Last updated: March 22, 2026 · Effective: March 22, 2026
Short version: CartonFlow collects only what it needs to operate. We don't sell your data. Ever.
CartonFlow is operated by Pevara Systems. When we say "CartonFlow," "we," "us," or "our," we mean Pevara Systems. Questions? [email protected]
When you create an account we collect your name, email address, company name, and password (hashed — we never store it in plaintext).
Data you enter into the platform: shipments, products, destinations, 3PL contacts, messages, invoices, and documents. This data belongs to you.
We collect standard server logs: IP address, browser type, pages visited, and timestamps. This helps us diagnose issues and improve the product.
All payment processing is handled by Stripe. CartonFlow never sees or stores your full card number. We store only your Stripe customer ID and subscription status.
If you connect FedEx or UPS accounts, we store your API credentials (encrypted at rest) solely to pull tracking data on your behalf.
We do not use your data for advertising. We do not sell your data to third parties. We do not use your logistics data to train AI models.
We share data only with:
We retain your data for as long as your account is active. If you cancel, we retain your data for 90 days before permanent deletion, unless you request immediate deletion.
You have the right to access, correct, export, or delete your data at any time. Email [email protected] and we'll respond within 5 business days.
All data is encrypted in transit (TLS) and at rest. Passwords are hashed using bcrypt. We use JWT-based authentication with short-lived access tokens and longer-lived refresh tokens stored securely.
We use session cookies for authentication only. We do not use advertising or tracking cookies. See our Cookie Policy for details.
We'll notify you by email if we make material changes to this policy. Continued use of CartonFlow after changes constitutes acceptance.
Pevara Systems · [email protected]