Legal

Privacy Policy

Effective date: 26 March 2026

1. Who We Are

Kooryr ("Kooryr", "we", "us") operates the logistics aggregation platform available at kooryr.com and via API. We act as the data controller for personal data collected through our platform.

2. Who This Policy Applies To

This policy applies to:

  • Store Users — e-commerce operators (Shopify, WooCommerce, Amazon, etc.) who use Kooryr to create shipments, generate labels, and track deliveries.
  • Logistics Partners — carriers and fleet operators who accept and fulfil delivery jobs through Kooryr.
  • Website Visitors — anyone browsing kooryr.com.

3. Data We Collect

3.1 Account & Identity Data

When you register, we collect your name, email address, password (hashed), company name, phone number, city, website, and billing address.

3.2 Order & Shipment Data

Store users submit shipment details including origin and destination pincodes, package weight, payment type (prepaid / COD), AWB numbers, carrier IDs, and tracking information. This data is used to route, book, and track your deliveries.

3.3 Carrier Credentials

If you connect a carrier account (e.g. Amazon Shipping via LWA OAuth), we store the encrypted refresh token and client credentials necessary to call carrier APIs on your behalf. These are stored securely and never shared with other users.

3.4 Integration Data

When you connect a store platform (Shopify, WooCommerce, etc.), we receive order metadata from those platforms. We only request the minimum scopes required to pull orders and write fulfilment status.

3.5 API Keys & Webhooks

We generate API keys on your behalf. Only a key prefix is stored in our database; the full key is shown to you once at generation and is not recoverable. Webhook endpoint URLs you register are stored to deliver event notifications.

3.6 Usage & Technical Data

We collect standard server logs including IP address, browser user-agent, pages visited, and timestamps for security and performance monitoring. We do not use third-party advertising trackers.

4. How We Use Your Data

  • Provide and operate the Kooryr platform and API
  • Generate, transmit, and store shipping labels and carrier bookings
  • Calculate and display carrier rates on your behalf
  • Send transactional emails (email verification, shipment events, webhook failures)
  • Detect fraud, abuse, and security incidents
  • Comply with legal obligations
  • Improve platform reliability and performance

We do not sell your data or use it for advertising.

5. Data Sharing

We share personal data only in the following circumstances:

  • Logistics Partners — Shipment details (pickup address, delivery pincode, package dimensions) are shared with the logistics partner you select for a booking.
  • Carrier APIs — Shipment data is forwarded to carrier APIs (e.g. Amazon Shipping) to create bookings, print labels, and retrieve tracking events.
  • Sub-processors — We use sub-processors for infrastructure (cloud hosting), transactional email, and database services. All are bound by data processing agreements.
  • Legal obligations — We may disclose data to comply with a valid legal request, court order, or regulatory requirement.

6. Data Retention

Account data is retained for the life of your account plus 90 days after deletion. Shipment records are retained for 7 years for tax and compliance purposes. API keys are invalidated on account deletion. You may request full data deletion at any time by contacting privacy@kooryr.com.

7. Security

All data is transmitted over TLS. Passwords are hashed using bcrypt. Carrier OAuth credentials are encrypted at rest. API keys use SHA-256 hashing and are never stored in plaintext. We apply the principle of least privilege across our infrastructure.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, email us at privacy@kooryr.com. We respond within 30 days.

9. Cookies

We use a single session cookie for authentication (HTTP-only, Secure, SameSite=Strict). We do not use analytics cookies or advertising cookies. No cookie consent banner is required.

10. Changes to This Policy

We will notify registered users by email at least 14 days before any material changes take effect. Continued use of the platform after the effective date constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact:
privacy@kooryr.com