Privacy Policy

1. Introduction

ShipToVerified is a product and service of Pitcher Properties LLC, doing business as Pitcher & Company ("Pitcher & Company," "we," "our," or "us"). We are committed to protecting your privacy and being transparent about our data practices.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our identity verification services ("Services"). This policy applies to merchants who use our platform and to customers who submit identity documents for verification through our widget.

2. Scope and Applicability

This Privacy Policy applies to:

• Merchants: Businesses that subscribe to our Services to verify customer identities
• Customers: Individuals who submit identity documents through our verification widget at a merchant's request
• Website Visitors: Individuals who visit our marketing website

3. Information We Collect

From Merchants

• Account registration information (name, email, business name)
• Business contact information
• Payment and billing information (processed by our payment provider)
• API credentials and integration settings
• Usage data and verification request logs

From Customers (During Verification)

• Identity document images (driver's license, state ID, passport)
• Data extracted from identity documents (name, address, date of birth, document number, expiration date)
• Secondary proof of residence documents if required (utility bills, bank statements)
• Customer-provided information from the merchant (name, shipping address, email)

Automatically Collected Information

• IP address
• Device and browser information (type, version, operating system)
• Approximate geographic location (derived from IP address)
• Timestamps and interaction data

4. How We Process Identity Documents

When a customer submits an identity document:

1. The document image is transmitted securely (encrypted in transit) to our document processing service
2. Our AI extracts text data from the document (name, address, date of birth, etc.)
3. The extracted text data is compared against merchant-provided customer information
4. A verification result is generated based on match confidence
5. The document image is discarded immediately after processing—it is NOT stored

What we retain: We retain only the extracted text data and verification results (not the original images) for the purposes described in this policy.

5. No Biometric Processing

Our Services do not perform biometric processing. We do not compare photos on identity documents to selfies or perform facial recognition. We extract only text-based data (name, address, date of birth, document number, expiration date) from submitted documents.

6. How We Use Your Information

We use collected information for the following purposes:

For Verification Services

• Perform identity and age verification
• Match customer shipping addresses to verified residential addresses
• Generate verification results for merchants
• Enable Customer Memory for returning customer verification

For Compliance and Legal Purposes

• Maintain verification audit trails as required by applicable regulations
• Respond to legal requests and comply with applicable laws
• Prevent fraud and protect against security threats

For Service Operations

• Provide, maintain, and improve our Services
• Process payments and manage merchant accounts
• Communicate with merchants about their accounts
• Provide customer support

7. Information Sharing and Disclosure

We share information only as described below:

• With Merchants: We share verification results with the merchant who requested the verification, including verification status, match confidence scores, extracted data, and age confirmation.
• With Service Providers: We share information with third-party service providers who assist in delivering our Services, including cloud infrastructure providers (Microsoft Azure) and AI document processing services. These providers are contractually bound to protect your information.
• With Payment Processors: Payment information is processed by our payment provider (Stripe). We do not store complete payment card information on our systems.
• For Legal Compliance: We may disclose information when required by law, court order, subpoena, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: If Pitcher & Company is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

8. Data Retention

We retain information for the following periods:

• Identity Document Images: NOT RETAINED. Images are processed transiently and discarded immediately after data extraction.
• Verification Records: Extracted data and verification results are retained for the period required by applicable compliance regulations, typically 3-7 years depending on the industry and jurisdiction.
• Customer Memory Data: Retained according to merchant settings (default: 365 days) to enable streamlined verification for returning customers.
• Merchant Account Data: Retained for the duration of the merchant relationship plus 7 years for legal and tax purposes.

You may request deletion of your data subject to our legal retention obligations. Some data may be retained in anonymized or aggregated form for analytics purposes.

9. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmission uses TLS 1.3 encryption
• Encryption at Rest: Stored data is encrypted using AES-256
• Secure Infrastructure: Our Services run on Microsoft Azure with SOC 2 compliance
• Access Controls: Role-based access controls limit data access to authorized personnel
• Security Monitoring: Continuous monitoring for security threats and anomalies

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Privacy Rights

Depending on your location within the United States, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information, subject to legal retention requirements
• Portability: Request your data in a portable format
• Opt-Out: Opt out of certain data uses (we do not sell data)

To exercise these rights, contact us at privacy@shiptoverified.com. We will respond to verified requests within the timeframes required by applicable law.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out of Sale: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Limit Use of Sensitive Personal Information: Request limits on use of sensitive data

Categories of Personal Information Collected: Identifiers (name, address, email, IP address), personal information under Cal. Civ. Code § 1798.80(e), commercial information (transaction history), and internet activity information.

To submit a request, contact privacy@shiptoverified.com. You may designate an authorized agent to make requests on your behalf.

12. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. The nature of our Services (age verification for age-restricted products) means we may receive identity documents that reveal a person is under the required age—in such cases, we do not store this information beyond what is necessary to return a verification result to the merchant indicating the age requirement was not met.

13. Third-Party Links and Services

Our website and Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Data Processing for Merchants

When we process customer data on behalf of merchants:

• Merchants act as the data controller for their customer data
• We act as a data processor, processing data according to merchant instructions
• Merchants are responsible for obtaining appropriate consents from their customers
• Merchants are responsible for their own privacy policies regarding customer data use
• Our processing is limited to providing the verification Services requested

15. Disclaimer of Liability

While we implement strong privacy and security measures, we disclaim liability for: (a) unauthorized access to or alteration of your data resulting from sophisticated cyberattacks; (b) temporary interruptions in service; (c) actions of merchants regarding how they use verification results; (d) accuracy of information you provide to us; or (e) any third-party actions beyond our control. Our liability limitations in the Terms of Service apply to all data processing activities.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice to merchants via email. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

ShipToVerified is a product of Pitcher Properties LLC, doing business as Pitcher & Company.