Shopify Privacy Policy

Last Updated: January 28th, 2026

This Shopify Privacy Policy describes how FORT Systems (“we,” “us,” or “our”) collects, uses, shares, and protects personal information through our FORT warehouse management system (“Service”) when processing orders on behalf of merchants who use our fulfillment services.

1. Our Role in Data Processing

We provide fulfillment services to merchants—including wineries, wine retailers, and distributors—who sell products through Shopify and other e-commerce platforms. When we process orders on behalf of these merchants, we act as a data processor. The merchant remains the data controller responsible for their customers’ information, and we process that information solely to fulfill orders on their behalf.

2. Information We Collect

We collect personal information necessary to fulfill orders and comply with alcohol shipping regulations. This information originates from the merchant’s e-commerce platform when orders are imported into our system.

Order Recipient Information

• Name (first and last name)
• Shipping address (street address, city, state, postal code, country)
• Phone number(s) (for carrier delivery contact and compliance requirements)
• Email address (for shipment notifications)
• Date of birth (when required for alcohol shipment compliance and age verification)

Billing Information

• Name (first and last name)
• Billing address (street address, city, state, postal code, country)
• Phone number
• Email address

Order Information

• Order contents and quantities
• Order value
• Special instructions or gift messages

We do not collect or store payment card numbers, bank account information, or other financial account details.

3. How We Use Personal Information

We use personal information solely for the following purposes:

Order Fulfillment

Generating shipping labels through carrier services, coordinating package pickup and delivery, and providing delivery contact information to carriers.

Shipment Notifications

Sending email notifications regarding shipment status, including shipped, in transit, delivered, and delivery exception alerts.

Regulatory Compliance

Preparing compliance reports required by state alcohol beverage control agencies, verifying age requirements for alcohol shipments, and maintaining records as required by state and federal alcohol shipping regulations.

Merchant Services

Providing order status and tracking information to merchants and generating operational reports for merchants and warehouse operators.

4. How We Share Personal Information

We share personal information with the following categories of third parties, solely as necessary to fulfill orders and meet legal requirements:

Shipping Carriers

We transmit recipient name, address, and phone number to shipping carriers to generate labels and facilitate delivery. Our carrier partners include UPS, FedEx, GLS, USPS, and other regional carriers as required. Carriers receive only the information necessary to complete delivery and may use this information according to their own privacy policies.

Email Service Provider

We use SendGrid to deliver shipment notification emails. SendGrid receives recipient email addresses, names, and shipping addresses solely to send transactional notifications on our behalf.

State Regulatory Agencies

As required by law, we provide order and shipment information to state alcohol beverage control agencies for direct-to-consumer wine shipping compliance. This information is submitted by warehouse operators through state-mandated reporting processes and may include recipient name, address, date of birth, and order details. This sharing is required to maintain shipping licenses and is mandated by state law.

Merchants

Merchants who use our Service have access to order information, including recipient details, through our platform and API. Access is limited to each merchant’s own orders.

We do not sell personal information to third parties or share it for advertising or marketing purposes unrelated to order fulfillment.

5. Data Retention

Active Order Data

Order and recipient information is retained in our active systems to support fulfillment operations, customer service inquiries, and merchant reporting.

Compliance Retention

Due to state alcohol shipping regulations, we are required to retain shipment records for audit purposes. Retention periods vary by state but may extend up to seven years following the shipment date. This retention requirement applies regardless of whether a merchant discontinues use of our Service, as the records relate to shipments made under warehouse shipping licenses that are subject to regulatory audit.

Post-Retention

Following the expiration of applicable retention periods, personal information is anonymized or securely deleted.

6. Data Security

We implement technical and organizational measures to protect personal information:

• Encryption in transit: All data transmission between our systems and external parties occurs over TLS-encrypted connections.
• Encryption at rest: All data storage utilizes AES-256 encryption at the infrastructure level.
• Access controls: Access to personal information is restricted to authorized personnel who require it for fulfillment operations.
• Authentication: API access requires multi-factor authentication including username, password, and API key validation.
• Authorization: Merchant data access is segregated so that each merchant can only access their own order information.

7. Your Rights and Choices

For Consumers (Order Recipients)

If you placed an order with a merchant who uses our fulfillment services and wish to exercise your privacy rights—including access, correction, or deletion of your information—please contact the merchant directly. As a data processor, we act on instructions from the merchant regarding their customer data.

If you contact us directly, we will direct your request to the appropriate merchant or work with the merchant to address your request.

Please note that certain information may be retained even after a deletion request if retention is required for legal compliance purposes, including state alcohol shipping audit requirements.

For Merchants

Merchants may access, correct, and export their order data through our platform. Upon termination of service, merchants may request export of their data. Due to regulatory retention requirements, we cannot immediately delete all order records upon service termination, but access to such records will be restricted to compliance purposes only.

8. Shopify Integration

For orders originating from Shopify stores, we handle data in accordance with Shopify’s data protection requirements:

• We use Shopify customer data solely for providing fulfillment services.
• We respond to data subject requests forwarded through Shopify’s data request mechanisms.
• Upon merchant app removal, order data is retained only as required for regulatory compliance, with access restricted accordingly.

9. International Data Transfers

Our services are operated from the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States, where our servers are located and our central database is operated.

10. Children’s Privacy

Our Service is not directed to individuals under 21 years of age. Due to the nature of alcohol fulfillment, all orders processed through our system are for recipients who are at least 21 years old (or the legal drinking age in their jurisdiction). We do not knowingly collect personal information from anyone under 21.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes through our platform. The “Last Updated” date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: