Home / Privacy Policy
Legal · PrivacyPrivacy Policy
Last updated: April 12, 2026. Speedizon Logistics, Inc. is committed to transparent and lawful handling of personal data — for the brands we serve and for the end customers whose orders we fulfil.
1. Who we are
Speedizon Logistics, Inc. ("Speedizon", "we", "us") is a third-party fulfilment provider incorporated in Delaware, with operating headquarters at 248 Harbor Logistics Way, Building D, Suite 410, Newark, NJ 07114. This Privacy Policy explains how we collect and process personal data through our public website, the Atlas operations platform, and the fulfilment services we provide to brand customers.
2. Whose data we handle
We handle two distinct categories of personal data:
- Brand customer data — information about the operators, finance teams, and engineers at the brands who use Speedizon to fulfil their orders.
- End customer data — information about the recipients of orders we fulfil on behalf of our brand customers. For this category, the brand is the data controller and Speedizon acts as a processor under their direction.
3. What we collect
From brand customers, we collect business contact information (name, work email, role, company), commercial information (channel mix, SKU geometry, volume forecasts), and platform usage data (Atlas event logs, audit records). From end customers — and only via instructions from our brand customers — we receive shipping name, shipping address, contact details necessary to dispatch the parcel, and the line-item content of the order itself.
4. Why we collect it
We process personal data only for documented purposes:
- To execute the fulfilment service requested by the brand customer (legal basis: contract performance).
- To improve the operation of the Atlas platform (legal basis: legitimate interest, balanced against the data subject's rights).
- To meet our legal and regulatory obligations under U.S. federal and state law, EU GDPR Article 28, and any retailer compliance requirements we hold on behalf of brand customers.
- To communicate with brand customer contacts about operational matters and, with separate opt-in, about Speedizon news and product updates.
5. How long we keep it
End customer order data is retained for the duration of the brand's contract plus 24 months for chargeback, returns, and audit purposes, after which it is deleted from the Atlas operating record. Audit logs are retained for seven years to satisfy SOC 2 retention scope. Brand customer business contacts are retained while the relationship is active and for 18 months after termination unless deletion is requested.
6. Who we share it with
We share personal data only with the following categories of recipients:
- Carriers — to dispatch the parcel (UPS, FedEx, USPS, DHL Express, and regional carriers per the rate-shop outcome).
- The originating brand — our customer, on whose behalf we hold and process the data.
- Sub-processors — hosting (US-region cloud infrastructure), telemetry (SOC 2 audited observability vendors), and the Atlas mobile push notification provider. A current sub-processor list is available on request.
- Authorities — when legally compelled, and never without notifying the brand customer where lawful to do so.
We do not sell personal data. We do not exchange order data with advertising networks. We do not train any external machine-learning model on customer order data.
7. International transfers
End customer data fulfilled from a US hub is processed in the United States. End customer data fulfilled from our Rotterdam (NL) gateway is processed in the European Union and remains in the EU unless the brand instructs us otherwise. EU-to-US transfers are conducted under the EU Standard Contractual Clauses (2021 module 2 — controller to processor).
8. How we protect it
The Atlas platform is independently audited annually against SOC 2 Type II trust service criteria covering security, availability, processing integrity, confidentiality, and privacy. Data is encrypted in transit (TLS 1.3) and at rest (AES-256), with hardware-backed key custody. API access is OAuth 2.0 with per-application scoped tokens and rotation alerts. Physical access to fulfilment hubs is access-card and surveillance controlled, with role-based clearance for the operations floor.
9. Your rights
If you are an end customer whose order we fulfilled, the brand that sold you the goods is the data controller. Address rights requests to them first — they may direct us to assist. If you are a brand customer contact (or otherwise believe Speedizon is the controller of your data), you have the right to access, correct, port, and delete your data, and to object to or restrict its processing. Email support@speedizon.com and we will respond within 30 days.
10. Cookies and analytics
The public Speedizon website uses functional cookies and a minimal first-party analytics package. We do not use third-party advertising cookies on the public site or inside Atlas. See our Cookie Policy for details on each cookie.
11. Children
Speedizon services are not directed to children, and we do not knowingly process the personal data of anyone under 16. If a brand customer routes such data through us in error, we will assist them in remediating it on request.
12. Changes to this policy
We update this policy when our processing materially changes. Material changes are announced in-product to brand customer contacts and via a notice on this page for at least 30 days prior to taking effect. Non-material clarifications are made silently with the last-updated date refreshed above.
13. Contact us
Privacy questions, data-subject requests, and DPA copies: support@speedizon.com. Postal: Speedizon Logistics, Inc., Attn: Privacy Office, 248 Harbor Logistics Way, Building D, Suite 410, Newark, NJ 07114, United States.