Privacy Policy

Packizon / SmartPack  ·  Effective Date: April 26, 2026  ·  Last Updated: April 26, 2026

Packizon (“we”, “us”, or “our”) operates the SmartPack suite of products, which includes:

  • The SmartPack Windows desktop application (“Edge App”)
  • The Packizon SmartPack Chrome browser extension (“Extension”)
  • The Packizon cloud API and associated backend services (“Cloud API”)
  • The packizon.com website

This Privacy Policy explains what information each component of the SmartPack suite collects, how it is used, and how it is protected. By using any part of the SmartPack suite, you agree to the practices described in this policy.

1. Overview

SmartPack is an enterprise-grade warehouse dimensioning and package verification platform. Each component of the suite has a distinct data footprint. This policy describes each one separately so you can understand exactly what data touches which system.

2. Chrome Extension

2.1 What the Extension Does

The Packizon SmartPack Chrome Extension connects your browser-based order management platform to the SmartPack desktop application installed on the same Windows machine. Supported platforms include ShipStation, ShipBob, Extensiv, and other compatible order management systems. The Extension reads order data displayed in your browser and writes validated package weight back into the order form automatically.

2.2 Data the Extension Reads

  • Order field values displayed on supported order management pages (such as order number, weight fields, and dimension fields). This data is read solely to forward to the locally installed SmartPack desktop application on the same machine.
  • User preference settings (toggle states for “push weight” and “push dimensions”). These are stored locally in Chrome’s extension storage and never transmitted to any remote server.

2.3 Data the Extension Does NOT Collect

  • No personally identifiable information (PII) such as names, addresses, or email addresses
  • No payment or financial information
  • No passwords or authentication credentials
  • No browsing history or activity outside of supported order management pages
  • No keystroke logging, mouse tracking, or screen recording
  • No data from any website other than supported order management platforms

2.4 How Data Flows

All communication between the Extension and the SmartPack desktop application occurs locally on your machine via the Chrome Native Messaging API. No order data, weight data, or dimension data is transmitted to Packizon servers or any third-party server by the Extension. The data path is entirely local:

Browser page → Extension → Local SmartPack App → Browser page

No data leaves your machine through the Extension.

2.5 Permissions Used

  • nativeMessaging: Required to communicate with the locally installed Packizon SmartPack host process to read live weight from a connected USB or serial scale. All communication is local only.
  • storage: Stores user toggle preferences (push weight, push dimensions) so settings persist across browser sessions. No personal data is stored.
  • Host permissions (e.g., app.shipstation.com): Required to read order data from supported order management pages and write validated weight back into the order form. No data is sent to any remote server.

3. SmartPack Desktop Application (Edge App)

3.1 Data Stored Locally

The SmartPack desktop application stores the following data locally on the Windows machine:

  • Station credentials: station ID, company ID, and license key stored in a configuration file
  • Authentication tokens: access and refresh tokens encrypted using Windows DPAPI (Data Protection API), bound to the local user profile. These cannot be read on any other machine.
  • Package dimension database: a local SQLite database containing barcode-to-dimension mappings for your company
  • Scan history: a local record of PASS/FAIL scan results, synced periodically to the Packizon cloud
  • Application logs: rotating log files stored at %APPDATA%PackizonSmartPacklogs. Logs contain operational events only — no personal data, no order content.

3.2 Data Synced to the Cloud

The following data is transmitted from the Edge App to the Packizon Cloud API over an encrypted HTTPS connection:

  • Scan history records (barcode, weight, PASS/FAIL result, timestamp, station ID)
  • Package dimension records created or edited at the station
  • Station heartbeat signals (station ID, timestamp) used to maintain license status

No personal information, employee names, customer data, or payment information is transmitted to or stored by Packizon servers.

3.3 Machine Fingerprint

During station registration, the application generates a machine fingerprint derived from a combination of the machine’s MAC address, hostname, and Windows MachineGuid. This fingerprint is used solely to bind the license to a specific machine and prevent unauthorized license transfers. The fingerprint is a one-way cryptographic hash (SHA-256) and cannot be used to identify individuals.

4. Cloud API and Backend Services

4.1 Data We Store

The Packizon Cloud API stores the following data in our MongoDB database, partitioned by company:

  • Station registration records: station ID, company ID, license key, machine fingerprint hash, station name, and status
  • Scan history: barcode, actual weight, expected weight, PASS/FAIL result, station ID, and timestamp
  • Package dimension catalogue: barcode, SKU, length, width, height, expected weight, and description
  • Authentication tokens: hashed refresh tokens (SHA-256). Raw tokens are never stored.
  • Audit log: system events such as station registrations, license activations, and anomalies

4.2 Data Isolation

All data is strictly partitioned by company. No company can access another company’s data. The company identifier flows through every database query and API endpoint as a mandatory tenant scope.

4.3 Data Retention

Scan history older than 90 days that has been successfully synced is automatically pruned from the local edge database. Cloud scan history is retained for up to 1 year from the date of collection, after which it is automatically and permanently deleted. Expired refresh tokens are automatically removed by a TTL (time-to-live) index in the database.

5. Website Cookies

The packizon.com website uses cookies and similar tracking technologies to operate and improve the site. Cookies are small text files stored in your browser.

Types of Cookies We Use

  • Essential cookies: Required for the website to function correctly (e.g., session management, security tokens). These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with the site (e.g., pages visited, time on site). This data is aggregated and anonymous. We may use tools such as Google Analytics for this purpose.
  • Preference cookies: Used to remember your settings and choices across visits.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling cookies may affect the functionality of certain parts of the website. For analytics opt-out, you may use the Google Analytics Opt-out Browser Add-on.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your data to any third party. We do not use your data for advertising purposes. Data may be disclosed only in the following limited circumstances:

  • Service providers: We use MongoDB Atlas for database hosting and Google Cloud Run for API hosting. These providers process data on our behalf under appropriate data processing agreements.
  • Legal requirements: We may disclose data if required by law, court order, or government regulation.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, customer data may be transferred as part of that transaction, subject to the same privacy protections.

7. Security

We implement industry-standard security measures to protect your data:

  • All data transmitted between the Edge App and Cloud API is encrypted using HTTPS/TLS
  • Authentication tokens on the Edge App are encrypted using Windows DPAPI, bound to the local user profile
  • Refresh tokens are single-use and automatically rotated. Replay of a revoked token triggers immediate station lockout.
  • Our Cloud API validates JWT tokens on every protected request and enforces station status checks
  • The JWT secret is validated at startup and the API refuses to start with known placeholder values

No security system is perfect. If you discover a security vulnerability, please report it to contact@packizon.com.

8. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information. You have the right to: (1) know what personal information we collect, use, and disclose; (2) delete personal information we have collected from you, subject to certain exceptions; and (3) opt out of the sale of your personal information — though we do not sell personal information. To exercise these rights, contact us at contact@packizon.com. We will not discriminate against you for exercising any of these rights.

9. GDPR — European Data Subjects

If you are located in the European Economic Area (EEA), the UK, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent legislation may apply to the processing of your personal data. Where GDPR applies, our lawful basis for processing is our legitimate interests in operating and improving the SmartPack platform, and — where applicable — performance of a contract with the customer organisation. You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at contact@packizon.com. Note: We recommend consulting your legal counsel to determine the full extent of GDPR obligations applicable to your specific use of SmartPack.

10. Children’s Privacy

SmartPack is an enterprise warehouse management tool intended for use by businesses and their employees. It is not directed at children under the age of 13, and we do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page. For significant changes, we will notify customers via email or through the SmartPack application. Your continued use of the SmartPack suite after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how your data is handled, please contact us:

Packizon

Email: contact@packizon.com

Phone: 801-514-1414

Website: packizon.com

© 2026 Packizon. All rights reserved.