Privacy Policy
Consumer Privacy Policy
Effective July 1st, 2025
This privacy policy has been compiled to better serve those who are concerned with how their Personally Identifiable Information, or PII, is being used online. Personally Identifiable Information, as described in U.S. privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, disclose, protect, or otherwise handle your Personally Identifiable Information in accordance with our Services.
INFORMATION CABRELLA COLLECTS
We collect information that you may be asked to enter when you register, make a purchase or an order, file a claim, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features, as appropriate. Such information we may collect includes personal data and nonpublic information as defined under applicable laws:
- Name
- Address
- Date of birth
- Telephone number
- Account and policy information
- Account login credentials
- Social Security Number
- Assets
- Income
- Property Value
- Driver’s license number
- Financial information (e.g., credit card, bank account details stored in your Payment Wallet for AutoPay or claim payments)
- Credit reports and other consumer report information (e.g., for insurance scoring, accessed via third-party services or agencies on our behalf)
- Audio, electronic, photo, visual, or similar information, such as call recordings or photos of damaged goods for claims
- Information from applications and transactions (e.g., claim forms, invoices, appraisals)
- Any information you provide us (e.g., submissions like comments or feedback)
- Public information
- Third-party account credentials
- End recipients information (e.g., consignee and shipping destinations that are entered or sent to our system via Application Programming Interface (API))
Note: Certain items listed (e.g., Social Security number, assets, income, property value) are not collected in the ordinary course of business but may be collected in specific use cases (e.g., compliance with legal obligations, claim assessments), or if future services require it.
The information may include usage information to assess how users utilize our services and help you with your experience, such as API interactions for insurance quotes or shipping label generation. Many of our clients use our API to communicate with us. Historically, the API supported insurance-related activities such as quoting and binding insurance. We have expanded its functionality to allow users to generate shipping labels, collecting data like shipment details (e.g., tracking numbers, package contents, origin/destination) and insurance preferences, subject to our Terms & Conditions. For claims, we may collect additional documentation (e.g., packing lists, repair estimates, photos) within one year of shipment.
We use and disclose this information to provide you with our services or products, to communicate with you, to provide you with customer service, to market our products or services to you, to develop or improve our products or services, for legal or compliance purposes, or as required or permitted by applicable law. This privacy policy applies on websites and apps where it is posted by us. Please note that additional uses of your personal information may be provided to you at the point of collection.
HOW WE USE YOUR INFORMATION
We may use the information we collect from you in the following ways:
- To provide you with our services and to personalize your experience and allow us to deliver the content and product offerings which are most relevant (e.g., insurance policies, shipping labels).
- To measure, maintain, and improve our website, application, performance, and services.
- To communicate with you, including via autodialed calls, texts, or emails for payment validation or service updates (with your consent where required).
- To send periodic emails regarding critical product and service updates.
- To respond to inquiries.
- To follow up with you after a correspondence (live chat, email, or phone inquiries).
- To administer a promotion, survey, or other site feature.
- To collect data for our claims database where you and other users have access to search and cross check addresses for risk management purposes.
- To use the data that we collect from our claims database to provide you with risk management information and recommend the safest ways to ship a particular parcel.
- To market to our mailing list (with consent), including using your name or trademark in business operations (e.g., site branding).
- To quickly process your transactions, including auto-debits and edits to payment data for efficiency.
- To continue to send emails to our clients after the original transaction has occurred.
- To help process requests to send emails to your clients, as requested and directed by you, through our application.
- To assess insurance risks using credit reports.
- To comply with legal obligations.
- To use non-confidential submissions (e.g., comments, feedback) for business purposes.
KEEPING YOUR INFORMATION SECURE
You should carefully protect your personal information that you submit on our services, including your passwords, usernames, location, images, and videos, so that third parties cannot manipulate your accounts or assume your identities. Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We also work hard to protect your information from unauthorized access and disclosure, including the following ways:
- Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
- All sensitive and credit information you supply is encrypted via Secure Socket Layer (SSL) and Transport Layer Security (TLS) technology.
- We implement a variety of security measures when you enter, submit, or access your information.
- We only provide articles and information.
- We use regular Malware Scanning.
- We conduct regular scans to identify and address security vulnerabilities.
- API users must secure their keys and credentials per our API Terms & Conditions Addendum.
We implement appropriate technical and organizational safeguards, including encryption and access controls, to protect your information in accordance with applicable laws such as GDPR, UK GDPR, the GLBA Safeguards Rule, and emerging U.S. state laws. Where required, we also apply data minimization and retention limits to ensure your data is kept only as long as necessary.
USE OF COOKIES
We may use cookies and similar technologies only as needed to operate our website and services and enhance user experience such as for logins or session management. These may include:
- Essential cookies (e.g., for login, session management).
- Performance and analytics cookies (e.g., to monitor website traffic and performance).
- Advertising and targeting cookies, which may be used to personalize content or deliver advertisements based on your browsing behavior, subject to your consent where required by law.
In your personal browser settings, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to block all cookies from a specific domain or all domains. As each browser is different, please reference your own browser’s help menu to learn the correct way to modify your cookies. If you block or disable cookies from Cabrella, some of the features that make your site experience more efficient may not function properly. We respect opt-out signals, and honor Global Privacy Control signals in applicable jurisdictions.
THIRD-PARTY DISCLOSURE
We do not sell, trade, or otherwise transfer your personal information to outside parties, unless we provide you with an advance notice. We share data with third-party service providers (e.g., payment processors, credit agencies, shipping carriers) acting as data processors, subject to contracts ensuring confidentiality. Data transfers outside Canada, the EEA, or UK (e.g., to the U.S.) use safeguards like Standard Contractual Clauses (SCCs) per GDPR Art. 46.
This does not include our website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep your personal information confidential. We employ other companies and individuals to perform functions on our behalf. Examples include:
- Providing marketing assistance.
- Providing search results and links (including paid listings and links).
- Real-time processing of credit card payments.
- Risk assessment via credit reports.
- Shipping label fulfillment with carriers (e.g., FedEx, UPS, USPS, DHL per their terms of carriage).
These agents are provided the limited access to personal information needed to perform their functions but may not use it for other purposes. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, properties, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, and other similar uses. As we continue to develop our business, if we sell or buy business units or subsidiaries, your information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the customer consents otherwise). In the event of a change of ownership, affected users will be notified of the change via email and given the opportunity to prevent the transfer of any information they have given us. You can also opt-out of data sharing for targeted advertising via methods in “Your Rights and Choices.”
THIRD-PARTY LINKS
We do not include or offer third-party products or services for direct purchase on our website. However, our services may integrate with third-party platforms or vendors (e.g., shipping carriers, payment processors, or API partners), as described elsewhere in this policy.
GOOGLE ADVERTISING PRINCIPLES
We have not enabled Google AdSense or third-party ad networks on our website, but we may choose to do so in the future. Google advertising services may collect data through cookies or other tracking technologies to display personalized ads. If we enable Google AdSense or other ad services in the future, we will update our privacy policy to reflect how we collect and use your personal information, including information collected for targeted advertising. To learn more about Google Advertising Principles, visit: [Google Advertising Principles Link].
CALIFORNIA ONLINE PRIVACY PROTECTION ACT
California Online Privacy Protection Act (CalOPPA) is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law stretches to require any person who, or company in the United States (and conceivably the world) that, operates websites which collects Personally Identifiable Information from California consumers, to post a conspicuous privacy policy on its website stating the exact information being collected and those individuals or companies with whom it is shared with. To read more, visit California Online Privacy Protection Act. According to CalOPPA, we agree to the following:
- Users can visit our website anonymously.
- We have a link of our Privacy Policy on our home page for users’ access.
- Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on our main page.
- Users can change their personal information by logging into their account.
CHANGES TO OUR PRIVACY POLICY
We keep our privacy policy under regular review and place any updates on this web page. Please check this page occasionally for any changes to the Privacy Policy.
CHANGES TO YOUR PERSONAL INFORMATION
For all changes to your personal information, you may notify us by emailing info@ecabrella.com or calling 844-422-2735. You are responsible for updating your contact and billing information to ensure service continuity and claim payment processing; failure to update may result in lapsed coverage or unprocessed payments.
DO NOT TRACK AND GLOBAL PRIVACY CONTROL
We honor Do Not Track (DNT) signals and do not track, plant cookies, or use advertising when a Do Not Track, or DNT, browser mechanism is in place. We comply with Global Privacy Control (GPC) requests in supported browsers.
THIRD-PARTY BEHAVIORAL TRACKING
We do not currently allow or use third-party behavioral tracking on our website (e.g., cross-site tracking for personalized advertising by external platforms). If we choose to enable such features in the future, this policy will be updated accordingly, and we will obtain your consent as required by applicable law.
CHILDREN’S ONLINE PRIVACY PROTECTION ACT
Under Children’s Online Privacy Protection Act (COPPA), parents are in control of the collection of the personal information from children under the age of 13. The Federal Trade Commission’s bureau of consumer protection enforces COPPA, which requires operators of websites and online services to protect children’s privacy and safety online. We do not specifically market to children under 13 years old.
MINORS UNDER 16 YEARS OF AGE
We do not knowingly collect or store any personal information from or about children under the age of 16. If you believe a child under the age of 16 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at info@ecabrella.com to request that their child’s information be deleted from our records. We also do not use minor data for profiling or targeted marketing, in accordance with COPPA, GDPR, UK GDPR, CPRA, and other applicable laws."
FAIR INFORMATION PRACTICES
The Fair Information Practices Principles form the backbone of privacy law in the United States and have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to protect your personal information in compliance with Fair Information Practices, we will notify you via email within 7 business days should a data breach occur. We also agree to the Individual Redress Principle which gives right to individuals to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. Under this principle, individuals also have recourse to courts or government agencies to investigate and/or prosecute non-compliant data processors.
CAN-SPAM ACT COMPLIANCE
The CAN-SPAM Act establishes requirements for commercial email with penalties for violations and gives recipients the right to stop receiving emails. We comply with the CAN-SPAM Act and we agree to the following:
- We do not use false or misleading subjects or email addresses.
- We identify our messages as advertisement in some reasonable way.
- We include the physical address of our business or site headquarters.
- We monitor third-party email marketing services, if any, to be complying.
- We provide opt-out/unsubscribe options in every email.
- We honor your requests to opt-out/unsubscribe quickly.
- We allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from all correspondence.
TO UNSUBSCRIBE
If at any time you would like to unsubscribe from receiving future emails, you can email us at info@ecabrella.com, then follow the instructions within our return email, and we will promptly remove you from the requested correspondence.
CONTACT US
If you have any questions about our privacy policies, you may contact us by:
Mail: 7164 Melrose Avenue, Los Angeles, CA 90046
Phone: 844-422-2735
Email: info@ecabrella.com
YOUR RIGHTS AND CHOICES
You have rights regarding your personal information, varying by jurisdiction. Below are key rights under U.S. laws (Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA)), with additional rights detailed in state-specific sections:
- GLBA Rights: Review certain personal information we hold and opt-out of sharing with affiliates or third parties for marketing (call 844-422-2735 or email info@ecabrella.com).
- FCRA Rights: If we use credit reports, we’ll notify you of adverse actions (e.g., denied insurance), provide the report source, and allow disputes with credit reporting agency. Contact us for details.
- General Choices: Manage cookies via browser settings, opt-out of marketing emails via unsubscribe links, update account info by logging in or contacting us.
CALIFORNIA PRIVACY RIGHTS ACT
This California Privacy Notice explains how Cabrella collects and processes personal information about California residents who are customers, suppliers, or other business contacts and/or who visit the Cabrella website, mobile applications, or API (collectively “Services”) that display or link to this California Privacy Notice, per the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
California Personal Information.
Over the past 12 months, depending on your interactions with us, Cabrella may have collected the following categories of personal information (“California Personal Information”):
- Identifiers: Name, address, telephone number, email address, Social Security number, driver’s license number, account login credentials, IP address, device identifiers.
- Payment Information: Credit card or bank account information (e.g., via Payment Wallet), income, assets, credit history from credit reports.
- Commercial Information: Insurance policy details, claims history, shipping details (e.g., package value, destination via API), transaction records.
- Internet or Other Electronic Network Activity Information: Interactions with our Services, API usage (e.g., quote requests, label generation), browsing history, cookie data, clickstream activity.
- Audio, Electronic, Visual, or Similar Information: Call recordings with customer service (for quality or fraud prevention), photos for claims.
- Geolocation Data: Approximate location from IP address or device settings (e.g., to tailor shipping options, with consent).
Certain California Personal Information that Cabrella collects about you may be considered Sensitive Personal Information under California Privacy Law, including: Social Security number, driver’s license number, credit card information (for billing and insurance/shipping transactions), and account login credentials. Cabrella only uses and discloses Sensitive Personal Information as necessary in connection with the performance of services, provision of goods, compliance with federal/state laws (e.g., GLBA, FCRA), and as permitted by California Privacy Law.
Sources.
Cabrella generally sources the categories of California Personal Information identified above from:
- You or Your Organization: When you request quotes, bind policies, file claims, or generate shipping labels.
- Platforms That Partner With Us: Merchant platforms integrating our API for shipping/insurance services.
- Third-Party Reference Agencies: Credit reporting agencies for risk assessment, financial institutions for payment verification.
- Social Media Networks: If you contact us via these platforms.
- Automatic Collection: Via website, app, or API usage logs.
Purposes of Use.
Cabrella uses California Personal Information for business purposes, including:
- Negotiating, concluding, and performing contracts with customers (e.g., issuing insurance policies, generating shipping labels).
- Managing Cabrella accounts and records.
- Communicating with customers related to transactions (e.g., policy updates, claim status).
- Operating the Cabrella website, app, and API, including analytics to improve functionality.
- Facilitating the security of Cabrella Services and assets.
- Legal and regulatory compliance, including audits by internal/external providers.
- Obtaining legal advice, including for litigation or business transactions (e.g., mergers).
- Providing insurance quotes, policies, shipping labels, and related services you request.
- Credit or fraud prevention.
- Offering effective customer service (e.g., call recordings for training).
- Personalizing your experience on our Services.
- Contacting you with notices or information about your use of our Services.
- Improving our Services’ content, functionality, and usability.
- Advertising, marketing, and public relations (with consent where required), including using your name/trademark.
- Market research and competitor analysis to enhance insurance/shipping offerings.
- Contacting you with special offers we believe will interest you.
- Inviting you to participate in surveys and provide feedback.
- Understanding your insurance and shipping needs to improve our products.
Disclosure of California Personal Information.
We may disclose the categories of California Personal Information described above for the business purposes listed to:
- Third-party service providers that perform data processing on our behalf (e.g., website hosting, payment processing, credit reporting agencies for credit reports), subject to privacy/security obligations.
- Customers, carriers, and intermediaries in connection with transactions (e.g., shipping carriers for label fulfillment).
- Government and other authorities as required by law.
- Potential purchasers in connection with a business sale or merger.
- Others as necessary to comply with applicable law or permitted by California Privacy Law.
We do not “sell” or “share” California Personal Information for monetary gain under CCPA definitions.
Retention of California Personal Information.
Cabrella retains your California Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained to comply with legal, regulatory, or contractual obligations, to enforce our rights, and to maintain appropriate business and operational records.
Retention duration considers tax/legal requirements, defense of claims, and business needs. This may mean that certain categories of data, such as user account records, transaction histories, API activity logs, and claim documentation, are retained indefinitely unless a deletion request is submitted and legally permissible to fulfill. While applicable privacy laws encourage data minimization, they also permit extended or indefinite retention where there is a valid legal, operational, or compliance justification. Accordingly, we do not guarantee deletion within a fixed timeframe unless required by law or pursuant to a valid user request under applicable privacy rights. If you would like to request deletion of your data, please see the instructions under “Your Rights.”
Your Rights.
Subject to certain exceptions in California Privacy Law, as a California resident, you have the right to request:
- Deletion of your California Personal Information.
- Correction of inaccurate California Personal Information.
- The right to know/access the categories of California Personal Information we collect about you, including specific pieces.
- The categories of California Personal Information disclosed for a business purpose.
- Information about the categories of California Personal Information we have “shared” (as defined under California Privacy Law) and the third parties it was shared with (not applicable as we don’t share).
Exercising Your Rights.
To exercise these rights, submit a request via:
Email: info@ecabrella.com with “CCPA Request” in the subject.
Phone: 844-422-2735 (9 a.m. - 5 p.m. PST, weekdays).
Mail: Cabrella
Attn: Privacy Officer
7164 Melrose Avenue
Los Angeles, CA 90046
USA
We’ll acknowledge within 10 business days and respond within 45 days (up to 90 days with notice if complex). Provide name, email, and policy/API account number for verification. We may ask additional questions to confirm identity. No fee unless requests are excessive. Cabrella will not discriminate against you for exercising your rights under the California Privacy Rights Act.
OTHER U.S. STATES’ PRIVACY RIGHTS
The following U.S. states have enacted comprehensive privacy laws with similar consumer rights: Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, and New Hampshire.
If you reside in one of these states, you have the right to:
- Access personal data and learn how we use it;
- Request deletion or correction of your personal data (subject to legal exceptions);
- Opt out of data sales or targeted advertising (not currently applicable);
- Request your data in a portable, usable format;
- Exercise these rights without discrimination.
To exercise your rights, use the methods listed in the 'Contact Us' section. We will respond within 45 days (extendable by 45 more with notice, if needed).
NEVADA PRIVACY RIGHTS
Nevada residents have the right to opt out of the sale of certain personal information (such as name, email, or phone number) to data brokers under Nevada law. To make this request, email info@ecabrella.com with the subject line 'Nevada Opt-Out.' We will respond within 60 days (extendable by 30 days if needed).
CANADA PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT
This section applies to Canada residents under the Personal Information Protection and Electronic Documents Act (PIPEDA).
- Consent: We collect, use, and share your data with your consent (express or implied) or as permitted by law.
- Rights: You can access, correct, or withdraw consent for your personal information.
- Data Transfers: Your information may be processed in the U.S., subject to safeguards.
- Retention: We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or regulatory requirements, to enforce our rights, or as otherwise permitted by law. In some cases, this means that certain information may be retained indefinitely for legitimate business or archival purposes unless you request deletion and we are legally permitted to comply.
- Contact: Reach our Privacy Officer at info@ecabrella.com.
EUROPE/UK GENERAL DATA PROTECTION REGULATION
This section applies to residents of the European Economic Area (EEA) and the United Kingdom under the European Union’s General Data Protection Regulation (GDPR) and the United Kingdom’s General Data Protection Regulation (UK GDPR), respectively.
- Legal Basis: We process personal data based on one or more of the following legal bases: your consent, the performance of a contract, compliance with legal obligations, or our legitimate interests (such as providing insurance or related services).
- Rights: You have the right to access, rectify, erase, restrict, or object to the processing of your data; to request data portability; and to withdraw your consent at any time, where processing is based on consent.
- Data Transfers: Your personal data may be transferred outside the EEA or UK, including to the United States. In such cases, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally approved mechanisms, to ensure your data remains protected.
- Retention: We retain personal data only as long as necessary for the purposes for which it was collected, or as required under applicable legal, tax, or regulatory obligations. For example, claim-related documentation may be retained for up to one year following shipment.
- Controller: Cabrella, 7164 Melrose Ave, Los Angeles, CA 90046, USA.
- Complaints: If you believe your rights under GDPR or UK GDPR have been violated, you may contact us at info@ecabrella.com, or lodge a complaint with your local data protection authority (e.g., the Information Commissioner's Office (ICO) in the UK).