Privacy Policy for CartMate

Effective Date: 15 January 2025

1. Introduction

At CartMate, your privacy is important to us. This Privacy Policy outlines the types of personal information that we collect, how we use it, and the steps we take to protect it. By using our app, you consent to the collection and use of your information as described in this policy. You may withdraw your consent at any time by contacting us.

2. Information We Collect

• Personal Information: When you register and use CartMate, we collect personal details such as your name, email address, and payment information (via Stripe). Additionally, we collect collaborator emails when shopping lists are shared.
• Usage Data: We collect data related to how you use the app, including the features you access, the time spent using the app, and other user interaction data. This includes tracking edits and additions made by collaborators for feature functionality.
• Location Data: CartMate may collect location information if you enable location-based features (e.g., for location-aware shopping lists).
• Device Information: We collect information about the device you use to access CartMate, such as your device type, operating system, and app version.
• Children’s Information: If your app is directed at children under the age of 13, we will obtain verifiable parental consent before collecting any personal information.
• Cookies and Tracking Technologies: We use cookies and similar technologies to improve app functionality and user experience. You can manage cookie preferences in your device settings.

3. How We Use Your Information

• To provide, maintain, and improve CartMate.
• To personalize your experience and tailor content to your preferences.
• To process payments and handle subscriptions via Stripe.
• To facilitate shopping list sharing and collaboration, including managing collaborator access.
• To suggest item categories and prices based on your past shopping behavior.
• To communicate with you about your account or changes to the app.
• To analyze usage trends and improve the overall user experience.
• To comply with legal obligations, including those related to data protection and privacy laws in various regions (e.g., CCPA, GDPR, PIPL).

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Data may be retained longer if required by legal obligations or to resolve disputes. Upon account deletion, we will delete your data within 30 days, except for data required by law.

5. Data Sharing and Disclosure

• With service providers (e.g., Stripe, Firebase) to process payments, host shared list links, and fulfill services.
• With legal and regulatory authorities, as required by law.
• In cases of business transfers, such as mergers or acquisitions, your personal data may be transferred as part of the transaction.
• When sharing shopping lists, a link is generated and hosted on Firebase, and collaborators must authenticate to access shared content.
• When using third-party sharing services (Email, Messenger, WhatsApp, etc.), their respective privacy policies and terms of use apply.

6. Data Security and Breach Notification

We take reasonable precautions to protect your personal information. Firebase security rules protect shared data, and collaborators must authenticate to access shared lists. In case of a data breach, affected users will be notified within 72 hours as required by applicable laws.

7. Your Rights

• Access: You have the right to request access to the personal data we hold about you.
• Correction: You can request correction of any inaccurate personal data.
• Deletion: You can request deletion of your personal data, subject to certain legal obligations.
• Opt-Out: In certain jurisdictions (e.g., CCPA), you may opt out of data sales and request deletion of your information.
• Complaint Process: You have the right to lodge a complaint about our privacy practices by contacting us directly. EU and England users may also contact their local data protection authority.

8. Cross-border Data Transfers

Your data may be transferred to, stored, and processed in countries outside your residence. We rely on Standard Contractual Clauses (SCCs) to safeguard data when transferred outside the EU.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or via email. Please review this policy periodically for any updates.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at [insert email].