PRIVACY POLICY

This Privacy Policy explains how ShipKnot: Merge, Pick & Pack with Ease ("ShipKnot", "we", "us", or "our") handles your data. ShipKnot operates on a strict, privacy-first, local-processing architecture.

Your order data never leaves your browser. We do not operate central servers to process, read, or store your orders. A minimal server exists solely for subscription management. We have no access to your customers' personally identifiable information (PII), shipping details, or order histories.

02 / DATA WE READ LOCALLY VS. COLLECT

It is critical to distinguish between data ShipKnot reads locally on your device and data we collect (transmit to our servers).

A. Data Read Locally (Never Transmitted)

To generate your pick list on the Royal Mail Click & Drop dashboard, the extension reads the following data locally:

• Order Identifiers: Order reference numbers and date timestamps.
• Customer Names: Recipient names for packing verification.
• Delivery Addresses: Used solely to assist picker navigation or verify label locations.
• Line Items & Quantities: Item titles, SKUs, and quantities.

This data is processed entirely in-memory and cached in Chrome's sandboxed local extension storage. It is never transmitted over the internet.

B. Data We DO NOT Collect or Transmit

None of the locally read data listed above ever leaves your browser. We do not collect, transmit, or store:

• Order references, line items, SKUs, quantities, or any order content.
• Recipient names, shipping addresses, phone numbers, or email addresses from your orders.
• Pricing, payment methods, or revenue data.
• Your passwords or authentication tokens for Royal Mail.

03 / INFORMATION WE COLLECT

To provide a secure product, ShipKnot collects a strictly minimal amount of technical data. The only data transmitted to our servers relates to licence validation and fraud prevention.

When you activate or use the extension, we collect and store:

• Hashed Device ID: We securely hash your Chrome Profile ID using SHA-256 locally on your device before transmission. This creates an anonymous identifier ensuring your licence remains valid across extension reinstalls, without exposing your identity.
• User Agent: Your browser User Agent string is stored on our licensing server alongside your trial or activation record for fraud prevention.
• Customer Email (via Stripe): Upon purchasing a subscription, Stripe provides your email address as part of your billing record. This is used solely to associate your licence key with your Stripe account.

This data is used exclusively to verify active subscriptions, enforce device limits, and prevent software abuse.

04 / TECHNICAL ARCHITECTURE: DATA BOUNDARIES & SECURITY

Because the Royal Mail Click & Drop platform does not offer a public API or developer integration for third-party tools, standard data retrieval methods are not possible. To bridge this gap without compromising your security, ShipKnot uses a fully local processing model to synchronise your orders directly from your active dashboard session.

Here is how our architecture securely protects your data:

4A. Local Browser Integration

The extension operates directly within your active Royal Mail tab using a secure, self-contained helper script. This acts as a temporary bridge, enabling it to read order data already loading in your browser.

• This integration is strictly limited to the Royal Mail platform and cannot access data from any other website.
• The script is self-contained, loads no external code, and is automatically removed after initialisation.
• All processed data remains entirely within your local browser memory.

4B. Local API Observation

ShipKnot locally observes the native data requests made by the Royal Mail dashboard. The extension reads the structural request context (such as pagination and filter parameters) needed to assemble your pick list.

• Sensitive authentication credentials (such as login tokens and session cookies) are explicitly excluded and never read.
• The extension does not alter, block, or interfere with network requests.
• All observed data is held in volatile, in-memory storage and is never written to disk or transmitted externally.

4C. User-Initiated Order Pagination

When you manually click the "Extract" button, ShipKnot automates navigating through multiple pages of your orders to compile a complete pick list. This performs the equivalent of clicking "Next Page" repeatedly, strictly on your behalf and locally.

• This action is entirely user-initiated and never runs automatically in the background.
• The extension communicates directly between your local browser and Royal Mail, incorporating randomised delays and strict rate limits.
• It dynamically reads the exact number of pages required from the platform. Built-in safeguards pause or abort the process if the platform signals overload. A maximum page limit acts as a safety killswitch to prevent API abuse.
• Order data never passes through ShipKnot's servers.

05 / LICENCE VALIDATION & FRAUD PREVENTION

We use a secure backend infrastructure exclusively to validate your licence key, manage your subscription status, and enforce device limits.

The hashed Device ID we collect is used strictly for this security checkpoint. This data is never associated with your personal e-commerce activity, customer data, or store performance.

06 / EXTENSION PERMISSIONS

The Chrome Extension requires specific browser permissions to operate locally:

07 / DATA SHARING & THIRD PARTIES

We do not share your e-commerce data with anyone. To handle subscriptions and licensing, we leverage standard industry processors:

• Stripe: Payment processing, checkout, and portal management. Credit card details are handled directly by Stripe.
• Google Chrome Identity API: Used to read your Chrome Profile ID locally. This ID is hashed before transmission. No sign-in flow or popup is triggered.
• Cloudflare Workers: Hosts our licensing API, validating licence keys and hashed Device IDs against active Stripe accounts.

We do not sell, rent, or trade your data to advertising platforms, data brokers, or credit bureaus.

08 / GOOGLE LIMITED USE COMPLIANCE

ShipKnot strictly complies with the Google Chrome Web Store Developer Program Policies. Our use and transfer of information received from Google APIs to any other app will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

09 / DATA CONTROL & DELETION

Because all order data is stored on your device, you remain in complete control:

• History Cleared:Wipe all cached order logs and history at any time through the extension's Settings panel.
• Complete Purge: Uninstalling the ShipKnot extension instantly deletes all stored order data, settings, and cached files from your browser profile.

10 / DATA SECURITY & RETENTION

Because your e-commerce data never touches our servers, the risk of external breach is significantly reduced. Your order data is retained only in your browser's local, volatile memory and cached in Chrome's sandboxed extension storage.

Licence validation logs (such as hashed Device IDs) are retained securely on our servers for a maximum of 90 days after a subscription is cancelled or an account is deleted. Active subscription records are retained for the duration of the subscription.

11 / CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, or for operational, legal, or regulatory reasons. We will notify you of material changes by updating the "Last Updated" date at the top of this page and publishing the revised policy on our website.

12 / CONTACT INFORMATION

If you have questions about our local-first architecture or need billing assistance, please contact us at TheMadByte@gmail.com.