Privacy Policy

Cartlinc ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at cartlinc.com. By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of the Service.

We collect the following categories of information: Account Information • Full name and email address provided at registration • Password (stored in hashed form — never in plain text) • Profile information you choose to provide Payment Information • Billing name and address • Payment method details (credit/debit card numbers, billing cycles) • Transaction history and subscription status Note: Payment data is collected and processed directly by Paddle. Cartlinc does not store raw card numbers. Usage Data • Pages visited and features used within the platform • Ad campaigns created, prompts submitted, and images generated • Login timestamps and IP addresses • Browser type, device type, and operating system Uploaded Content • Product images and brand assets you upload for ad creation • Text prompts and creative briefs you submit Communications • Support requests and email correspondence you send to us

We use the information we collect to: • Create and manage your account and authenticate your identity • Provide, operate, and improve the Cartlinc platform and AI features • Process payments and manage your subscription • Send transactional emails (receipts, password resets, account alerts) • Send product updates and marketing communications (you may opt out at any time) • Respond to support requests and troubleshoot issues • Monitor for and prevent fraud, abuse, and unauthorized access • Comply with legal obligations and enforce our Terms of Service • Analyze aggregate usage patterns to improve platform performance We do not sell your personal information to third parties.

Your data is stored on secure, industry-standard infrastructure: • Amazon Web Services (AWS S3) — for storing uploaded product images and generated ad creatives. Files are stored in encrypted buckets with access controls. • Supabase — for user account data, subscription records, and application database. Supabase uses PostgreSQL with encryption at rest and in transit. All data in transit is protected by TLS/SSL encryption. We implement access controls to limit employee access to production data on a need-to-know basis.

We share limited data with trusted third-party providers to operate the Service: Paddle (paddle.com) Payment processing and subscription management. Paddle acts as a Merchant of Record for your transactions. Your payment information is subject to Paddle's Privacy Policy. fal.ai AI image generation service. Product images and prompts you submit may be processed by fal.ai's infrastructure to generate ad creatives. fal.ai does not retain your content for training purposes beyond the scope of service delivery. Google Gemini AI language model used for ad copywriting and creative suggestions. Text prompts are processed by Google's Gemini API. Please refer to Google's Privacy Policy for their data practices. Vercel Platform hosting and performance analytics (anonymized page view data, no personal identifiers). We require all third-party providers to handle your data securely and only for the purposes necessary to provide their services to us.

We use cookies and similar tracking technologies to enhance your experience: Essential Cookies — Required for authentication, session management, and core platform functionality. Cannot be disabled. Analytics Cookies — Used to understand how users interact with our platform (page views, feature usage). We use Vercel Analytics which collects anonymous, aggregated data. Preference Cookies — Used to remember your settings and preferences across sessions. You can control cookie settings through your browser preferences. Note that disabling essential cookies may prevent you from using certain features of the Service.

Depending on your jurisdiction, you may have the following rights regarding your personal data: Right of Access — Request a copy of the personal data we hold about you. Right to Rectification — Request correction of inaccurate or incomplete data. Right to Erasure — Request deletion of your personal data, subject to legal retention requirements. Right to Export — Request your data in a portable, machine-readable format. Right to Restrict Processing — Request that we limit how we use your data in certain circumstances. Right to Object — Object to processing of your data for direct marketing purposes. Opt-Out of Marketing — Unsubscribe from marketing emails at any time via the link in any email or by contacting info@cartlinc.com. To exercise any of these rights, please email us at info@cartlinc.com with your request. We will respond within 30 days.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically: • Account data is retained for the duration of your subscription plus 90 days after account deletion, to allow for recovery requests. • Payment records and transaction history are retained for 7 years to comply with financial regulations. • Generated ad creatives and uploaded images are retained for the duration of your subscription. You may delete individual files at any time from your dashboard. • Support correspondence is retained for 2 years. After retention periods expire, data is securely deleted or anonymized.

The Cartlinc platform is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@cartlinc.com and we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send an email notification. Your continued use of the Service after changes constitutes your acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us: Email: info@cartlinc.com Website: https://cartlinc.com