Privacy Policy

Overview

CART402 is a decentralized payment protocol. We are committed to protecting your privacy and being transparent about our data practices.

Because CART402 operates on-chain, all transactions are publicly visible on the Solana blockchain. However, we minimize the collection of personal data.

Information We Collect

Information You Provide

• Wallet Address: Your Solana wallet public key (required for transactions)
• Transaction Data: Purchase amounts, product IDs, timestamps
• Integration Data: E-commerce platform credentials (if using Shopify/WooCommerce)

Automatically Collected Information

• Technical Data: IP address, browser type, device information
• Usage Data: Pages visited, features used, interaction patterns
• Performance Data: Error logs, transaction success rates, settlement times

Blockchain Data

• On-Chain Transactions: All payment transactions are permanently recorded on Solana blockchain
• Public Information: Transaction signatures, wallet addresses, amounts, timestamps
• Immutability: Blockchain data cannot be deleted or modified

How We Use Your Information

We use collected information for:

• Transaction Processing: Execute and confirm crypto payments
• Service Delivery: Provide SDK functionality and API access
• Platform Integration: Sync with Shopify/WooCommerce catalogs
• Performance Monitoring: Track settlement times and success rates
• Security: Detect fraud, prevent abuse, ensure system integrity
• Support: Respond to inquiries and troubleshoot issues
• Improvements: Analyze usage patterns to enhance the protocol

Information Sharing

We Share Information With:

• Blockchain Networks: Transaction data is public on Solana
• Service Providers: Cloud hosting (AWS), analytics (if applicable)
• E-commerce Platforms: Shopify/WooCommerce (only data you authorize)
• Legal Authorities: If required by law or to protect rights

We Do Not:

• ❌ Sell your personal information
• ❌ Share data with advertisers
• ❌ Track you across other websites
• ❌ Store payment card information (crypto only)

Data Storage & Security

Storage

• Off-Chain Data: Stored on secure cloud infrastructure (AWS)
• On-Chain Data: Permanently stored on Solana blockchain
• Encryption: Data at rest and in transit is encrypted
• Access Control: Strict internal access policies

Security Measures

• Industry-standard encryption (TLS 1.3+)
• Regular security audits
• Automated threat detection
• Secure key management
• Multi-factor authentication for admin access

Retention

We retain off-chain data for:

• Transaction Records: 7 years (regulatory compliance)
• Technical Logs: 90 days
• Analytics Data: Aggregated indefinitely
• Blockchain Data: Permanent (cannot be deleted)

Your Rights

You Have the Right To:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request deletion of off-chain data (blockchain data cannot be deleted)
• Portability: Receive your data in a structured format
• Objection: Object to certain data processing
• Restriction: Request limited processing

Exercising Your Rights

To exercise these rights, contact us at:

• Email: privacy@cart402.com
• GitHub: github.com/tythrash/CART402

We will respond within 30 days.

Cookies & Tracking

We Use:

• Essential Cookies: Required for basic functionality
• Performance Cookies: Measure site performance (if analytics enabled)

We Do Not Use:

• ❌ Advertising cookies
• ❌ Cross-site tracking
• ❌ Third-party ad networks

You can disable cookies in your browser settings, but this may affect functionality.

Third-Party Services

We May Use:

• Solana Network: Public blockchain (see Solana Privacy Policy)
• AWS: Cloud hosting (see AWS Privacy Notice)
• Shopify: E-commerce integration (see Shopify Privacy Policy)
• WooCommerce: E-commerce integration (self-hosted)

These services have their own privacy policies. We are not responsible for their practices.

International Transfers

CART402 operates globally. Your data may be transferred to and processed in:

• United States (AWS infrastructure)
• European Union (if applicable)
• Other countries where our service providers operate

We ensure adequate safeguards for international data transfers.

Children's Privacy

CART402 is not intended for users under 18. We do not knowingly collect data from children.

If you believe we have collected data from a child, contact us immediately at privacy@cart402.com.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date.

Material changes will be communicated via:

• Email (if we have your email)
• Prominent notice on our website
• GitHub repository announcement

Continued use after changes constitutes acceptance.

Legal Basis (GDPR)

For EU/EEA users, we process data based on:

• Contract: Necessary to provide the service
• Legitimate Interest: Improve service, prevent fraud
• Consent: Where explicitly requested
• Legal Obligation: Compliance with laws

California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what data is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination

Contact privacy@cart402.com to exercise these rights.

Contact Us

For privacy questions or concerns:

• Email: privacy@cart402.com
• GitHub: github.com/tythrash/CART402
• X: @CommerceX402