Privacy Policy

1. Overview

Cartkite is owned and operated by Venture Brightly Pty Ltd Pty Ltd (ABN: 91 674 164 811) ("we," "us," or "our"), a registered company operating in Victoria, Australia.

Cartkite is a user-directed universal wishlist and price-monitoring utility. This Privacy Policy details the types of personal and technical information we collect, how we process data using sandboxed cloud infrastructure subprocessors, how we handle affiliate routing safely, and your privacy rights under global frameworks (including the Australian Privacy Principles, GDPR, and CCPA).

2. Information We Collect

We collect minimal personal identifiers and technical content rows necessary to execute tracking commands:

• Account Credentials: Your email address and security metadata captured during registration and secure session validation.
• Wishlist and Metadata Content: The raw merchant URLs you paste, extracted product titles, image assets, localized currencies, custom text tags, tracking history data, and active toggle states.
• Payment Metadata: When premium tiers are active, billing transactions are handled externally. We store payment status metrics and tokenized subscription references; your raw credit card numbers or banking secrets are never transmitted to or processed on our servers.
• Temporary Session Storage: We use browser-based sessionStorage during the web onboarding sequence to temporarily cache a product URL you paste before you complete account registration or authentication.
• System Logs: Internal diagnostics, including dispatch records for email notifications, intended to monitor delivery health and detect infrastructure abuse.

3. How We Process and Monetize Your Information

We process your information strictly for the following functional purposes:

• To authenticate user sessions and maintain individual wishlist storage.
• To coordinate background price check executions and deliver transaction alert emails.
• Affiliate Attribution Processing: Outbound redirects utilize anonymous, randomly generated tracking tokens passed to affiliate platforms (such as Skimlinks). This metadata tells the merchant that a sale originated from a Cartkite link so we can claim a commission. It contains no personal account identifiers, email addresses, or name fields.

4. Cookies and Web Analytics

We load functional cookies to store secure authentication sessions. Optional tracking analytics for optimization load exclusively if you explicitly grant authorization via our cookie banner:

• Google Analytics (GA4): Monitors traffic distribution and UI performance. Refer to Google's Partner Privacy Policy for data management rules.
• Contentsquare: Records user interaction maps and diagnostic session logs to identify broken layout bugs. Refer to Contentsquare's Privacy Policy for opt-out details.
• Preference Management: Visitors can reconfigure cookie tracking permissions via our floating privacy banner. Authenticated users can modify tracking parameters inside their account settings panel or in Cookie Settings.

5. Third-Party Subprocessors and Data Transfers

To run automated cloud workflows, your unstructured link inputs are processed across secure networks located outside your resident country (primarily within the United States). We maintain strict standard data agreements with the following subprocessors:

• Supabase: Hosts primary database tables, relational schemas, and secure application authentication profiles.
• Firecrawl & Browserless: Headless browser automation platforms used to connect to your specified merchant URLs and fetch raw web markup on demand.
• OpenAI (API Engine): Processes raw webpage text blocks to map and return structured layout fields (titles and numerical prices). Data transmitted via this enterprise API channel is subject to strict commercial conditions and is never used to train public LLM models.
• Resend: Processes transaction emails to route alerts directly to your inbox.
• Stripe: Manages encrypted checkout interfaces, tax calculations, and card processing pipelines.

6. Sharing, Disclosure, and Selling

• No Sale of Personal Profiles: We do not trade, sell, rent, or distribute your email addresses or personal account rows to data brokers or third-party advertising companies.
• Legal Disclosures: We will only disclose personal account profiles if required to do so by a valid legal order, law enforcement warrant, or to protect the physical safety and structural rights of our enterprise.

7. Data Retention and Erasure Controls

• We retain your personal identifier rows and active wishlist logs for as long as your user account remains open.
• If you execute an account deletion command inside your dashboard settings, your authenticated account structure, email linkages, and personal notification preferences are permanently scrubbed from our active production tables.
• Non-identifiable product rows (such as historical price nodes for public e-commerce items) may persist within our catalog structure to ensure historical chart accuracy for other platform users.

8. Global Compliance Context

Cartkite complies with the Australian Privacy Act, the EU/UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). Regardless of your geographical location, you have the right to request access to your stored files, request corrections to erroneous records, or command the absolute deletion of your personal data.

To execute these privacy rights, please contact our data handling officer:

• Email: hello@cartkite.com
• Contact: Venture Brightly Pty Ltd Pty Ltd, Victoria, Australia

Your use of Cartkite is also governed by our Terms & Conditions.