50,000+ shipmentsTrustpilot 4.9/5 Support < 2h

Privacy Policy

Last updated: April 1, 2026

This is an English translation provided for convenience. The legally binding version is the Italian original — see the Italian original.

1. Data Controller

The Data Controller for the processing of personal data is AB Capital SRL, with registered office at Foro Buonaparte 59, 20121 Milan (MI), Italy, VAT no. [to be inserted] (hereinafter "PaccoFly", "we" or "the Controller").

For any privacy-related request: [email protected]

2. Personal Data Collected

We collect the following categories of personal data:

  • Identification data: first name, last name, company name, email address, phone number
  • Shipping data: pickup and delivery address, postal code, city, country
  • Payment data: processed directly by Stripe Inc. (we do not store credit card data)
  • Browsing data: IP address, browser type, pages visited, visit duration
  • Account data: email, password (encrypted), order history

3. Purposes of Processing

Personal data are processed for the following purposes:

  • Service provision: rate comparison, shipment creation, label generation
  • Account management: registration, authentication, password recovery
  • Payment processing: via Stripe Inc., PCI DSS compliant
  • Service communications: order confirmations, shipping updates, verification OTPs
  • Legal compliance: tax, accounting and regulatory obligations
  • Service improvement: aggregated and anonymized analytics on platform usage

4. Legal Basis for Processing

Data processing is based on:

  • Contractual performance (Art. 6.1.b GDPR): necessary to provide the comparison and shipping service
  • Legal obligation (Art. 6.1.c GDPR): tax and accounting compliance
  • Legitimate interest (Art. 6.1.f GDPR): fraud prevention, security, service improvement
  • Consent (Art. 6.1.a GDPR): for marketing communications (where applicable)

5. Data Sharing

Personal data may be shared with:

  • Partner carriers (Poste Italiane, InPost, FedEx, UPS, etc.): for the creation and management of shipments
  • Sendcloud B.V. (Netherlands): shipment management platform
  • Stripe Inc. (USA): payment processing, compliant with Privacy Shield and SCC
  • Hosting providers: for the delivery of the web service

We do not sell or rent your personal data to third parties.

6. Non-EU Data Transfers

Some of our providers (Stripe) are based in the United States. Transfers are protected by Standard Contractual Clauses (SCC) approved by the European Commission and/or by the EU-US Data Privacy Framework.

7. Data Retention

  • Account data: retained until account deletion
  • Order data: retained for 10 years (tax obligations)
  • Browsing data: retained for 26 months
  • OTPs and tokens: automatically deleted after 15 minutes

8. Your Rights

Under the GDPR (Arts. 15-22), you have the right to:

  • Access: obtain confirmation and a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request the deletion of data ("right to be forgotten")
  • Restriction: restrict processing in certain circumstances
  • Portability: receive your data in a structured, readable format
  • Objection: object to processing based on legitimate interest

To exercise your rights, write to: [email protected]

You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

9. Cookies

We use technical cookies necessary for the operation of the site and session cookies for authentication. For more information, see our Cookie Policy.

10. Security

We adopt appropriate technical and organizational measures to protect personal data, including: password encryption (bcrypt), HTTPS connections, restricted data access, PCI DSS-compliant payment processing through Stripe.

11. Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy. Changes will be published on this page along with an updated last-modified date. Please review this page periodically.