Privacy Policy

1. Introduction

Cart Back ("Cart Back," "we," "our," or "us") is a software development and digital solutions agency that respects your privacy and is committed to protecting the personal data of our website visitors, clients, and end users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://cartback.net/), engage our services, or otherwise interact with us.

By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our website or services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide, including:

• Contact Information: Name, email address, phone number, company name, and job title when you submit our contact form, request a consultation, or sign up for our services.
• Project Information: Details you share about your project, business, or technical requirements.
• Account Information: Username, password, and account preferences if you create an account on tools or portals we provide.
• Payment Information: Billing details processed securely through third-party payment processors — we do not store full credit card numbers on our systems.
• Communication Data: Messages, feedback, and other information you send to us through email, contact forms, chat, or other channels.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information:

• Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on pages, click patterns, referral sources, and navigation paths.
• Network Information: IP address, internet service provider, and approximate geographic location.
• Cookies and Tracking Technologies: We use cookies and similar technologies as described in Section 7.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Client Systems: When we develop or operate software on behalf of our clients, we may process data from their platforms in our role as their service provider.
• Meta Platforms: Through our integrations with Facebook, Instagram, WhatsApp, and Messenger, we may process user interaction data on behalf of our clients in accordance with Meta's Platform Terms and applicable Data Processing Terms.
• Analytics Providers: Aggregated analytics data from third-party analytics services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our software development, design, and integration services.
• Communication: To respond to your inquiries, provide project updates, and deliver customer support.
• Marketing: To send promotional communications about our services, where permitted by law and with the appropriate consent. You may opt out at any time.
• Analytics: To analyze usage patterns, improve our website and services, and develop new offerings.
• Security: To detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Contractual Obligations: To fulfill our obligations under client service agreements and statements of work.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

• Consent: Where you have given explicit consent for a specific processing activity (e.g., marketing emails).
• Contractual Necessity: Where processing is necessary to fulfill a contract with you or to take steps at your request before entering a contract.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests.
• Legal Obligation: Where processing is necessary to comply with a legal obligation.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party companies that help us deliver our services, including cloud hosting, email delivery, payment processing, and analytics providers. These providers are contractually bound to protect your data.
• Meta Platforms: When we build and operate Meta-integrated applications on behalf of our clients, data flows to and from Meta in accordance with the relevant Meta API terms and Data Processing Terms.
• Our Clients: When we process data as a service provider for our clients, we share project deliverables, performance data, and reports as specified in our service agreements with them.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact & Lead Data: Retained for up to 24 months unless you request earlier deletion.
• Client & Project Data: Retained for the duration of the service agreement and for up to 90 days after termination, unless otherwise specified.
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical analysis.
• Legal Records: Data required for legal or regulatory compliance is retained for the applicable statutory period.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for the operation of our website (security, session management, accessibility).
• Analytics Cookies: Help us understand how visitors interact with our website. We may use services like Google Analytics.
• Marketing Cookies: Used to track visitors for the purpose of displaying relevant advertisements. These may include the Meta Pixel for Facebook and Instagram remarketing.
• Preference Cookies: Enable our website to remember your preferences (e.g., language or region settings).

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

8. Your Rights and Choices

8.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restriction: Request restriction of processing of your personal data.
• Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
• Right to Object: Object to the processing of your personal data for certain purposes, including direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time for processing activities based on consent.

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information collected about you.
• Right to Delete: Request deletion of personal information collected from you.
• Right to Opt-Out: Opt out of the sale of your personal information. Note: Cart Back does not sell personal information.
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights.

To exercise any of these rights, please contact us at [email protected] or by writing to our address listed in Section 12.

8.3 Data Deletion Instructions

You have the right to request deletion of personal data we hold about you, including any data we may have received through Meta platforms (Facebook, Instagram, WhatsApp, or Messenger) in connection with our services.

To request deletion of your data, follow these steps:

• Step 1: Send an email to [email protected] with the subject line "Data Deletion Request".
• Step 2: In the body of the email, include the following information so we can locate your records:
  • Your full name
  • The email address or phone number associated with your data
  • If applicable, the Facebook, Instagram, or WhatsApp account identifier (such as your username or profile URL) you used when interacting with services we operate
  • A short description of the data you would like deleted
• Step 3: We will acknowledge receipt of your request within 5 business days, verify your identity, and process the deletion within 30 days. We will send you a confirmation email once deletion is complete.

What gets deleted: All personal data we directly control about you, including contact information, communication history, account records, and any Meta platform data we processed on behalf of our clients in connection with your interactions. Some information may be retained where required by law (e.g., financial records) or in aggregated, anonymized form for analytics.

Data held by our clients: If we processed your data as a service provider to one of our clients (for example, a business that uses software we built for them), you may also need to contact that business directly to ensure complete deletion across all systems. We will assist by forwarding requests to the appropriate client where necessary.

For Meta-related data: You can also manage and remove apps that have access to your Meta accounts at any time:

• Facebook: Settings & Privacy → Settings → Apps and Websites
• Instagram: Settings → Security → Apps and Websites
• WhatsApp: Linked Devices & Business Account settings within the WhatsApp app

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Regular security reviews of our infrastructure and code
• Access controls with multi-factor authentication
• Confidentiality agreements with all team members
• Secure development practices and code review
• Incident response procedures and breach notification processes

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States, where Cart Back is based. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
• Data Processing Agreements with sub-processors
• Reasonable measures to protect transferred data

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a complaint regarding our data practices, please contact us:

Cart Back
Attn: Privacy
900 Lanark Dr
Wasilla, Alaska 99654
United States of America

Email: [email protected]
Phone: +1 (413) 361-9890

For EEA residents: You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed in violation of applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on our website and updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.