Privacy Policy

1. Introduction

CartBack, Inc. ("CartBack," "we," "our," or "us") respects your privacy and is committed to protecting the personal data of our website visitors, clients, and end-users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (cartback.net), use our services, or interact with us in any way.

By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name, and job title when you fill out contact forms, request a demo, or sign up for our services.
• Account Information: Username, password, and account preferences when you create an account on our platform.
• Payment Information: Billing address and payment details (processed securely through third-party payment processors — we do not store credit card numbers).
• Communication Data: Messages, feedback, and other information you send to us through email, contact forms, live chat, or other communication channels.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

• Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on pages, click patterns, referral sources, and navigation paths.
• Network Information: IP address, internet service provider, and approximate geographic location.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activity. See Section 7 for our Cookie Policy.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• E-Commerce Platforms: When our clients integrate CartBack with platforms such as Shopify, WooCommerce, or Magento, we process order and customer data on behalf of our clients.
• Meta Platforms: Through our integrations with Facebook, Instagram, WhatsApp, and Messenger, we may receive user interaction data in accordance with Meta's Platform Terms and Data Use Policy.
• Analytics Providers: We may receive aggregated analytics data from third-party analytics services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our services, including cart recovery, messaging, advertising, and analytics features.
• Communication: To respond to your inquiries, send service-related notifications, and provide customer support.
• Marketing: To send promotional communications about our services (with your consent where required). You may opt out at any time.
• Analytics: To analyze usage patterns, improve our website and services, and develop new features.
• Security: To detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Contractual Obligations: To fulfill our obligations under client service agreements.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

• Consent: Where you have given explicit consent for a specific processing activity (e.g., marketing emails).
• Contractual Necessity: Where processing is necessary to fulfill a contract with you or to take steps at your request before entering a contract.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests.
• Legal Obligation: Where processing is necessary to comply with a legal obligation.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party companies that help us deliver our services, including cloud hosting (AWS), email delivery, payment processing, and analytics providers. These providers are contractually bound to protect your data.
• Meta Platforms: We share data with Meta (Facebook, Instagram, WhatsApp, Messenger) as necessary to deliver our advertising, messaging, and commerce services. This sharing is governed by our data processing agreements with Meta and subject to Meta's Data Use Policy.
• Our Clients: When we process data on behalf of our e-commerce clients, we share relevant performance data, analytics, and reports as specified in our service agreements.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account Data: Retained for the duration of your account and for up to 30 days after account deletion.
• Client Data: Retained for the duration of the service agreement and for up to 90 days after termination, unless otherwise specified.
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical analysis.
• Legal Records: Data required for legal or regulatory compliance is retained for the applicable statutory period.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for the operation of our website. They enable core functionality such as security, session management, and accessibility.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting information anonymously. We use Google Analytics and similar tools.
• Marketing Cookies: Used to track visitors across websites for the purpose of displaying relevant advertisements. These may include the Meta Pixel for Facebook and Instagram advertising.
• Preference Cookies: Enable our website to remember your preferences, such as language or region settings.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

8. Your Rights and Choices

8.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restriction: Request restriction of processing of your personal data.
• Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
• Right to Object: Object to the processing of your personal data for certain purposes, including direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time for processing activities based on consent.

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information collected about you.
• Right to Delete: Request deletion of personal information collected from you.
• Right to Opt-Out: Opt out of the sale of your personal information. Note: CartBack does not sell personal information.
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights.

To exercise any of these rights, please contact us at [email protected] or by writing to our address listed in Section 12.

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Regular security audits and penetration testing
• Access controls with multi-factor authentication
• Employee security training and confidentiality agreements
• SOC 2 Type II certified security controls
• Incident response procedures and breach notification processes

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Compliance with the EU-U.S. Data Privacy Framework where applicable

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a complaint regarding our data practices, please contact us:

CartBack, Inc.
Data Protection Officer
1234 Commerce Boulevard, Suite 500
New York, NY 10001
United States

Email: [email protected]
Phone: +1 (800) 555-CART (2278)

For EEA residents: You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed in violation of applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on our website and updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.