Shophr Cybersecurity Policy
Shophr (the "Company") is committed to upholding the highest standards of cybersecurity to protect our users, systems, and data. This Policy is designed to help you understand how we secure our digital infrastructure, manage potential threats, and enforce best practices across our organization to ensure the integrity, confidentiality, and availability of information.
For purposes of this Policy: "Site" refers to the Company's website at https://shophr.co/. "Service" refers to the Company's services accessed via the Site. "We," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or Service.
By accessing our Site or using our Service, you acknowledge and accept this Cybersecurity Policy and our Terms of Use.
Section I
Password Management
To protect sensitive systems and data, Shophr enforces a strict password management policy that applies to all employees, contractors, and third-party users who access company systems, applications, or networks.
Password Creation Standards
Passwords associated with any Shophr application must be at least 12 characters long and include at least:
- One special character
- One uppercase letter
- One lowercase letter
- One numeric value
Passwords should not contain easily identifiable personal information or simple phrases. For Shophr employees, passwords should not be reused across multiple company accounts.
Password Management Requirements
- Passwords for all Shophr employees must be updated bi-annually and conform to the same standards above.
- Multi-factor authentication must be utilized by both employees and consumers.
- Passwords cannot be shared between employees under any circumstance.
- Never write down passwords on physical media in the workplace or store them in unencrypted digital files.
- Do not use "remember me" features on shared computers.
- Report any suspected password compromise to IT security immediately.
Section II
Device Security
This policy outlines the requirements and responsibilities for securing all company-issued devices used to access Shophr systems, data, or services — including laptops, desktops, mobile phones, tablets, and external storage media.
Device Requirements
- All devices must run operating systems still supported by their vendors.
- Devices must have the latest security patches installed within 7 days of release.
- Approved antivirus/anti-malware software must be installed and actively running with full-disk encryption enabled.
Company-Issued Devices
Company-issued devices will be provided to both employees and retailers and configured by IT with standard security controls before deployment. Administrator/root permissions must not be granted to standard users, and devices are subject to inventory audits and security scans.
If a device is lost or stolen, it must be reported to IT security immediately. A security incident report will be filed with details of potentially exposed data. Devices must be returned upon termination of employment or end of contract.
Section III
Security Incident Response
The purpose of this policy is to ensure a consistent and effective approach to identifying, managing, and resolving cybersecurity incidents that may impact the confidentiality, integrity, or availability of company data, systems, or services.
Incident Identification
Security incidents include but are not limited to: unauthorized access, data breaches, malware infections, phishing attempts, and lost/stolen devices. All employees are responsible for being alert to potential security incidents and are required to report any vulnerabilities or exploits. When in doubt about a potential security concern, report it immediately.
Reporting Procedures & Response Process
- Security incidents must be reported to IT security within 1 hour of discovery.
- The IT Security team will assess the incident and determine its severity level.
- Critical incidents trigger the formation of an Incident Response Team.
- Systems may be isolated or taken offline to prevent further damage.
- Forensic investigation will be conducted to determine scope and impact.
- Once contained, systems will be restored following improved secure procedures.
- A post-incident review will be conducted for all significant security events.
Shophr Privacy Policy
Shophr (the "Company") is committed to maintaining robust privacy protections for its users. Our Privacy Policy is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.
"Site" refers to https://shophr.co/. "Service" refers to the Company's services, in which users can use the app to purchase, sell, and deliver retailer merchandise. "We," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or Service.
By accessing our Site or Service, you accept our Privacy Policy and Terms of Use, and you consent to our collection, storage, use, and disclosure of your Personal Information as described herein.
Section I
Information We Collect
We collect Non-Personal Information and Personal Information. Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, and preferences. Personal Information includes your email, full name, phone number, and delivery address, which you submit through the registration process.
1. Information Collected via Technology
To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you do need to submit further Personal Information, which may include: age, location, payment information, driver's license number, and vehicle registration information. Additional information we may collect includes:
- Real-time location
- Delivery and pick-up coordinates, delivery duration, driver operational status
- Transaction history, earnings data, Stripe payment details
- Device type, push notification tokens, browser type, date and time of access
We also track information provided by your browser, such as the referring URL, browser type, and device from which you connected, using cookies — small text files which include an anonymous unique identifier.
2. Information You Provide by Registering
To become a subscriber to the Service you will need to create a personal profile by registering with your email address, a username, and a password. By registering, you are authorizing us to collect, store, and use your email address in accordance with this Privacy Policy.
3. Children's Privacy
The Site and Service are not directed to anyone under the age of 13. We do not knowingly collect information from anyone under 13. If you believe we have collected such information, please contact us at support@shophr.co.
Section III
How We Protect Information
We implement security measures designed to protect your information from unauthorized access, including encryption, firewalls, and secure socket layer technology. Your account is protected by your account password — we urge you to keep your personal information safe by not disclosing your password and by logging out after each use.
However, no security measures are absolute. By using our Service, you acknowledge that you understand and agree to assume these risks.
Section IV
Your Rights Regarding Personal Information
You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication, you can opt out by following the unsubscribe instructions provided in each promotional email. Please note that notwithstanding your promotional preferences, we may continue to send administrative emails such as periodic updates to our Privacy Policy.
Section V
Links to Other Websites
As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. We encourage our users to read the privacy statements of other websites before proceeding to use them.
Section VI
Changes to Our Privacy Policy
The Company reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes by sending a notice to the primary email address on your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately.
Section VII
Contact Us
Have a question?
Reach out to our team regarding this Privacy Policy or the practices of this Site.