Privacy Policy

Last updated: June 25, 2024  ·  Effective: June 25, 2024

1. Introduction

Welcome to CartixAI ("we", "our", "us"). We operate the website cartixai.com and the CartixAI platform — an AI-powered WhatsApp commerce solution for businesses in Pakistan.

This Privacy Policy explains what personal information we collect, how we use it, how we protect it, and your rights in relation to it. By using our platform, you agree to the practices described in this Policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, phone number, business name when you register.
  • Business information: product listings, prices, store branding, and business address.
  • Payment information: subscription plan chosen, payment method (Bank Transfer, JazzCash, or Easypaisa), and transaction reference numbers. We do not store raw card numbers or full bank account details.
  • Communications: messages you send to our support team.

2.2 Information We Collect Automatically

  • Usage data: pages visited, features used, time spent, click patterns, and errors encountered.
  • Device and browser data: IP address, browser type and version, operating system, and referral URL.
  • Cookies: session cookies for authentication and preference cookies for your dashboard settings. See Section 7 for details.

2.3 End-Customer Data (on behalf of our Merchants)

When your customers interact with your CartixAI-powered storefront or WhatsApp bot, we process their names, phone numbers, delivery addresses, and order details on your behalf as a data processor. You, as the merchant, are the data controller for this information and are responsible for informing your customers of its collection and use.

3. How We Use Your Information

  • Provide, operate, and maintain the CartixAI platform and services.
  • Process your subscription payments and send payment confirmations and receipts.
  • Enable your AI WhatsApp assistant to respond to your customers.
  • Send you important service notifications, including subscription renewal reminders, security alerts, and downtime notices.
  • Improve and personalise our platform based on usage patterns.
  • Prevent fraud, abuse, and unauthorised access.
  • Comply with legal obligations under the laws of Pakistan.
  • Respond to your support requests and feedback.

We do not sell your personal data or your customers' data to third parties.

4. Sharing of Information

We share your information only in the following limited circumstances:

  • Service providers: Trusted third-party vendors who process data strictly on our behalf (cloud hosting, email delivery, analytics). These vendors are bound by data processing agreements.
  • WhatsApp / Meta: To power your WhatsApp Business integration, certain message data passes through Meta's WhatsApp Business API under Meta's own terms and policies.
  • Legal requirements: If required by Pakistani law, court order, or government authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. If you close your account:

  • Account data is deleted within 30 days of account closure.
  • Order and payment records are retained for 7 years for legal and tax compliance under Pakistani law.
  • You may request earlier deletion of non-legally-required data by contacting us at [email protected].

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • HTTPS / TLS encryption for all data in transit.
  • Encrypted storage for sensitive account information.
  • Role-based access controls — only authorised personnel access your data.
  • Regular security audits and vulnerability assessments.

No system is 100% secure. In the event of a data breach, we will notify affected users within 72 hours of becoming aware of it.

7. Cookies

We use the following types of cookies:

  • Strictly necessary cookies: Session authentication — required for the platform to function. Cannot be disabled.
  • Preference cookies: Remember your dashboard settings and language preferences.
  • Analytics cookies: Anonymised usage statistics to help us improve the platform. You can opt out at any time.

You can manage cookie preferences in your browser settings. Disabling essential cookies will affect platform functionality.

8. Your Rights

You have the following rights over your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update inaccurate or incomplete data from your account settings or by contacting us.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations.
  • Portability: Request an export of your data in a machine-readable format.
  • Objection: Object to processing of your data for direct marketing purposes.

To exercise any of these rights, email us at [email protected]. We will respond within 14 working days.

9. Children's Privacy

CartixAI is a business platform intended for users aged 18 and older. We do not knowingly collect personal data from minors. If we learn that a minor has provided personal data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered account holders and by posting a notice on the platform at least 7 days before the change takes effect. Continued use of CartixAI after the effective date constitutes acceptance of the updated Policy.

11. Contact Us

CartixAI

Islamabad, Pakistan

Email: [email protected]

Website: cartixai.com