Privacy Policy

Last updated: October 27, 2025

Table of Contents
Introduction

Cart Whisper ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our Shopify application, or interact with our services.

By using Cart Whisper, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use our services.

Information We Collect

Site Visitors

When you visit our website, we automatically collect certain information about your device and your interaction with our site, including:

  • Browser type and version
  • Operating system
  • IP address and geographic location
  • Pages visited and time spent on our site
  • Referring website
  • Device information (screen size, device type)

App Users (Shopify Store Owners)

When you install and use our Shopify app, we collect:

  • Shopify store information (store name, URL, owner details)
  • Contact information (email address, phone number if provided)
  • Store configuration and settings
  • Cart abandonment data and customer behavior analytics
  • Product information and inventory data
  • Order and transaction information
  • Customer email addresses and contact information for recovery campaigns

Store Visitors (End Customers)

For visitors to stores using Cart Whisper, we may collect:

  • Browsing behavior and cart activity
  • Email addresses (when provided during checkout or newsletter signup)
  • Device and browser information
  • IP address and location data
  • Session information and cookies
How We Use Your Information

We use the collected information for various purposes, including:

  • Providing and maintaining our cart recovery services
  • Sending cart abandonment emails and SMS notifications
  • Analyzing user behavior to improve our services
  • Personalizing user experience and content
  • Processing payments and managing subscriptions
  • Communicating with users about updates, features, and support
  • Detecting and preventing fraud or abuse
  • Complying with legal obligations
  • Improving our website and app functionality
  • Conducting research and analytics to enhance our services
Sharing Your Information

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our business, such as email service providers, analytics services, and payment processors.
  • Shopify: As a Shopify app, we share certain information with Shopify in accordance with their API terms and privacy policies.
  • Legal Requirements: We may disclose information when required by law, such as in response to a subpoena or court order.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction.
  • Consent: We may share information with your explicit consent.

We require all third-party service providers to maintain the confidentiality and security of your information and to use it only for the specific purposes for which it was disclosed.

Your Rights

GDPR Rights (EU Residents)

If you are a resident of the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You can request copies of your personal data
  • Right of Rectification: You can request correction of inaccurate personal data
  • Right of Erasure: You can request deletion of your personal data
  • Right of Restriction: You can request restriction of processing of your personal data
  • Right of Data Portability: You can request transfer of your data to another service
  • Right to Object: You can object to processing of your personal data
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about what personal information we collect and how it's used
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: You can opt-out of the sale of your personal information (we do not sell personal information)
  • Right to Non-Discrimination: You cannot be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us at [email protected]

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Information: Retained for the duration of your account plus 7 years for legal and tax purposes
  • Cart Recovery Data: Retained for 2 years from the last interaction
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely
  • Communication Records: Retained for 3 years for customer service purposes
  • Legal Hold: Data may be retained longer if required by legal proceedings

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response procedures
  • Regular backups and disaster recovery plans
  • Compliance with industry security standards

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using reasonable efforts to protect your data.

International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Certification schemes and codes of conduct
  • Binding corporate rules where applicable

We take steps to ensure that transferred data receives adequate protection and that the transfer complies with applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last updated" date at the top of this Privacy Policy
  • Notify users of material changes via email or through our app
  • For significant changes, provide additional notice as required by law
  • Maintain previous versions for reference when legally required

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time

We will respond to your privacy-related inquiries within 30 days of receipt. For urgent matters, please indicate "URGENT" in your subject line.

Back to Top

Have questions about Cart Whisper? Visit our other pages:

Help CenterContact UsAbout