EnreshipBack to Home
Legal

Data Processing Agreement

Last Updated: December 2024

This Data Processing Agreement (“Agreement” or “DPA”) forms part of the contractual relationship between Enreship LLC (“Enreship,” “Processor,” “we,” or “us”) and the customer (“Customer,” “Controller,” or “you”) who uses Enreship's services (“Services”).

This DPA governs Enreship's processing of Personal Data on behalf of the Customer and outlines each party's rights and obligations regarding data protection.

This DPA applies to all processing activities in which Enreship processes Personal Data on behalf of the Customer, including data received from ecommerce marketplaces, sales channels, and carrier integrations.

Table of Contents

1. Definitions2. Scope and Purpose of Processing3. Categories of Personal Data Processed4. Obligations of the Processor5. Sub-processors6. Customer Responsibilities7. International Data Transfers8. Data Retention and Deletion9. Return of Data10. Audits and Documentation11. Limitation of Liability12. Governing Law13. Contact Information

1Definitions

Controller

The party that determines the purposes and means of processing Personal Data.

Processor

The party that processes Personal Data on behalf of the Controller.

Personal Data

Any information relating to an identifiable or identified natural person, including shipping addresses, order details, recipient contact information, and marketplace-provided identifiers.

Processing

Any operation performed on Personal Data, including collection, storage, transmission, retrieval, deletion, or analysis.

Sub-processor

Any third party engaged by Enreship to process Personal Data on behalf of the Customer.

Services

Enreship's ecommerce fulfillment, order management, label creation, carrier integrations, analytics tools, and related applications.

2Scope and Purpose of Processing

Enreship processes Personal Data solely for the purpose of providing the Customer with the Services, which may include:

Importing orders from marketplaces (Amazon, Shopify, Walmart, Etsy, eBay, WooCommerce, and others)
Generating shipping labels and transmitting data to carriers
Performing warehouse receiving, storage, pick-pack-ship operations
Synchronizing orders, tracking updates, and shipping events
Providing analytics and reporting features

Processor shall process Personal Data only on documented instructions from the Customer.

Enreship does not determine how Customer data is used. The Customer alone decides:

What data is imported
What orders are fulfilled
Which carriers are selected
How long the Customer account remains active

3Categories of Personal Data Processed

Depending on the Customer's integrations and usage, Enreship may process:

Order recipient names
Shipping addresses
Phone numbers and email addresses
Order item details (SKU, quantity, product identifiers)
Marketplace order IDs and transaction metadata
Tracking numbers and shipment events
Warehouse inbound/outbound records

Enreship does not store payment information or marketplace login credentials. Access tokens are encrypted and used only for API communication.

4Obligations of the Processor (Enreship)

Enreship agrees to:

4.1 Process data only under Customer instruction

Enreship will not use Personal Data for any purpose other than providing the Services.

4.2 No sale, monetization, or unauthorized use

Enreship will never sell, rent, share, or use Personal Data for:

Advertising
Cross-context behavioral tracking
Data profiling unrelated to the Services

4.3 Implement appropriate security measures

Enreship uses administrative, organizational, and technical safeguards including:

Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Access controls and identity management
Network segmentation and firewalls
Secure token storage
Activity logging and audit trails

4.4 Confidentiality

Personnel with access to Personal Data are bound by strict confidentiality obligations.

4.5 Assist the Customer with compliance requests

Enreship will assist with:

Data subject access requests
Corrections or deletions (within Customer instructions)
Security audits or documentation requests

4.6 Data breach notification

In the event of a confirmed data breach affecting Personal Data:

Enreship will notify the Customer without undue delay
Provide all information known at the time
Support remediation efforts

5Sub-processors

Customer authorizes Enreship to use Sub-processors for infrastructure, platform operations, carrier communication, and analytics. Examples include:

AWS

Hosting and database infrastructure

CloudFront

Content delivery network

Google Analytics

Platform performance insights

Customer Support Tools

Intercom, Zendesk, Crisp

Carrier APIs

UPS, USPS, FedEx, DHL

All Sub-processors are contractually bound to process Personal Data only to provide the Services and maintain appropriate data protection safeguards. A current list of Sub-processors is available upon request.

6Customer Responsibilities

The Customer agrees to:

Ensure they have lawful basis to collect and provide Personal Data to Enreship
Configure integrations securely
Manage user access rights within their Enreship account
Determine how long Personal Data should be retained
Provide accurate instructions for order fulfillment and shipping

Enreship is not responsible for Customer errors in marketplace configuration, incorrect shipping information, or misrouted fulfillment requests.

7International Data Transfers

Enreship is based in the United States. By using the Services, Customer authorizes the processing and storage of Personal Data in the United States and by approved Sub-processors in other jurisdictions where legally permitted.

All transfers use appropriate safeguards, including:

Standard contractual clauses (SCCs), where applicable
Encrypted channels
Access controls

8Data Retention and Deletion

Enreship retains Personal Data only for as long as required to:

Provide the Services
Comply with legal obligations
Maintain audit, billing, or security records

Upon Customer request or account termination:

Personal Data will be deleted or anonymized within a commercially reasonable timeframe
Some data may be retained where legally required (e.g., transaction logs, tax-related records)

9Return of Data

At any time during the agreement, the Customer may export:

Orders and fulfillment records
Inventory data
Shipping logs and tracking information
Reporting and analytics output

Enreship does not block access to Customer data unless Terms of Service are violated or legal authorities require suspension.

10Audits and Documentation

Upon written request, Enreship will provide:

Security documentation
Infrastructure overview
Compliance descriptions

Formal on-site audits may be permitted under mutually agreed terms and may require a fee.

11Limitation of Liability

This DPA does not expand Enreship's liability beyond what is stated in the Terms of Service. All limitations, disclaimers, and exclusions apply equally to this Agreement.

12Governing Law

This Agreement is governed by the laws of the State of New Jersey, without regard to conflict-of-law rules. Any disputes shall be resolved exclusively in the state or federal courts of New Jersey.

13Contact Information

Questions regarding this DPA may be sent to:

Enreship LLC

727 Hylton Rd, Pennsauken, NJ 08110, United States
+1 469 850 5252
info@enreship.com