SPS Commerce Privacy Notice

Last Updated: June 2025

We have created this Privacy Policy (“Policy”) to publicly affirm our commitment to adhering to enacted privacy regulations applicable to our organization. This Policy provides an overview of how we handle information that can be used to directly or indirectly identify an individual (“Personal Information”).

This Policy applies to SPS’s public-facing websites and the SPS Customer Platform. We collect data to provide and optimize our services, ensuring functionality, security, and a seamless user experience. This includes gathering information to personalize interactions, analyze usage patterns, and support ongoing improvements. Additionally, data is used to maintain compliance with legal requirements and to communicate effectively with our customers. Data collected is not sold to any third parties but may be provided to third parties to assist with our stated purposes.

This Policy describes how SPS Commerce, Inc. and its subsidiaries (“Company,” “SPS,” “we,” “us,” or “our”) collect, process, maintain, share, and delete Personal Information supplied by you.

Please review this Policy carefully. If you do not agree with any terms and conditions outlined in this Policy, please discontinue the use of our websites, products, and services.

Note – SPS may update this Policy periodically to ensure our privacy compliance standards remain in alignment with applicable regulations. We encourage you to review this Policy frequently to remain informed regarding how we handle the Personal Information provided to or collected by our organization.

If you have questions about this Policy, would like to opt out of our marketing emails, or submit other inquiries regarding the handling of your Personal Information, please contact us.

Privacy Officer Information:
Brian Senger, Privacy Officer
Email: privacy@spscommerce.com

Collection, Use, and Safeguarding of Personal Information

SPS collects Personal Information to provide access to resources, products, and services and to comply with regulatory requirements. Our use of Personal Information is based upon notice and consent through this Policy, opt-in mechanisms, and other legal bases where applicable under relevant local law. This includes performance of a contract or our legitimate interests in building, conducting, and managing our business to better serve you, including a more secure experience.

Data may be collected through cookies and other tracking technologies on our public-facing website. Users will have the option to manage cookie preferences through a cookie management tool.

International Data Transfers: If your Personal Information is transferred outside of your country of residence, SPS ensures compliance with applicable data transfer mechanisms, such as Standard Contractual Clauses (SCCs) or adequacy decisions under the General Data Protection Regulation (GDPR). For more information about these mechanisms, please contact us.

Security Measures: We implement industry-standard security measures, including encryption and secure data storage, to protect your Personal Information from unauthorized access, disclosure, or alteration. Tracking technologies implemented on SPS websites are configured to operate within lawful parameters and are designed to collect only the information necessary for their intended purposes. SPS does not use these technologies to intercept, monitor, or record the content of communications between users and their devices.

Data Retention: Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal obligations. Retention periods may vary based on the type of data and applicable regulations.

Sharing of Personal Information

SPS takes the sharing of your Personal Information seriously and strives to ensure the proper handling and protection of this information. We share Personal Information when:
• We have obtained your consent to do so;
• We are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or other legal process;
• We have a contract requirement and are maintaining our commitments to you or our customers; and/or
• We maintain a legitimate business interest and doing so does not violate applicable laws.

For example, we may share your Personal Information within SPS with our vendors and/or third parties who provide business services to us, with our professional advisors (e.g., lawyers, accountants, insurers), with law enforcement, court authorities, and regulatory agencies, and in the event of a business merger.

Business Transfers: In the event of a business transfer, such as a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will ensure that any new entity adheres to the commitments outlined in this Privacy Policy.

Sub-Processor Information: We work with trusted third-party service providers to assist with our operations, such as hosting, analytics, and marketing. For more information about these service providers, please contact us. The list is subject to change and will be updated as needed.

California Privacy Compliance: SPS complies with all applicable California privacy laws, including the California Consumer Privacy Act (CCPA) and California Invasion of Privacy Act (CIPA). The tracking technologies used by SPS are not designed to function as “trap and trace devices” or “pen register devices” as defined under CIPA. These technologies do not intercept communications while in transit but are used solely for analytics and improving website functionality.

Data Breach Notification: In the event of a data breach involving your Personal Information, SPS will notify affected individuals promptly and in accordance with applicable laws. Notifications will include details about the breach, steps taken to mitigate risks, and recommendations for protecting your information.

Cookies, Analytics, and Tracking Technologies

Cookies and Tracking Technologies: SPS uses cookies, pixels, and similar tracking technologies to improve the user experience, analyze web traffic, and assist with marketing activities. These technologies do not capture or intercept the contents of communications but operate strictly within the bounds of standard website functionality. Where legally required, before collecting information via cookies, SPS may provide clear notice through our cookie management tool, and users are given the opportunity to opt-in or manage their preferences.

Session Replay Tools: SPS may utilize session replay tools to analyze user interactions on our website, such as clicks and time spent on specific pages. These tools are used exclusively to improve the functionality of our website and user experience. They do not intercept or record the contents of communications while in transit, nor do they capture sensitive personal data.

Transparency About Analytics Tools: SPS may use third-party analytics tools to understand user behavior and improve our services. These tools may collect data such as IP addresses and browsing activity.

Your Rights Under Applicable Data Protection Laws

As a data subject, you may have specific rights regarding your Personal Information under applicable data protection laws. These rights include:
Right to Access: You have the right to request access to the Personal Information we hold about you.
Right to Rectification: You have the right to request the correction of inaccurate or incomplete Personal Information we hold about you.
Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your Personal Information under qualifying circumstances.
Right to Restrict Processing: You can request the restriction of processing your Personal Information under certain conditions.
Right to Data Portability: You have the right to request the transfer of your Personal Information to another controller, where technically feasible.
Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: You can withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You can lodge complaints with supervisory authorities for data protection.

You may exercise your data rights under applicable privacy laws by submitting a request to privacy@spscommerce.com. Please include your full name, contact information, and a detailed description of your request to help us verify your identity and process your inquiry. Requests will be addressed within the timeframes required by applicable law.

Children’s Privacy:
SPS does not knowingly collect Personal Information from children under the age of 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. Parents or guardians who believe their child has provided Personal Information to us may contact privacy@spscommerce.com to request its removal.

Policy Update Notifications

If we make material changes to this Privacy Policy, we will notify you via a notice on our website.

SPS Commerce
Your Cookie Preferences:

Essential Cookies: These cookies are necessary for the website to function and cannot be disabled in our systems.

Non-Essential Cookies:

  • Performance Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
  • Functional Cookies: Enable the website to provide enhanced functionality and personalization.
  • Targeting Cookies: These cookies are used to deliver advertisements more relevant to you and your interests.