Friendly Shipping Protection

Schedule Demo

Last updated September 18th, 2025

This Privacy Policy describes how Friendly Insurance Services, Inc. ("Friendly," "we," "our," or "us") collects, uses, and discloses personal information about you and your data privacy rights. Personal information is sometimes also referred to as personal data, personally identifiable information, or other like terms that mean any information that directly or indirectly identifies you or is reasonably capable of being associated with you or your household (or another individual). Personal information does not include information about organizations, or anonymized data that is not capable of identifying you.

We will only collect, use, and disclose personal information as described in this Privacy Policy. Friendly will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

I. NOTICE AT COLLECTION

This Notice at Collection describes how we collect, use, and disclose personal information we collect from or about you.

A. Collection of Personal Information

1. Personal Information You Provide to Us

We collect personal information you provide directly to us. For example, we collect personal information directly from Merchants who register to use our application on their ecommerce websites, Consumers who subscribe for our services, B2B Contacts when we conduct business dealings with them, and generally from individuals who respond to our inquiries, surveys, communications, offers, or marketing. The types of personal information that we may collect directly from you include:

Contact information, such as name, email address, phone number, and physical address
Individual characteristics, such as date of birth and social media information
Commercial information, such as records of the products or services purchased, obtained, or considered by Consumers, Consumer feedback and other communications, or other purchasing or consuming histories or tendencies, including the information you may share in the contact form on our website about your business
Video and/or audio information during business meetings

Friendly does not see your sensitive financial information, such as financial account, debit card, or credit card information. However, when subscribing to our services, you may transmit such information to third parties, such as banks, processing gateways, and merchant processors, in order to process transactions and payments.

2. Personal Information We Collect Automatically

We automatically collect certain personal information about your interactions with us or our services, including the Friendly application and website:

Device and Usage Information

We collect information about how you access our services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, Internet Protocol (“IP”) address, unique device identifiers, device type, browser type, and app version. We also collect information about your activity on our services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our services.

Information Collected by Cookies and Similar Tracking Technologies

We and others that control collection of personal information use tracking technologies, such as cookies and web beacons, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our services and your experience, see which areas and features of our services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our services and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, see Your Choices About Cookies below.

Automated Decision Making

We do not envisage that any decisions will be taken about you using automated means (without any human involvement), including profiling, which produces legal or similarly significant effects. In the event that this position changes, we will notify you.

3. Personal Information We Collect From Other Sources

We obtain personal information from other sources. For example, we may collect information from advertising networks, data analytics providers, operating systems and platforms, mailing list providers, social networks, and other advertising partners. This information includes your contact information and usage data collected through cookies and other trackers described in the Advertising and Analytics section below.

4. Personal Information We Receive from Merchants

We will also receive personal information from Merchants regarding the consumers whom they offer their products and/or services to (“Merchant Consumers”).

Merchants are solely responsible for ensuring that any personal information they provide to us is in compliance with applicable privacy laws, including, but not limited to, ensuring that notice is provided to Merchant Consumers about the sharing of their personal information with us and, where applicable, obtaining appropriate consent.

For certain personal information we receive from Merchants, we will process that personal information in our capacity as a data processor – as such, we will only process such personal information on the documented instructions of the Merchant as a data controller. Please refer to the Purpose and Use of Personal Information section below, where we have identified the purposes for which we may undertake processing activities in our capacity as a data processor on behalf of a Merchant.

5. Personal Information We Derive

We may derive personal information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are looking to purchase certain products based on your browsing behavior and past purchases.

B. Purpose and Use of Personal Information

We may use the categories of personal information identified in the Collection of Personal Information section above for the following purposes in our capacity as a data processor on behalf of a Merchant:

To facilitate Merchants’ registration for the Friendly application on their e-commerce websites
To provide order tracking, streamlined returns or exchanges, shipping, instant refund, enhanced shopping experiences, and warranty services
To process transactions and send you related information, including confirmations, receipts, invoices, customer experience surveys, and recall notices
To send you technical notices, security alerts, and support and administrative messages
To respond to your comments and questions and provide customer service
To communicate with you about products, services, and events offered by the Merchant and provide news and information that we think will interest you
To carry out any other purpose described to you at the time the information was collected

In addition, we may use the categories of personal information identified in the Collection of Personal Information section above for the following purposes in our capacity as a data controller:

To conduct business dealings with our partners, services providers, contractors or processors
To personalize and improve your experience on our services
To monitor and analyze trends, usage, and activities in connection with our services
To generate customer behavioural profiles for consumers based on anonymous and historic shopping data in order to create tailored shopping recommendations
To personalize the advertisements you see when you use our services based on information provided by our advertising partners
To detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Friendly and others
To debug to identify and repair errors in our services
To comply with our legal and financial obligations
To carry out any other purpose described to you at the time the information was collected

In the EEA and UK, the GDPR requires us to identify a ‘lawful’ or ‘legal’ basis for the processing (our use) of your personal information. The lawful bases we have identified is set out in more detail in the SUMMARY OF PRIOR 12 MONTH PERSONAL INFORMATION PROCESSING ACTIVITIES section set out below.

C. Disclosure of Personal Information

We may disclose your personal information in the following circumstances or as otherwise described in this Privacy Policy. To learn more about the categories of personal information we may disclose and the categories of recipients, please see the Summary of Prior 12 Month Personal Information Processing Activities section below, which describes our prior 12 month and going forward personal information disclosure practices.

Vendors. We may disclose or make available your personal information to service providers, contractors, processors, and other parties who provide services to Friendly, Merchants and Consumers, customer relations management (“CRM”) software, fraud prevention, customer communication, bug tracking, and other related services.
Transaction Processing. We may provide you access to banks, processing gateways, and merchant processors for you to provide personal information required to process transactions.
Warranty Providers. We may disclose your personal information to third parties who provide warranty services.
Shipping Providers & Carriers. We may disclose your personal information to third parties who provide shipping services.
Advertising and Analytics. We may make your personal information available to advertising and analytics partners, as described in the Advertising and Analytics section below.
Legal Disclosures. We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by courts or public authorities to meet national security or law enforcement requirements. We may also share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Friendly, our users, the public, or others.
Disclosed to Advisors and Lawyers. We may disclose personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
Disclosed During Change of Ownership. We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
With Your Consent. We may otherwise disclose personal information with your consent or at your direction.
Disclosure of Non-Personal Information. We may also disclose aggregated or de-identified information that cannot reasonably be used to identify you. When doing so, we publicly commit to maintain and use the information in an aggregated or de-identified form and not attempt to re-identify the information, unless permitted or required by law.

D. Retention of Personal Information

We store personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. Specifically, we will keep the personal information of Merchants, Consumers, and B2B Contacts as long as we have a continuing relationship with them to provide or receive services and for up to 6 years thereafter, unless we need to retain the personal information for an additional length of time under the law.

II. ADVERTISING AND ANALYTICS

We may allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile apps. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information.

This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our services and other websites, and better understand your online activity.

For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. Your device may also include a feature that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes.

We may also work with third parties to serve ads to you as part of customized campaigns on third-party platforms. As part of these ad campaigns, we or the third-party platforms may convert information about you into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.

III. TRANSFERS OF INFORMATION TO THE UNITED STATES AND OTHER COUNTRIES

Friendly is headquartered in the United States, and we have operations and/or service providers in the United States and other countries. Therefore, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of other countries (such as in the EEA or UK). We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. For more information on the safeguards used, see the Data Privacy Framework Notice below.

IV. YOUR CHOICES ABOUT COOKIES

Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our services.

If you wish to reject the use of certain cookies, you can also use the ‘Preferences’ banner at the bottom of our website to reject the use of cookies.

V. CHILDREN

This website is not intended for or directed at children under the age of 18. In addition, we do not knowingly collect personal information from children under the age of 18. We also do not knowingly sell, share, use for targeted advertising, or disclose the personal information of children under the age of 18.

VI. SUMMARY OF PRIOR 12 MONTH PERSONAL INFORMATION PROCESSING ACTIVITIES

In the preceding 12 months, we have collected the categories of personal information set forth in the table below. For details about the precise data points we collect and the categories of sources of such collection, please see the Collection of Personal Information section above. We collect personal information for the business and commercial purposes described in Purpose and Use of Personal Information section above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients, which we also describe in greater detail in the Disclosure of Personal Information section above:

Category of Personal Information we CollectBusiness Purpose (and Lawful Basis) for Disclosure and ProcessingCategory of RecipientsIdentifiers, such as name, email address, phone number, physical address, date of birth, IP address, unique personal identifiers, and other similar identifiers.For performance of our contracts, or legitimate interests, including: providing our services to Merchants and Consumers; conducting business with and receiving services from B2B Contacts; facilitating payment and transaction processing; for warranty services; analytics, advertising, and marketing (where applicable, we do this with your consent); and legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.Service providers, contractors, and processors, who provide services to Friendly, such as shipping, CRM software, fraud prevention, customer communication, bug tracking, and other related services; banks, processing gateways, and merchant processors; warranty providers; legal and other purposes described in greater detail in the Disclosure of Personal Information section above.

VII. Selling or Sharing of Personal Information

Below, we describe the categories of personal information we may sell or share for targeted advertising currently and in the preceding 12 months. We also describe the third parties who received or may receive the personal information and the business or commercial purpose for the sale or sharing. We do not knowingly sell or share the personal information of children under the age of 18, and have not done so in the prior 12 months.

Category of Personal InformationSold or SharedCategory of Third PartyBusiness or Commercial Purpose for Sale or Sharing

Identifiers, such as name, email address, phone number, physical address, date of birth, IP address, unique personal identifiers, and other similar identifiers. This category of personal information may be sold or shared. We may have shared or sold such personal information with third party advertising, marketing, and cookie providers, and with merchants interested in marketing their products and services to you. We may have disclosed this category of personal information to provide advertising and marketing services. Characteristics of protected classifications under California or federal law, such as age. This category of personal information may be sold or shared. Same as above. Commercial information…This category of personal information may be sold or shared. Same as above. Internet or other electronic network activity information…This category of personal information may be sold or shared. Same as above. Geolocation data…This category of personal information may be sold or shared. Same as above. Inferences…This category of personal information may be sold or shared. Same as above.

VIII. Opt-Out Preference Signals and “Do Not Track” Requests

A. We Honor Opt-Out Preference Signals

We honor opt-out preference signals. An opt-out preference signal is a signal that is sent by a platform, technology, or mechanism on your behalf that communicates your choice to opt-out of the sharing for targeted advertisements or sale of your personal information. You can learn more about implementing opt-out preference signals here or by exploring other developing technologies and services that offer this tool. We treat opt-out preference signals as valid requests to opt-out of the sale or sharing of your personal information under privacy laws.

Please note that you can also opt-out of the sale or sharing of your personal information for targeted advertising through our other methods described in Instructions on How to Exercise Your Privacy Rights section below.

B. “Do Not Track” Requests

Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the websites you visit indicating that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the do not track signal, we currently do not respond to the browser do not track signals. However, as noted above, we do honor opt-out preference signals.

IX. Sensitive Personal Information

Under some privacy laws, certain types of personal information are considered “sensitive” or “special” personal information or data and require additional data privacy rights and obligations. Friendly does not process “special” personal information under the GDPR. However, the financial information described in this Privacy Policy may be considered “sensitive” under US privacy laws.

Specifically, Friendly does not see any information that constitutes “sensitive” personal information or data, but you may provide to banks, processing gateways, and merchant processors your sensitive financial account, debit card, or credit card information when using our services. Friendly facilitates your provision of this information to these parties in order to provide our services.

This information may also be used to prevent, detect, and investigate security incidents, resist malicious, deceptive, fraudulent, or illegal actions and prosecute those responsible, and ensure physical safety of natural persons. Because this “sensitive” personal information is used for limited and permitted purposes, we do not offer a limit use and disclosure of sensitive personal information right. However, where required by law, we will obtain your consent before such sensitive personal information is collected. You may withdraw your consent by contacting us at support@shipfriendly.io.

X. Your Privacy Rights

A. Rights Available to US Residents

(Data privacy rights text unchanged; updated to reference Friendly implicitly as the controller/processor as described.)

B. Rights Available to UK and EEA Residents

(GDPR rights text unchanged.)

C. Instructions on How to Exercise Your Privacy Rights

You may exercise your privacy rights by emailing us at support@shipfriendly.io. You may also opt-out of the sale of your personal information or sharing of your personal information for targeted advertising by clicking on the Do Not Sell or Share My Personal Information link, which can be found on the footer of this website.

In some instances, we will need to verify your identity before honoring your privacy rights request. We will verify your identity by asking you to provide personal information related to your recent interactions with us. We will honor your privacy rights request within 45 calendar days of receipt, unless we request an extension as permitted by data privacy law. However, we will honor opt-out of sale and sharing requests within 15 business days. We do not need to verify your identity for opt-out of sale or sharing requests, but we may ask for additional information to find you on our services.

D. Appealing a Denial of a Privacy Right Request

You may appeal a denial of your privacy right requests by emailing us at support@shipfriendly.io. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may submit a complaint to the Attorney General of your state.

E. Authorized Agents

If permitted or required by applicable law, you may exercise your privacy rights through an authorized agent (which may include a guardian or conservator). If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please contact us at support@shipfriendly.io.

F. Shine the Light Disclosure for California Residents

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at support@shipfriendly.io.

XI. DATA PRIVACY FRAMEWORK NOTICE

As a supplement to the information provided throughout this Privacy Policy, we provide the following information as a notice in accordance with our obligations as a participating organization under the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF.

Friendly complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Friendly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit Data privacy framework website.

This Privacy Policy describes our privacy practices with respect to personal data (referred to as “personal information” above) received from the European Union and from the United Kingdom (and Gibraltar) in reliance on the DPF, including the types of personal data we collect, our purposes for collecting and using personal data, the types of third parties to whom we disclose personal data, and our purposes for disclosing personal data to third parties. Please see above for more information.

You have the right to access, correct, amend, or delete your personal data, and the choice to opt out of us disclosing your personal data to a third party or using your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you have any questions, concerns, or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us via email at support@shipfriendly.io.

Friendly may transfer personal data for the purposes described in this Privacy Policy to a third party acting as a controller or as an agent. If we intend to disclose personal data to a third party acting as a controller or as an agent, we will comply with the “Accountability for Onward Transfer” principle as detailed on the DPF website at https://www.dataprivacyframework.gov/framework. We remain responsible for the processing of personal data received from the European Union and from the United Kingdom (and Gibraltar) in reliance on the DPF and subsequently transferred to a third party acting as a controller or as an agent if the third party processes such personal data in a manner inconsistent with the DPF.

The Federal Trade Commission has jurisdiction over Friendly’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. In certain situations, Friendly may be required to disclose personal data received under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

This Privacy Policy may be amended consistent with the requirements of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. When we update this Privacy Policy, we will also revise the “Last Updated and Effective Date” at the top of this Privacy Policy.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Friendly commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Friendly at: support@shipfriendly.io via email.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Friendly commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to the independent dispute resolution body, TrustArc, an alternative dispute resolution provider based in San Francisco, California. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.trustarc.com/watchdog/request for more information or to file a complaint. The services of TrustArc are provided at no cost to you.

For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in Annex I of the DPF website at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.