Canal facilitates the necessary sharing of shipping PII for order fulfillment in a secure manner. We rely on contractual agreements with Suppliers to ensure they handle this data responsibly and solely for its intended purpose. Retailers also have tools like email anonymization to further control data sharing. Our commitment is to enable seamless commerce while upholding data privacy standards.
Why is Shipping Information Shared?
When a customer purchases a Supplier's product through a Retailer's storefront powered by Canal, the Supplier needs the customer's shipping information (like name and address) to physically send the product. This is the core function of the dropshipping/marketplace model facilitated by Canal.
Sharing this information is essential for fulfilling the order. Under data privacy regulations (such as GDPR), processing this data has a "lawful basis" or "legitimate interest" because it's necessary to complete the transaction and deliver the product the customer ordered.
What Information is Shared?
Typically, the information required for fulfillment includes:
- Customer Name
- Shipping Address
- Phone Number (if provided by the customer for shipping purposes)
- Customer Email Address (See "Retailer Controls" below for anonymization options)
How is Information Shared Securely?
Canal acts as a secure conduit for this information:
- Secure Transfer: Order details, including shipping information, are passed from the Retailer's system to the Supplier's system via Canal's secure integrations (e.g., Shopify App, API). Data is encrypted during transit.
- Platform Integration: Suppliers typically receive this information directly into their existing e-commerce backend (e.g., Shopify, BigCommerce, or via API), which have their own security protocols.
- Canal's Security: Canal employs robust security measures, including data encryption at rest and in transit, strict access controls, and adherence to industry best practices. Canal is SOC2 Type 2 compliant, underscoring our commitment to security and operational effectiveness.
Supplier Responsibilities & Data Handling
Suppliers using the Canal platform agree to our Terms of Service, which include strict provisions regarding the handling of customer PII:
- Purpose Limitation: Suppliers must use the customer's shipping information solely for the purpose of fulfilling the specific order (e.g., shipping the product, managing logistics, handling shipping-related customer service).
- No Unauthorized Use: Suppliers are prohibited from using this information for unrelated marketing, selling the data, or sharing it with unauthorized third parties.
- Data Security: Suppliers are expected to handle the data securely within their own systems.
- Retention: Suppliers should not retain the PII longer than necessary for fulfillment, returns processing, and any legal record-keeping requirements.
Retailer Controls: Email Anonymization
Canal understands that Retailers may have concerns about Suppliers potentially using customer emails for marketing. To address this, Canal offers an Email Anonymization feature:
- Retailers can choose this setting (often found in partnership terms or settings).
- When enabled, Canal masks the customer's actual email address before sending the order details to the Supplier.
- This provides an additional layer of privacy control, preventing the Supplier from directly obtaining the customer's email address via the Canal order flow.