Last updated: April 27, 2026
Privacy Policy
What we collect:Your email, your store's product data, and how visitors use CartIn on your storefront.
What we do not collect:We do not connect to Facebook, Instagram, Google, or any third-party social account. We do not sell your data. We do not share your customers' conversations with anyone.
Questions: support@cartinai.shop
1. Who We Are
CartIn AI is a product of BlueBuck Research LLP, a limited liability partnership registered in West Bengal, India.
When this policy says "we", "us", or "our", it refers to BlueBuck Research LLP and the CartIn AI service accessible at cartinai.shop and app.cartinai.shop.
When it says "you" or "merchant", it refers to the brand or individual who has created a CartIn AI account to deploy the widget on their Shopify store.
When it says "visitor" or "end user", it refers to the shoppers who interact with the CartIn AI widget on your storefront.
2. What Data We Collect
2a. Data you give us directly (merchant account)
When you sign up for CartIn AI, we collect:
- Your email address — to create your account and communicate with you
- Your Shopify store domain — to connect your product catalog
- Your agent configuration — name, tone, colours, and widget settings you choose
We do not offer sign-in via Google, Facebook, Instagram, Twitter, LinkedIn, or any third-party social platform. Account creation requires only an email address and password.
2b. Data we sync from your Shopify store
When you connect your Shopify store via OAuth, we access:
- Product titles, descriptions, prices, images, inventory levels, and tags
- Order status information (used only to respond to "Where is my order?" queries from your visitors)
- Store name and domain
We access this data using Shopify's official Admin API. We do not access customer payment information, billing details, or any data beyond what is listed above.
2c. Visitor conversation data
When a visitor interacts with the CartIn AI widget on your storefront, we collect:
- The messages exchanged in the conversation
- The language detected from the visitor's messages
- The page URL where the conversation started
- Basic session identifiers (anonymous — we do not collect names, emails, or phone numbers of visitors unless your lead capture feature is enabled)
If you have enabled the lead capture feature, and a visitor voluntarily provides their WhatsApp number or email, that data is stored in your merchant dashboard and is accessible only to you.
2d. Usage data (collected automatically)
When you use the CartIn AI dashboard at app.cartinai.shop, we automatically collect:
- IP address
- Browser type and version
- Pages visited and time spent
- Device type
This data is used to maintain and improve the service.
3. What We Do Not Collect
We want to be direct about this:
- We do not collect data from Facebook, Instagram, Google, or any social platform
- We do not track your visitors across other websites
- We do not sell any data — merchant data, visitor data, or conversation data — to any third party
- We do not use visitor conversations for training AI models without explicit consent
- We do not store payment card details (payments are processed by Razorpay or Stripe, not by us)
4. How We Use Your Data
We use the data we collect to:
- Provide and operate the CartIn AI service
- Sync your Shopify products and generate AI-ready context for each product
- Respond accurately to your visitors' questions
- Show you analytics in your merchant dashboard (chat-to-cart rates, top questions, leads captured)
- Send you transactional emails — account confirmations, billing receipts, important service updates
- Improve the CartIn AI product based on aggregated, anonymised usage patterns
We do not use your data for advertising. We do not show ads in CartIn AI.
5. Data Sharing
We share data with a small number of trusted service providers who help us operate CartIn AI:
| Provider | Purpose | Data shared |
|---|---|---|
| Cloud Infrastructure & Database Providers | Database and file storage | All merchant and conversation data |
| AI Language Model Providers | AI response generation | Visitor messages and product context (anonymised) |
| Hosting & Edge Network Providers | Hosting and edge delivery | Request logs |
| Payment Gateways | Payment processing | Billing information only |
| Product Analytics Providers | Product analytics | Anonymised usage events |
We do not share data with any other third parties. We do not share data with Meta, Google, or any advertising network.
When we share visitor messages with Anthropic for AI response generation, we do not include any personally identifiable information. The data shared is limited to the conversation text and relevant product context needed to generate a response.
6. Data Storage and Security
Your data is stored on servers operated by Supabase, with primary data centres in Asia (Singapore region). We implement the following security measures:
- All data in transit is encrypted using TLS 1.2 or higher
- All data at rest is encrypted
- Supabase admin access is restricted to key personnel only
- API keys and access tokens are encrypted before storage
- We conduct regular security reviews
No method of storage or transmission over the internet is 100% secure. We take reasonable precautions but cannot guarantee absolute security.
7. Data Retention
| Data type | Retention period |
|---|---|
| Merchant account data | Until account is deleted |
| Product sync data | Until store is disconnected or account deleted |
| Conversation logs | 12 months from conversation date |
| Visitor lead data (WhatsApp/email) | Until merchant deletes it from dashboard |
| Payment records | 7 years (required by Indian law) |
| Usage logs | 90 days |
8. Your Rights (Merchant)
As a merchant using CartIn AI, you have the right to:
- Access — request a copy of all data we hold about you
- Correction — update inaccurate information via your dashboard
- Deletion — delete your account and request removal of all associated data
- Portability — request your conversation and configuration data in a structured format
- Disconnect — revoke Shopify access at any time from your Shopify admin
To exercise any of these rights, email us at support@cartinai.shop. We will respond within 14 business days.
9. Cookies
CartIn AI uses cookies on the dashboard (app.cartinai.shop) for:
- Session cookies — to keep you logged in during a session
- Preference cookies — to remember your dashboard settings
The CartIn AI widget script placed on your storefront uses a session identifier stored in localStorage (not a cookie) to maintain conversation continuity within a single browsing session. This identifier is anonymous and is not used for cross-site tracking.
We do not use advertising cookies or third-party tracking pixels.
10. Children's Privacy
CartIn AI is a B2B service designed for use by businesses. We do not knowingly collect personal data from individuals under the age of 18. The widget on your storefront may be seen by visitors of any age, but we do not collect personally identifiable information from visitors unless your lead capture feature is enabled.
11. Changes to This Policy
We may update this Privacy Policy when our practices change. When we do:
- We will update the "Last updated" date at the top
- We will notify merchants via email at least 14 days before changes take effect
- Continued use of CartIn AI after the notice period constitutes acceptance
12. Governing Law
This Privacy Policy is governed by the laws of the Republic of India. Any disputes arising from this policy will be subject to the jurisdiction of courts in West Bengal, India.
13. Contact
For privacy-related questions or to exercise your data rights:
Email: support@cartinai.shop
Company: BlueBuck Research LLP
State: West Bengal, India
We aim to respond to all privacy enquiries within 14 business days.
