Privacy Policy

Effective date: March 8, 2026

1. Introduction

CopilotCart (“we,” “us,” or “our”) operates the CopilotCart e-commerce platform, including the website at copilotcart.com, all related subdomains, and our merchant administration tools (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: name, email address, password, and phone number when you register for an account.
  • Store information: store name, store code, business address, industry type, and product catalog data.
  • Payment information: billing name, card details (last four digits, expiration date, card brand). Full payment card numbers are processed and stored exclusively by our payment processor, Stripe. We never store full card numbers on our servers.
  • Communications: messages, feedback, and other content you provide through our contact forms, support channels, or AI copilot interactions.
  • Content: product descriptions, images, and other content you upload to your store.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, time spent on the platform, and interaction patterns.
  • Device information: browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log data: IP address, access timestamps, referring URLs, and error logs.
  • Cookies and tracking technologies: see our Cookie Policy for details.

2.3 Information From Third Parties

  • Payment processors: Stripe may provide us with transaction status, payment method details (last four digits, card brand), and fraud screening results.
  • Analytics providers: aggregated and anonymized usage data from analytics services we use to improve the platform.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: create and manage your account, operate your store, process transactions, and deliver the features you use.
  • Process payments: manage subscriptions, process billing, and handle refunds through our payment processor.
  • AI-powered features: power our copilot features including setup assistance, product description generation, analytics, translations, smart search, and customer support automation. Your store data is used to provide accurate, context-aware responses.
  • Communicate with you: send service-related notifications, account alerts, subscription updates, and respond to your inquiries.
  • Improve the Service: analyze usage patterns, diagnose technical issues, and develop new features.
  • Security: detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
  • Legal compliance: comply with applicable laws, regulations, legal processes, and governmental requests.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Payment processors: we share necessary transaction details with Stripe to process payments. Stripe’s handling of your data is governed by its own privacy policy.
  • Cloud infrastructure providers: we use Amazon Web Services (AWS) to host and operate the platform. Data is stored and processed in accordance with AWS’s security standards.
  • AI service providers: certain AI features may use third-party language model providers. When used, only the minimum data necessary to generate a response is shared, and we do not permit these providers to use your data for training their models.
  • Legal requirements: we may disclose information when required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: in the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, tax, audit, or regulatory purposes.

Store data (products, orders, customer records) associated with your store will be deleted when you delete your store or close your account. We recommend exporting your data before account deletion.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS/SSL), encryption at rest, role-based access controls, regular security assessments, and secure development practices. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request that we correct inaccurate or incomplete information.
  • Deletion: request that we delete your personal information, subject to legal retention requirements.
  • Portability: request a machine-readable copy of your data.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Objection: object to the processing of your data for certain purposes.
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at our contact page. We will respond to your request within 30 days.

9. Rights for European Economic Area (EEA) Residents

If you are located in the EEA, we process your personal data under the following legal bases: performance of our contract with you (to provide the Service), our legitimate interests (to improve and secure the Service), your consent (for optional features and communications), and compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

10. Rights for California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights. You have the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To submit a request, contact us at our contact page.

11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Effective date” above. For significant changes, we may also notify you by email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us.