We use first-party cookies for session management, CSRF protection and lightweight preferences. Third-party scripts include:

  • Google Analytics 4 — anonymised page analytics with IP anonymisation enabled.
  • Microsoft Clarity — behavioural session replay; PII inputs are auto-masked by default.
  • Google Search Console — search-performance telemetry.

You may opt out by enabling “Do Not Track” in your browser, by installing a tracker-blocker, or by emailing support@shipybox.in with a request.

9. Data Security

  • Data is stored in MongoDB Atlas (India region where available) with encryption at rest (AES-256) and in transit (TLS 1.2 or higher).
  • Access to production data is restricted to authenticated personnel via role-based access control (RBAC), with audit logs maintained for all sensitive operations.
  • Admin authentication uses bcrypt-hashed credentials and signed JWT sessions.
  • We follow the principle of least privilege and review access quarterly.
  • Dependency vulnerability scanning and security patching are performed regularly.

No system is 100% secure. In the unlikely event of a personal data breach affecting your information, we will notify you and the Data Protection Board of India in accordance with the timelines and form prescribed under the DPDP Act 2023.

10. Children's Privacy

The Platform is intended exclusively for businesses and individuals aged eighteen (18) and above. We do not knowingly collect personal data from children. If you believe a minor has provided information to us, please contact support@shipybox.in so we may delete it.

11. Cross-border Transfers

Some service providers may process data outside India. Where this occurs, we ensure equivalent privacy protections through contractual safeguards (Standard Contractual Clauses or equivalent) and only transfer to jurisdictions that meet the requirements of the DPDP Act 2023 and rules notified thereunder.

12. Updates to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision; material changes will be communicated by email or a prominent notice on the website at least fifteen (15) days before they take effect.

13. Grievance Officer & Contact

In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 and the DPDP Act 2023, Reliable International has designated a Grievance Officer to address concerns relating to personal data processing.

All grievances, data-principal requests and privacy questions can be addressed to:

Email
support@shipybox.in
Postal address
Reliable International, Gurugram, Haryana, India
Response window
Within 30 days of receipt of a verified request

If you are not satisfied with the response, you may further escalate the matter to the Data Protection Board of India once it is operational under the DPDP Act 2023.

Questions? Write to support@shipybox.in. Reliable International (operator of ShipyBox) · Jurisdiction: Gurugram, Haryana, India.