Privacy policy
CartCraft Pte Ltd (UEN: 202417742K) (“CartCraft,” “we,” “our,” or “us”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Shopify apps. Please read this Privacy Policy carefully.
When you use our contact forms, subscribe to our newsletter, become our customer by purchasing our Shopify apps, or engage with any other services or products we offer, we may collect personally identifiable information. This includes, but is not limited to:
2.2 Usage Data We use Google Analytics and Facebook Pixel on our website and app listings to gather information about visitor behavior, such as the visitor’s location, duration of visit, website navigation, and interactions. This data is used to improve our website, optimize the user experience, and for marketing purposes. You can manage your cookie preferences and opt-out of certain third-party cookies using the Borlabs Cookie Consent Manager on our website.
2.3 Shopify App Data When you install and use our Shopify apps, we may collect certain information through the Shopify API, such as your shop URL, email address, and data related to your shop. This information is used to provide and improve our app functionality.
We retain the data collected through our Shopify apps for 30 days after the app is uninstalled from your shop. If you wish to have your data deleted sooner, please contact us, and we will promptly remove your data from our systems.
For our other products or services, we may retain data for a longer period if necessary for customer support inquiries or other legitimate business interests, including legal documentation purposes. However, we do not share this data and are happy to delete it upon request. Please contact us if you would like your data to be removed, and we will ensure it is deleted from our systems.
Our Shopify apps use Stripe as the payment processor. The payment is handled directly by Shopify, and we only receive the funds. Stripe’s privacy policy can be found at https://stripe.com/privacy.
We use Jira Service Management for managing support inquiries. Data submitted through Jira is processed and shared with Slack for support staff notifications. Jira and Slack employ sub-processors for infrastructure services and support.
We use Amazon Web Services (AWS) for hosting our email servers and general servers. AWS processes and stores data on our behalf in their data centers, some of which are located outside of Singapore. AWS ensures appropriate security measures are in place for international data transfers in compliance with applicable laws and regulations. AWS implements technical and organizational security measures in accordance with industry standards such as ISO 27001, 27017, and 27018. We have data processing agreements and standard contractual clauses in place with AWS to ensure the protection of your data.
We use Raidboxes, located in Germany, for website hosting services. Raidboxes complies with GDPR requirements for data processors, ensuring a high standard of data protection and security. This includes implementing strong encryption methods, strict access controls, and data minimization practices. Raidboxes also provides GDPR-compliance. Their privacy policy can be found at https://raidboxes.io/legal/privacy-policy/
We use the Borlabs Cookie Consent Manager to obtain user consent for the use of cookies and cookie-based applications. Borlabs processes data in accordance with GDPR standards, ensuring user privacy and data protection. Borlabs implements robust security measures, including data encryption and user consent logs, to safeguard personal data. More information can be found in their privacy policy: https://borlabs.io/privacy-policy/
We use GetResponse, an email marketing platform, for collecting email addresses through sign-up forms on our website, sending newsletters and notifications about app releases or updates, categorizing leads based on app interests or customer status, and sending targeted notifications to specific lead categories. Data is transferred to GetResponse servers in the USA. GetResponse implements security measures in accordance with GDPR standards, and we have a data processing agreement in place with them. Users have the rights to access, rectify, erase, restrict processing, and object to the processing of their data.
– GetResponse Privacy Policy: https://www.getresponse.com/legal/privacy
We use Google Analytics to analyze website usage and improve performance. Google Analytics collects data such as your IP address, location, browser type, and pages visited. This data is used to analyze trends, track user movements, and gather demographic information. Users can opt-out of Google Analytics data collection through browser settings or plugins. The cookie consent manager also assists with opt-out options.
Google Analytics stores the collected data on servers located in various countries, including the United States. To ensure a level of protection comparable to the PDPA, Google implements the following measures:
We use Facebook Pixel for marketing and ad optimization. Facebook Pixel tracks website interactions and collects data for marketing purposes. Data is transferred to Meta Platforms Inc. in the USA, which is certified under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
We use Microsoft Azure for providing AI services, and other cloud computing services. Azure processes and stores data on our behalf in accordance with data processing agreements and standard contractual clauses. Microsoft ensures appropriate security measures for international data transfers and treats your data confidentially.
By using our services, you consent to the processing of your data by these third-party service providers in accordance with their respective privacy policies. We ensure that appropriate data processing agreements, standard contractual clauses, and security measures are in place to protect your data and comply with applicable data protection laws and regulations, such as the GDPR and the PDPA.
Some of the third-party services we use may process data outside of Singapore. We ensure that appropriate safeguards are in place for international data transfers in compliance with the Personal Data Protection Act (PDPA) and other applicable laws and regulations. This includes the use of standard contractual clauses and ensuring that recipients provide a comparable level of protection to the PDPA.
We implement reasonable security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.
Cookies and Opt-Out
Cookies and Opt-Out
Our website and apps are intended solely for use by businesses and business customers. We sell our products and services exclusively to businesses (B2B) and do not target children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from children, we will promptly delete such data.
If you believe that we might have information from or about a child under 13, please contact us immediately at contact@cartcraft.io so that we can take the necessary steps to delete the information.
Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Data Protection Officer at:
CartCraft Pte Ltd
1 North Bridge Road,
#B1-35,
High Street Centre,
Singapore (179094)
Email: contact@cartcraft.io
This Privacy Policy was last updated on 19.06.2024
Support portal
email newsletter tool
cookie banner
datenschutz und agb etc.
Stay connected with us for any inquiries or support needs. Fill out the form below or reach us directly through our contact details.