Placeholder document. This is a working draft. NorShip operations
will be subject to both US privacy law (the warehouse and account systems) and the
Norwegian Personal Data Act / GDPR (delivery operations and EU/EEA customer data).
Final policy must be reviewed by counsel.
What we collect
- Account data: name, email, phone, password hash.
- Address data: Norwegian delivery addresses you save.
- Shipment data: inbound package metadata (sender, weight, dimensions, photos), declared values, customs descriptions.
- Payment data: processed via our payment processor; we store only the last four digits and the processor's token.
- Communications: support emails and messages.
- Site analytics: aggregate, non-identifying traffic data; no third-party advertising trackers.
How we use it
- To operate your account and ship your packages.
- To file customs declarations with Tolletaten and pre-pay VAT.
- To send you transactional emails (package arrived, shipment dispatched, invoice).
- To prevent fraud and abuse.
- To comply with US and Norwegian legal obligations.
What we don't do
- We do not sell your data.
- We do not share purchase data with third-party advertisers.
- We do not retain card numbers.
- We do not use third-party advertising or retargeting trackers.
Sub-processors
We rely on a small set of vendors to operate the service. The current list includes our payment processor, hosting provider, email service provider, customs broker, and outbound carriers. A complete list is maintained on request.
Your rights
As a Norwegian/EEA resident, you have the right under GDPR to access, correct, export, and delete your personal data. Email privacy@norship.example and we will respond within 30 days.
Data retention
Account data is retained while your account is active. Shipment records are kept for 7 years to satisfy US and Norwegian customs record-keeping requirements. Closed accounts are anonymized after 90 days.
Contact
For any privacy question: privacy@norship.example.