Skip to content
C
Cartly
Platform launch: May 1, 2026
Try all features now — create your store for free

Privacy Policy

Effective Date: March 1, 2026 — Last Updated: March 24, 2026

1. Introduction

Cartly Inc. ("Cartly," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-commerce platform, websites, APIs, and related services (collectively, the "Service").

This policy applies to all users of the Service, including merchants who operate stores on Cartly and end customers who shop at those stores. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Information you provide directly:

  • Account information: Name, email address, password, business name, and business address when you register for a Cartly account
  • Store content: Product listings, images, descriptions, blog posts, and other content you upload to your store
  • Payment information: Billing address and payment method details, processed and stored by Stripe (we do not store full card numbers)
  • Customer data: Information your customers provide during checkout, including name, email, shipping address, and phone number
  • Communications: Messages you send through our support channels, feedback forms, and email correspondence

Information collected automatically:

  • Usage data: Pages visited, features used, actions taken, timestamps, and session duration
  • Device information: Browser type, operating system, screen resolution, and device identifiers
  • Network information: IP address, approximate geographic location, and referring URL
  • Performance data: Page load times, error logs, and API response metrics

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To operate, maintain, and provide the features and functionality of the platform
  • Payment processing: To process subscription fees, transaction fees, and merchant payouts
  • Communication: To send transactional emails (order confirmations, shipping updates), account notifications, and support responses
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Analytics: To understand usage patterns, improve the Service, and develop new features
  • Legal compliance: To comply with applicable laws, regulations, and legal processes
  • Marketing: To send promotional communications about Cartly features and updates (with your consent, where required)

4. Data Sharing

We do not sell your personal data. We share information only with the following categories of third parties, and only as necessary:

  • Stripe: Payment processing, subscription billing, and payout management. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
  • AWS (Amazon Web Services): Cloud infrastructure hosting, including compute, storage (S3), and database services. Data is processed under our instructions as a data processor.
  • SMTP/Email providers: Transactional and marketing email delivery on behalf of merchants. Email content is transmitted securely via TLS.
  • Typesense: Search indexing for product catalogs. Product data is indexed for search functionality only.
  • Analytics tools: Anonymized and aggregated usage data for platform improvement.

We may also disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication, session management, CSRF protection, and core platform functionality. These cannot be disabled.
  • Preference cookies: Remember your settings, such as language, currency, and theme preferences.
  • Analytics cookies: Collect anonymized data about how you use the Service to help us improve performance and user experience.

We do not use third-party advertising or tracking cookies. For more details, see our Cookie Policy.

6. Data Retention

We retain your data according to the following schedule:

  • Active account data: Retained for the duration of your account plus 90 days after account closure to allow for reactivation
  • Financial records: Transaction records, invoices, and billing history are retained for 7 years as required by tax and financial regulations
  • Server logs: Retained for 90 days for security and debugging purposes, then automatically purged
  • Analytics data: Aggregated and anonymized data may be retained indefinitely for statistical purposes
  • Backups: Database backups containing your data are purged within 90 days of account deletion
  • Support communications: Retained for 3 years after the last interaction for quality assurance and training

7. Your Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to portability: Receive your data in a structured, machine-readable format (CSV, JSON)
  • Right to restrict processing: Request that we limit how we use your data
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights (CCPA)

To exercise any of these rights, contact us at privacy@cartly.pro. We will respond within 30 days (or sooner as required by applicable law).

8. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Encryption at rest: All databases and file storage use AES-256 encryption at rest
  • Access controls: Role-based access control (RBAC) for all internal systems with principle of least privilege
  • Audit logging: All administrative actions are recorded in tamper-evident audit logs
  • Regular security assessments: Periodic penetration testing and vulnerability scanning
  • Incident response: Documented incident response procedures with 24-hour notification for data breaches
  • PCI compliance: Payment data is handled by Stripe, which is PCI DSS Level 1 certified

9. International Transfers

Cartly is based in the United States. If you are accessing the Service from outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Adequacy decisions where applicable

See our Data Processing Agreement for details on international data transfer safeguards.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information promptly.

If you believe a child has provided us with personal data, please contact us at privacy@cartly.pro.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to account holders
  • Display a prominent notice in the Cartly admin dashboard

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Privacy inquiries: privacy@cartly.pro
  • Data Protection Officer: dpo@cartly.pro
  • Mailing Address: Cartly Inc., Attn: Privacy Team, 251 Little Falls Drive, Wilmington, DE 19808, United States