PackageTrack ProPackageTrack Pro

Privacy Policy

Last updated: March 27, 2026

1. Introduction

PackageTrack Pro ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our package tracking and mailroom management platform ("the Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and an encrypted password. If you are invited to an organization, we also associate your account with that organization and facility.

Package Data

The Service stores package tracking information including carrier, tracking number, sender, recipient name, status, timestamps, and optional notes. This data is entered by your facility's operators and belongs to your organization.

Photos & Signatures

When operators capture package photos or delivery signatures, these images are stored securely in Cloudflare R2 object storage. Photos are processed (resized, compressed) server-side and associated with the relevant package record.

AI-Processed Data

When you use AI-powered features (label scanning, recipient matching, natural language search), relevant data is sent to Anthropic's Claude API for processing. We send only the minimum data required — for example, a cropped label photo for scanning. Anthropic does not use this data to train their models.

Usage & Technical Data

We collect standard technical information including IP address, browser type, device type, pages visited, and error logs. This data is used for service operation, debugging, and security monitoring via Sentry.

3. How We Use Your Information

  • To provide and maintain the Service.
  • To send transactional notifications (package received, delivered, held) via your configured channels.
  • To process billing and manage your subscription via Stripe.
  • To provide AI-powered features (label reading, smart search, recipient matching).
  • To monitor service health, debug errors, and improve reliability.
  • To communicate important service updates, security notices, or billing changes.

4. Multi-Tenant Data Isolation

PackageTrack Pro is a multi-tenant platform. Every database query is scoped to your active facility. Your package data, recipient information, photos, and activity logs are logically isolated and cannot be accessed by other tenants. Organization administrators may switch between facilities they manage, but can only view data belonging to the facility they are currently working in. Data from one facility is never visible within or combined with another facility.

5. Data Sharing & Third Parties

We do not sell your data. We share data only with:

  • Stripe — for payment processing. Stripe handles your payment information under their own privacy policy.
  • Anthropic (Claude API) — for AI features. Only the minimum required data is sent. Anthropic's zero-data-retention policy applies.
  • Resend — for transactional email delivery (package notifications, account emails).
  • Cloudflare R2 — for secure photo and file storage.
  • Sentry — for error tracking and performance monitoring. No package data is included in error reports.
  • Vercel — for application hosting and serverless infrastructure.
  • Neon — for PostgreSQL database hosting.

6. Data Retention

  • Active accounts: Your data is retained for as long as your subscription is active.
  • After cancellation: Your data remains accessible in read-only mode for 30 days, then is permanently deleted.
  • Trial expiration: If you do not subscribe after the 10-day free trial, your data enters a 30-day read-only grace period, followed by permanent deletion at day 40.
  • Photos: Automatically deleted according to your facility's retention policy (default: 90 days, configurable from 7 to 365 days). Photos are also deleted when the associated package record is removed, or upon account deletion.

7. Data Security

We protect your data with:

  • Encrypted connections (TLS/HTTPS) for all data in transit.
  • Encrypted database connections via Neon's serverless driver.
  • Passwords hashed with bcrypt (cost factor 12).
  • Integration credentials encrypted with AES-256-GCM at rest.
  • Presigned URLs for secure, time-limited photo access.
  • Rate limiting on authentication endpoints.
  • Role-based access controls within each facility.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data (available via CSV export in the Service).
  • Opt out of non-essential communications.

To exercise these rights, contact us at support@packagetrackpro.com.

9. Cookies

The Service uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete it, and the right to opt out of any sale of personal information. We do not sell personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top reflects the most recent revision.

13. Contact

Questions or concerns about this Privacy Policy? Contact us at support@packagetrackpro.com.

Start Free Trial