AI & Data Usage Policy

This AI and Data Usage Policy ("Policy") describes how ShipperHQ (Zowta, LLC d/b/a ShipperHQ, "ShipperHQ", "we", "us") uses artificial intelligence (AI) and machine learning (ML) technologies in the provision of our shipping rate management and related services (the "Service"), and how we use Client and Customer data in connection with those technologies.

This Policy applies to all Clients who use the Service and forms part of the End User License Agreement ("Agreement") between ShipperHQ and Client. Defined terms used in this Policy have the same meaning as in the Agreement and the ShipperHQ Privacy Policy, unless otherwise stated.

This Policy governs external use of data by ShipperHQ. Internal data governance and operational procedures are addressed in ShipperHQ's internal policies and are outside the scope of this document.

1. AI Features — What We Do

1.1 AI-Powered Features

ShipperHQ uses artificial intelligence and machine learning to power certain features within the Service including but not limited to:

• Shipping Audit: AI-assisted review of Client's shipping activity to surface opportunities for cost reduction and service improvement.
• Rule & Policy Intelligence: AI-generated recommendations to assist Clients in refining their shipping rules and policies.
• Performance Benchmarking: Contextual analysis of Client's shipping performance using industry reference data derived from ShipperHQ's aggregated, anonymized dataset.

1.2 AI Technology Partner

To power certain AI features, ShipperHQ uses a large language model developed by our approved AI Sub-processor ("AI Sub-processor"). When AI-powered features are used, relevant shipping data (as described in Section 3) may be processed by our AI Sub-processor's systems as a sub-processor of ShipperHQ. Our AI Sub-processor processes this data solely to provide the Service to ShipperHQ and its Clients. ShipperHQ's agreement with our AI Sub-processor expressly prohibits our AI Sub-processor from using ShipperHQ Client data to train its general-purpose AI models. ShipperHQ transmits only the minimum data necessary to generate the requested analysis or recommendation, and does not transmit raw Customer personal details (names, email addresses, phone numbers, or payment information) to our AI Sub-processor.

1.3 AI Risk Classification

ShipperHQ has assessed its AI use against the risk categories established by the EU AI Act (Regulation (EU) 2024/1689) and applicable guidance. ShipperHQ's AI use is classified as lower-risk based on the following assessment:

• ShipperHQ's AI systems are not used for the High-Risk purposes listed in Annex III of the EU AI Act (such as biometric identification, critical infrastructure, employment decisions, or access to essential public services).
• AI-generated recommendations are advisory only and do not automatically implement changes to Client's shipping configuration without human review and approval (see Section 5).
• No profiling of natural persons for purposes that produce legal or similarly significant effects is performed.

Notwithstanding the above, ShipperHQ is committed to transparency about its AI use as required by the EU AI Act transparency obligations (applicable from August 2026) and other applicable regulations.

2. Data Used in AI Processing

2.1 Client Data Used for AI Features

When a Client uses AI-powered features, the following categories of data may be processed by ShipperHQ's AI systems:

• Shipping transaction data: historical and real-time shipment records, including origin and destination (city/region level), package dimensions and weight, carrier and service level selected, rates quoted, rates charged, and delivery performance data.
• Order metadata: order values, product identifiers, and order frequency patterns.
• Carrier configuration data: carrier accounts configured in the Service, negotiated rate structures (where provided by Client), and service level preferences.

ShipperHQ does not use the following data categories in AI processing: individual Customer names or contact details, payment information, precise individual residential addresses (only city/region level is used for analysis), or any special categories of personal data.

2.2 Data Submitted to Our AI Sub-processor

When our AI Sub-processor is used to process Client data, ShipperHQ transmits only the minimum data necessary to generate the requested analysis or recommendation. ShipperHQ does not transmit raw Customer personal details (names, email addresses, phone numbers, or payment information) to our AI Sub-processor. Shipping data submitted is processed by our AI Sub-processor under its Data Processing Agreement with ShipperHQ, which includes standard contractual safeguards. Our AI Sub-processor does not use ShipperHQ Client data to train its general-purpose AI models.

2.3 Data Architecture — Rates Data and Intelligence Layer

ShipperHQ maintains a separation between:

• The core rates engine: which processes live carrier API requests, rate table lookups, and real-time shipping rate calculations for Client platforms. This layer handles rate data in real time and does not feed raw carrier rate responses into AI systems.
• The intelligence layer: which anonymizes and aggregates historical transaction data for analysis, benchmarking, audit, and AI model improvement purposes.

Client's raw, identifiable transaction data in the rates engine is not directly accessible to the intelligence layer without an intermediate anonymization and aggregation step. This is both an architectural design principle and a compliance requirement: raw Customer Personal Data from any individual Client is anonymized and aggregated before it is combined with data from other Clients for benchmarking, AI model improvement, or any cross-client analytical purpose. No cross-client aggregation takes place at the level of identifiable personal data. Only once data has been irreversibly anonymized such that it cannot reasonably be linked to any individual Client, Customer, or natural person does it enter the shared intelligence layer.

3. Anonymized and Aggregated Data

3.1 ShipperHQ's Right to Use Aggregated Data

Client acknowledges and agrees that ShipperHQ may collect, anonymize, and aggregate Client's shipping transaction data and use such anonymized aggregated data for purposes including but not limited to:

• Improving the accuracy and performance of ShipperHQ's optimization algorithms and AI Services.
• Improving ShipperHQ's proprietary AI and ML Services.
• Generating aggregate industry insights, reports, and analytics, which may be shared with Clients or third parties in aggregated, non-attributable form.

3.2 Anonymization Standard

Data is considered anonymized for the purposes of this Policy where it has been processed in such a way that it cannot reasonably be used to identify any individual Client, Customer, or natural person, taking into account all means reasonably likely to be used. Anonymized data is not Personal Data for the purposes of applicable Data Protection Law and is not subject to the restrictions on processing of Personal Data in this Policy or the Privacy Policy.

3.3 Raw Data Retention

Raw (non-anonymized) Customer Personal Data is retained for a maximum of 12 months from the date of collection, after which it is either deleted or irreversibly anonymized to aggregated form. This period reflects the balance between AI model quality, audit capability, and privacy risk minimization. Aggregated anonymized data derived from Client data may be retained by ShipperHQ indefinitely.

3.4 Client Ownership of Input Data

Client retains ownership of its raw input data (including Customer Order Information) submitted to the Service. ShipperHQ's rights to use Client's data are limited to the purposes described in this Policy and the Privacy Policy. ShipperHQ does not sell Client's raw data to third parties.

3.5 ShipperHQ Ownership of Derived Insights

ShipperHQ owns all aggregated, anonymized data and all AI model outputs, benchmarks, insights, and analytics derived from processing Client data in accordance with this Policy. Nothing in this Policy prevents ShipperHQ from using such derived data to improve the Service, develop new products, or provide industry benchmarking to other clients on an aggregated basis.

4. Human Oversight — No Automated Decision-Making

ShipperHQ's AI systems generate recommendations and analysis. All AI-generated recommendations are advisory only. No shipping configuration changes, policy amendments, or carrier selection decisions are automatically implemented without a human decision by an authorized representative of Client.

In particular:

• Shipping audit reports produced by ShipperHQ contain findings and recommendations, not automatic changes. Client is solely responsible for deciding whether to implement any recommended policy change.
• Rule optimization suggestions are presented to Client administrators for review and approval before taking effect.
• Carrier recommendations and policy changes are approved by Client personnel before being applied to Client's live shipping configuration.

This human-in-the-loop requirement is fundamental to ShipperHQ's approach to responsible AI deployment and to its classification as a lower-risk AI system under the EU AI Act.

5. AI Output — Accuracy and Limitations

5.1 ShipperHQ's AI systems are designed to provide accurate and useful analysis. However, Client acknowledges and agrees that:

• AI-generated recommendations are based on historical data, carrier rate information available to ShipperHQ, and statistical modeling, and do not constitute guaranteed outcomes.
• Carrier rates displayed or recommended by the Service are derived from carrier APIs, rate tables, and ShipperHQ's models, and may differ from rates actually charged by carriers due to Client-specific negotiated contracts, dimensional weight adjustments, fuel surcharges, accessorial charges, or other carrier-side factors not known to ShipperHQ.
• Shipping policy changes recommended by ShipperHQ are based on projected outcomes using available data, and actual results following implementation of any recommended change may differ from projected results.
• ShipperHQ makes no warranty as to specific profitability outcomes, cost savings, or carrier performance improvements resulting from implementing AI-generated recommendations.

5.2 Client is solely responsible for evaluating AI-generated recommendations and for all decisions to implement changes to its shipping configuration or policies. ShipperHQ accepts no liability for the outcome of decisions made by Client in reliance on AI-generated recommendations.

6. Restrictions on Data Use

ShipperHQ shall not use Client's data (whether raw or aggregated) for the following purposes without Client's explicit written consent:

• Training our AI Sub-processor's general-purpose AI models or any third-party AI model not controlled by ShipperHQ.
• Selling, licensing, or otherwise making available Client's raw or identifiable data to third parties for commercial purposes.
• Profiling individual Clients or Customers in a manner that produces legal or similarly significant effects.
• Using Client's data for purposes materially different from those described in this Policy and the Privacy Policy.

ShipperHQ shall not permit our AI Sub-processor or any other sub-processor to use Client data for purposes beyond the provision of the Service to ShipperHQ. ShipperHQ's contract with our AI Sub-processor expressly prohibits the use of ShipperHQ Client data to train our AI Sub-processor's general models.

7. Output Ownership

7.1 AI-generated analysis, reports, and recommendations produced by the Service in response to Client's use of AI-powered features are owned by Client for Client's own use. ShipperHQ does not claim ownership of the specific outputs generated for Client.

7.2 ShipperHQ retains the right to use anonymized and aggregated learnings derived from AI processing across its client base (not the specific outputs generated for any individual Client) for the purposes described in Section 3 of this Policy.

8. Client Access and Download Rights

The Service provides Client with access to data and outputs across three distinct tiers. Client's rights and access differ by tier:

Tier 1 — Outputs and Results (Client's Property)
Reports, analysis documents, shipping audit findings, policy recommendations, and other results generated by the Service in response to Client's use of AI-powered features are owned by Client (see Section 7.1). These outputs are the core deliverables of the Service. ShipperHQ does not claim ownership of Client-specific outputs.

Tier 2 — Raw Customer Personal Data (DSR Compliance Access Only)
Customer Personal Data submitted to the Service (including shipping addresses and recipient contact details) is owned by Client (see Section 3.4) but is not available for general ad-hoc browse or download as an operational feature of the Service. Client's access to this data is provided solely for the purpose of fulfilling Data Subject rights requests (access, portability, correction, deletion) made by Client's Customers under applicable Data Protection Law. Upon termination of the Agreement, Client may request a full export of its Customer Personal Data in a portable, machine-readable format. During the Agreement term, Client may submit Data Subject rights requests to ShipperHQ, which ShipperHQ will facilitate in accordance with applicable laws and this Agreement.

For the avoidance of doubt: the right of Client's Customers (as data subjects) to request access to, correction of, or deletion of their Personal Data is a legal right exercised through the Client-ShipperHQ Data Subject rights mechanism, not a self-service feature of the ShipperHQ platform.

Tier 3 — Algorithms, Models, Benchmarks, and Intelligence (ShipperHQ's Exclusive Property)
ShipperHQ's proprietary algorithms, machine learning models, intelligence systems, carrier benchmarking data, and all derived analytical insights are ShipperHQ's exclusive intellectual property (see Section 3.5). Client has no right of access to, download of, or claim over any of these assets, whether during or after the subscription term. The Service is licensed to Client as a platform; Client acquires no rights in the underlying technology, models, or intelligence that power the Service.

9. EU AI Act Compliance

ShipperHQ is preparing for compliance with the EU AI Act (Regulation (EU) 2024/1689), which enters into full application in August 2026. As a deployer of AI systems, ShipperHQ will comply with applicable obligations under this Act.

10. International Transfers of AI-Processed Data

When Client data is submitted to our AI Sub-processor for AI processing, such data may be processed in the United States. Our AI Sub-processor processes this data as a sub-processor of ShipperHQ, subject to ShipperHQ's Data Processing Agreement with our AI Sub-processor, which includes Standard Contractual Clauses or equivalent transfer mechanisms. ShipperHQ's primary transfer mechanism for EEA data to its US sub-processors is enrollment in the EU-US Data Privacy Framework (DPF), with SCCs maintained as a fallback mechanism.

11. Changes to This Policy

ShipperHQ may update this Policy from time to time to reflect changes in our AI capabilities, applicable law, or our data practices. Updated versions will be posted on ShipperHQ's website with a revised effective date. Continued use of the Service after the effective date of an updated Policy constitutes acceptance of the updated terms.

The date of the most recent update to this Policy is indicated on the document.

If you have questions about this Policy or ShipperHQ's AI practices, please contact us using the contact information in the Questions and Contacts section of the Privacy Policy.

ShipperHQ AI and Data Usage Policy v1.0
Last Updated: March 2026