Privacy Policy

Last updated: June 4, 2026

Shipmoor does not upload, transmit, or store the user’s source code, file contents, diffs, or repository contents. Scans run locally on the user’s machine; only identity, billing, and license metadata cross the network.

This Privacy Policy explains how Shipmoor collects, uses, shares, retains, and protects personal data for the Shipmoor website, account console, Community CLI, IC subscription, license services, documentation, and related services (the “Services”).

1. Product Privacy Posture

Shipmoor is built for developers who need code-integrity checks without unnecessary source-code movement.

The Community CLI and IC local scan surfaces run in your environment. License validation, account login, billing, and entitlement refresh may contact Shipmoor services, WorkOS, Stripe, Supabase, or Vercel, but those flows are designed to exchange account, billing, subscription, license, token, device, and audit metadata rather than source code or repository contents.

If a future feature asks you to connect a hosted integration or send code, diffs, prompts, tickets, or repository content to Shipmoor or a third-party provider, that feature will clearly say so and may be covered by additional terms or controls. This policy documents the current IC subscription surface.

2. Data We Process

We process the categories of data below.

Account Identity

WorkOS manages account authentication. Shipmoor may receive and store account identity data such as:

email address;
name;
WorkOS user ID or OAuth provider ID;
email verification status;
account ID, account type, membership role, and account status;
account creation, update, and last-login timestamps.

Billing Identity

Stripe manages checkout, subscriptions, payment collection, and billing portal flows. Shipmoor may receive and store billing metadata such as:

Stripe customer ID;
Stripe subscription ID;
selected plan and billing period;
subscription status;
current billing-period end;
cancel-at-period-end flag;
payment-failure grace timestamp where applicable;
Stripe webhook event ID, type, timestamp, processing status, and payload digest;
billing contact and billing address information when Stripe provides it for account, tax, receipt, or support purposes.

Shipmoor does not store full payment-card numbers. Stripe holds card data.

License Metadata

Shipmoor processes license metadata needed to issue, refresh, validate, and revoke paid entitlements, including:

account ID and user ID;
license token ID;
token jti;
signing key ID (kid);
plan;
issued-at, expiry, last-refresh, created, revoked, and revoke-reason timestamps or fields;
entitlement state derived from subscription status.

Authentication Audit Events

Shipmoor records authentication audit events for security, troubleshooting, and abuse prevention, including:

user ID and account ID where available;
event type, such as sign-in callback;
provider, such as WorkOS;
outcome, such as success or failure;
categorized reason, such as missing state, state mismatch, provider exchange failure, provisioning failure, or success;
timestamp.

Website and Support Communications

If you contact Shipmoor, request a demo, ask for support, or send email, we may process the information you choose to provide, such as name, email address, company, message content, and related communications metadata.

3. Data We Do Not Collect Through Local Scans

For the current Community CLI and IC local scan surfaces, Shipmoor does not collect:

source code;
file contents;
diffs;
patches;
repository contents;
local scan output;
local baseline contents;
local suppression files;
telemetry from the Community CLI, unless a feature clearly says otherwise.

You should still avoid placing secrets, credentials, tokens, private keys, or unnecessary personal data into support messages, public issue reports, command-line arguments, CI logs, or artifacts controlled by third-party services.

4. How We Use Data

We use personal data and metadata to:

provide, operate, secure, and support the Services;
authenticate users and maintain sessions;
create and administer accounts;
process checkout, subscriptions, renewals, cancellations, invoices, taxes, and billing support;
issue, refresh, validate, and revoke license tokens;
determine paid entitlement state;
investigate errors, suspicious activity, abuse, fraud, and security incidents;
respond to support, legal, security, and customer requests;
comply with law, enforce agreements, and protect rights.

5. Subprocessors

Shipmoor uses the subprocessors below for the current IC subscription surface.

Subprocessor	Role	Jurisdiction / Processing Location
WorkOS	Authentication, OAuth, and identity workflows	United States; global infrastructure as needed
Stripe	Checkout, subscription billing, invoices, taxes, customer portal, and payment processing	United States and other Stripe processing locations
Supabase	Database hosting for account, subscription, license, and audit metadata	United States or configured cloud region
Vercel	Website and application hosting, edge delivery, deployment infrastructure	United States and global edge network

Subprocessors may change as the Services evolve. We will update this policy or provide another appropriate notice for material changes.

6. Cookies

The current account and authentication surfaces use only necessary cookies for sign-in, session security, and redirects:

shipmoor_session: signed session cookie for an authenticated Shipmoor account session.
shipmoor_auth_state: transient CSRF/state cookie for the WorkOS authentication callback.
shipmoor_post_signin: transient post-sign-in destination cookie used to return you to the right page after authentication.

Shipmoor does not use analytics or marketing cookies for these legal pages. If analytics or marketing cookies are introduced later, Shipmoor will update its disclosures and consent approach where required.

We may share personal data and metadata with:

the subprocessors listed above, as needed to provide the Services;
professional advisors such as lawyers, auditors, accountants, insurers, and banks;
authorities or third parties where required by law, legal process, security needs, fraud prevention, or enforcement of our rights;
business transaction parties in connection with a merger, acquisition, financing, reorganization, asset sale, or similar transaction.

We do not sell personal data. We do not share personal data for cross-context behavioral advertising as those terms are commonly used under U.S. state privacy laws.

8. Retention

We retain data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and operate the business.

Default retention periods are:

account identity data is retained while the account is active and until deletion is requested, subject to legal, security, billing, and operational limits;
subscription and billing records are retained while needed for billing support, tax, accounting, audit, and legal obligations;
license metadata is retained while needed to operate paid entitlements, prevent abuse, support revocation checks, and maintain auditability;
authentication audit events are retained for 12 months unless needed longer for security, fraud, legal, or operational reasons;
Stripe webhook event records are retained while needed for idempotency, billing reconciliation, audit, and support;
local scan data stays in your environment unless you choose to send it elsewhere.

9. Deletion Requests

You may request deletion of personal data by emailing privacy@shipmoor.dev.

We will verify the request, identify account-controlled data, and delete or de-identify personal data where required and technically feasible. Some records may be retained where necessary for tax, accounting, security, fraud prevention, dispute resolution, legal compliance, or legitimate business operations.

If you use Shipmoor through an organization, we may refer requests about organization-controlled data to that organization.

10. Security

We use technical and organizational measures designed to protect personal data and metadata processed by hosted Services. These measures may include access controls, encryption in transit, encryption at rest where appropriate, logging, monitoring, vendor review, and internal security procedures.

No system is perfectly secure. You are responsible for securing your repositories, endpoints, CI systems, credentials, secrets, license files, runners, networks, logs, backups, and third-party integrations.

Security issues can be reported to security@shipmoor.dev.

11. International Transfers

We and our subprocessors may process personal data in countries other than where you live or where your organization is located. Where required, we use appropriate safeguards for international transfers, such as contractual commitments, data processing terms, and standard contractual clauses.

12. Your Rights and Choices

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or request portability of personal data. You may also have the right to withdraw consent where processing is based on consent or to appeal a privacy-rights decision where applicable.

To exercise rights, contact privacy@shipmoor.dev. We may need to verify your identity before fulfilling a request.

13. Children

The Services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child provided personal data to Shipmoor, contact us so we can take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice through the website, product, email, console, CLI, or another appropriate channel. The updated version is effective on the date stated at the top of the policy.

15. Contact

Questions or requests about this Privacy Policy may be sent to:

Email: privacy@shipmoor.dev