Security & Privacy

ShapeShip is built with security and privacy in mind. Your data is encrypted, protected, and handled with care.

Security practices

How we protect your data

Encryption in transit

All data transmitted between your site and ShapeShip is encrypted using TLS 1.3. Your Form submissions are protected from interception.

Encryption at rest

All stored data is encrypted at rest. Your Form submissions, user data, and integration credentials are protected even if our infrastructure is compromised.

Least privilege access

ShapeShip follows the principle of least privilege. Only authorized personnel have access to production systems, and all access is logged and audited.

GDPR compliant

ShapeShip is GDPR compliant. You can export or delete user data at any time. We don't sell your data or use it for advertising purposes.

Secure infrastructure

ShapeShip runs on Vercel's secure infrastructure with SOC 2 Type II compliance. Regular security audits and penetration testing ensure ongoing protection.

Regular security audits

We conduct regular security audits and penetration testing. Our security practices are continuously improved based on industry best practices.

Compliance & Certifications

ShapeShip meets industry standards for security and privacy

GDPR compliant
SOC 2 Type II infrastructure
TLS 1.3 encryption
Regular security audits
Data encryption at rest
Least privilege access
Audit logging
No data selling

Data handling

How we handle your data

What we collect

ShapeShip collects Form submissions, including the feedback text, page URL, user email (if provided), and any attachments. We also collect account information (email, name) for authentication and support.

How we use it

Form submissions are used solely to deliver them to your configured integrations (Jira, Linear, Slack, etc.). We don't sell your data, use it for advertising, or share it with third parties except as necessary to provide the service.

Your rights

You can export or delete your data at any time. Contact us at support@shapeship.app to request data export or deletion. We'll process your request within 30 days.

Security FAQ

Where is my data stored?

ShapeShip stores data on Vercel and Supabase infrastructure with SOC 2 Type II compliance. All data is encrypted at rest and in transit.

Can I delete my data?

Yes. You can delete individual Form submissions, entire Forms, or request full account deletion. Contact support@shapeship.app for account-level requests.

Do you sell user data?

No. We never sell, share, or use your data for advertising. Your Form submissions are used solely to deliver them to your configured integrations.

Is ShapeShip GDPR compliant?

Yes. ShapeShip is GDPR compliant. You can export or delete data at any time, and we provide a Data Processing Agreement on request.

Questions about security?

Contact us if you have questions about our security practices or need a security questionnaire filled out.

Contact security teamStart free