S
Shophr

Legal Documentation

Cybersecurity & Privacy Policy

Last updated: April 16, 2026  ·  shophr.co

Part One

Shophr Cybersecurity Policy

Shophr (the "Company") is committed to upholding the highest standards of cybersecurity to protect our users, systems, and data. This Policy is designed to help you understand how we secure our digital infrastructure, manage potential threats, and enforce best practices across our organization to ensure the integrity, confidentiality, and availability of information.

For purposes of this Policy: "Site" refers to the Company's website at https://shophr.co/. "Service" refers to the Company's services accessed via the Site. "We," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or Service.

By accessing our Site or using our Service, you acknowledge and accept this Cybersecurity Policy and our Terms of Use.

Section I

Password Management

To protect sensitive systems and data, Shophr enforces a strict password management policy that applies to all employees, contractors, and third-party users who access company systems, applications, or networks.

Password Creation Standards

Passwords associated with any Shophr application must be at least 12 characters long and include at least:

  • One special character
  • One uppercase letter
  • One lowercase letter
  • One numeric value

Passwords should not contain easily identifiable personal information or simple phrases. For Shophr employees, passwords should not be reused across multiple company accounts.

Password Management Requirements

  • Passwords for all Shophr employees must be updated bi-annually and conform to the same standards above.
  • Multi-factor authentication must be utilized by both employees and consumers.
  • Passwords cannot be shared between employees under any circumstance.
  • Never write down passwords on physical media in the workplace or store them in unencrypted digital files.
  • Do not use "remember me" features on shared computers.
  • Report any suspected password compromise to IT security immediately.

Section II

Device Security

This policy outlines the requirements and responsibilities for securing all company-issued devices used to access Shophr systems, data, or services — including laptops, desktops, mobile phones, tablets, and external storage media.

Device Requirements

  • All devices must run operating systems still supported by their vendors.
  • Devices must have the latest security patches installed within 7 days of release.
  • Approved antivirus/anti-malware software must be installed and actively running with full-disk encryption enabled.

Company-Issued Devices

Company-issued devices will be provided to both employees and retailers and configured by IT with standard security controls before deployment. Administrator/root permissions must not be granted to standard users, and devices are subject to inventory audits and security scans.

If a device is lost or stolen, it must be reported to IT security immediately. A security incident report will be filed with details of potentially exposed data. Devices must be returned upon termination of employment or end of contract.

Section III

Security Incident Response

The purpose of this policy is to ensure a consistent and effective approach to identifying, managing, and resolving cybersecurity incidents that may impact the confidentiality, integrity, or availability of company data, systems, or services.

Incident Identification

Security incidents include but are not limited to: unauthorized access, data breaches, malware infections, phishing attempts, and lost/stolen devices. All employees are responsible for being alert to potential security incidents and are required to report any vulnerabilities or exploits. When in doubt about a potential security concern, report it immediately.

Reporting Procedures & Response Process

  • Security incidents must be reported to IT security within 1 hour of discovery.
  • The IT Security team will assess the incident and determine its severity level.
  • Critical incidents trigger the formation of an Incident Response Team.
  • Systems may be isolated or taken offline to prevent further damage.
  • Forensic investigation will be conducted to determine scope and impact.
  • Once contained, systems will be restored following improved secure procedures.
  • A post-incident review will be conducted for all significant security events.

Part Two

Shophr Privacy Policy

Shophr (the "Company") is committed to maintaining robust privacy protections for its users. Our Privacy Policy is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.

"Site" refers to https://shophr.co/. "Service" refers to the Company's services, in which users can use the app to purchase, sell, and deliver retailer merchandise. "We," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or Service.

By accessing our Site or Service, you accept our Privacy Policy and Terms of Use, and you consent to our collection, storage, use, and disclosure of your Personal Information as described herein.

Section I

Information We Collect

We collect Non-Personal Information and Personal Information. Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, and preferences. Personal Information includes your email, full name, phone number, and delivery address, which you submit through the registration process.

1. Information Collected via Technology

To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you do need to submit further Personal Information, which may include: age, location, payment information, driver's license number, and vehicle registration information. Additional information we may collect includes:

  • Real-time location
  • Delivery and pick-up coordinates, delivery duration, driver operational status
  • Transaction history, earnings data, Stripe payment details
  • Device type, push notification tokens, browser type, date and time of access

We also track information provided by your browser, such as the referring URL, browser type, and device from which you connected, using cookies — small text files which include an anonymous unique identifier.

2. Information You Provide by Registering

To become a subscriber to the Service you will need to create a personal profile by registering with your email address, a username, and a password. By registering, you are authorizing us to collect, store, and use your email address in accordance with this Privacy Policy.

3. Children's Privacy

The Site and Service are not directed to anyone under the age of 13. We do not knowingly collect information from anyone under 13. If you believe we have collected such information, please contact us at support@shophr.co.

Section II

How We Use and Share Information

Personal Information

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent, or otherwise share your Personal Information with third parties for marketing purposes without your consent. We do share Personal Information with vendors performing services for the Company — such as email servers — who use it only at our direction and in accordance with this Privacy Policy.

We use Personal Information to contact users in response to questions, solicit feedback, provide technical support, and inform users about promotional offers. We may also share Personal Information with outside parties if required by law or to address fraud, security, or technical concerns.

Non-Personal Information

We use Non-Personal Information to improve the Service and customize the user experience. We also aggregate it to track trends and analyze use patterns on the Site. In the event of a business transaction such as a merger or acquisition, your Personal Information may be among the assets transferred — you acknowledge and consent to such transfers as permitted by this Privacy Policy.

Section III

How We Protect Information

We implement security measures designed to protect your information from unauthorized access, including encryption, firewalls, and secure socket layer technology. Your account is protected by your account password — we urge you to keep your personal information safe by not disclosing your password and by logging out after each use.

However, no security measures are absolute. By using our Service, you acknowledge that you understand and agree to assume these risks.

Section IV

Your Rights Regarding Personal Information

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication, you can opt out by following the unsubscribe instructions provided in each promotional email. Please note that notwithstanding your promotional preferences, we may continue to send administrative emails such as periodic updates to our Privacy Policy.

Section VI

Changes to Our Privacy Policy

The Company reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes by sending a notice to the primary email address on your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately.

Section VII

Contact Us

Have a question?

Reach out to our team regarding this Privacy Policy or the practices of this Site.

support@shophr.co