Legal

Privacy Policy

Effective date: 26 May 2026

This policy describes how Kooryr("Kooryr", "we", "us") handles personal data when you use our website, dashboard, and API at kooryr.com, including when you log in with Facebook or connect a sales channel.

1. Who we are

Kooryr operates a logistics and commerce-operations platform for sellers. We act as the data controller for personal data described in this policy. For questions, contact privacy@kooryr.com.

2. Who this policy applies to

  • Store users — businesses that create shipments, connect sales channels, or use our API.
  • Logistics partners — carriers or delivery operators on Kooryr.
  • Website visitors — anyone browsing our public site.

3. Data we collect

3.1 Account and identity

Name, email address, password (stored as a one-way hash), company name, phone, address, and timezone. We use this to authenticate you and operate your account.

3.2 Shipment and order data

Pickup and delivery addresses, pincodes, package weight and dimensions, payment type (prepaid or COD), tracking numbers, and carrier booking references. This is required to book and track logistics.

3.3 Sales channel integrations (Shopify, Meta, others)

When you connect a channel, we receive data authorized by you, such as product catalog items (SKU, title, price, inventory), order metadata, and store identifiers. We request only permissions needed to sync inventory and fulfilment-related workflows.

3.4 Facebook Login and Meta (Facebook / Instagram Shop)

If you choose Connect with Facebook, Meta Platforms Technologies provides us with information according to the permissions you approve, which may include:

  • Facebook user ID and display name
  • Facebook Pages you manage (Page ID and name)
  • Instagram business account linked to a Page (username and ID)
  • Product catalog ID, name, and catalog product fields we sync
  • Commerce order webhook payloads (when enabled)

We do notreceive your Facebook password. We store an access token so the integration works until you disconnect. Meta's own privacy policy applies to data Meta collects: Meta Privacy Policy.

3.5 Carrier and logistics credentials

OAuth tokens or API credentials you authorize for carriers (e.g. Amazon Shipping). Tokens are stored securely and used only to perform bookings and tracking on your behalf.

3.6 API keys and webhooks

API key hashes and prefixes, plus webhook URLs you configure. Full API keys are shown once at creation and are not stored in plaintext.

3.7 Technical and usage data

IP address, browser type, device information, timestamps, and server logs for security, fraud prevention, and reliability. We do not use advertising trackers or sell personal data.

4. How we use data

  • Provide, maintain, and improve the Kooryr platform and API
  • Authenticate users and enforce account security
  • Book shipments, generate labels, and display tracking
  • Sync products and orders from connected sales channels
  • Send transactional emails (verification, shipment events, security alerts)
  • Comply with law and respond to lawful requests

Legal bases (where applicable): performance of our contract with you, legitimate interests in operating a secure platform, and compliance with legal obligations.

5. How we share data

  • Logistics partners and carriers — shipment details needed to pick up and deliver packages.
  • Meta Platforms — only as needed when you use Facebook Login or Meta commerce features; governed by your settings with Meta.
  • Connected platforms — e.g. Shopify or Meta when you enable two-way sync.
  • Service providers — cloud hosting, email delivery, and database providers under confidentiality and data-processing terms.
  • Legal requirements — when required by law, court order, or to protect rights and safety.

We do not sell personal data.

6. Retention

  • Account data — while your account is active, then up to 90 days after deletion request.
  • Shipment records — up to 7 years where required for tax and compliance.
  • Meta / Facebook tokens — until you disconnect or submit a deletion request.
  • Server logs — typically up to 90 days unless needed for security investigations.

7. Your rights and data deletion

Depending on your location, you may have the right to access, correct, export, restrict, or delete your data.

Delete Meta-related data:

  • Remove Kooryr in Facebook → Settings → Business integrations / Apps and websites, or
  • Disconnect in Kooryr → Apps → Facebook and Instagram, or
  • Follow the steps at our User Data Deletion page, or email privacy@kooryr.com.

We respond to verified requests within 30 days.

8. Security

Data in transit is protected with TLS. Passwords are hashed. Integration tokens are stored with access controls. We apply least-privilege principles for production systems.

9. International transfers

We are based in India. If you use Kooryr from other countries, your data may be processed in India or where our subprocessors operate. We take steps to protect data consistent with this policy.

10. Children

Kooryr is for businesses and users aged 18+. We do not knowingly collect data from children.

11. Cookies

We use essential cookies for authentication (HTTP-only session cookie). We do not use advertising or cross-site tracking cookies on the application.

12. Changes

We may update this policy. Material changes will be announced by email or in-app notice at least 14 days before they take effect. The effective date at the top will change.

13. Contact

Privacy: privacy@kooryr.com
Support: info@kooryr.com
Terms: Terms of Service
User data deletion (Facebook / Instagram): Data deletion instructions