Privacy Policy

We collect information you provide directly to us, such as when you:

• Sign up for our waitlist or early access program
• Create an account or subscribe to our service
• Connect your Whop store to our cart recovery service
• Configure Discord integration for customer notifications
• Contact us for support or inquiries
• Participate in surveys or feedback sessions

Types of Information:

• Contact Information: Email address, name, and communication preferences for waitlist and service notifications
• Account Information: Username, password, subscription plan, and account settings
• Whop Integration Data: Store information, product data, customer email addresses, and cart abandonment events accessed through Whop API
• Discord Integration Data: Discord user IDs and server information for sending cart recovery messages
• Usage Data: Cart recovery campaign performance, email open rates, click-through rates, and service analytics
• Technical Information: IP address, browser type, device information, operating system, and website interaction data
• Analytics Data: Website usage patterns, feature utilization, and performance metrics collected through our analytics tools

Automatic Data Collection:

We automatically collect certain information when you visit our website or use our service:

• Log data including IP addresses, browser types, and access times
• Cookies and similar tracking technologies for website functionality and analytics
• Usage patterns and feature interactions within our application
• Performance data to monitor and improve service reliability

We use the information we collect to:

• Provide, maintain, and improve our cart recovery service
• Process transactions and send related information
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Communicate with you about products, services, offers, and events
• Monitor and analyze trends, usage, and activities in connection with our service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities

We may share your information in the following situations:

Service Providers:

We work with third-party service providers to help us operate our business, including:

• Email Services (Resend): For sending cart recovery emails, service notifications, and marketing communications
• Analytics Providers: To understand how our service is used and improve performance
• Cloud Infrastructure (Supabase, Vercel): For hosting, data storage, and application deployment
• Payment Processors: For handling subscription payments and billing
• Database Services (PostgreSQL, Redis): For data storage and caching

Platform Integrations:

• Whop API: We access your Whop store data including customer information, product details, and cart events to provide cart recovery services. This data is processed according to Whop's terms and our agreement with you.
• Discord API: We use Discord's API to send direct messages to customers for cart recovery purposes. We only access the minimum necessary information to deliver these messages.

Data Processing Agreements:

All service providers that process personal data on our behalf are bound by data processing agreements that require them to:

• Process data only for the purposes we specify
• Implement appropriate security measures
• Not use data for their own purposes
• Delete or return data when our agreement ends

Legal Requirements:

We may disclose your information if required by law or in response to valid legal requests, including:

• Compliance with legal obligations
• Protection of our rights and property
• Prevention of fraud or illegal activities
• Response to court orders or government requests

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and employee training
• Secure data centers and infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal information:

GDPR Rights (EU Residents):

• Right of Access: Request access to your personal information and details about how we process it
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information
• Right to Data Portability: Request a copy of your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal information for direct marketing or legitimate interests
• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents):

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of personal information we have collected about you
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

How to Exercise Your Rights:

To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will:

• Respond to your request within 30 days (GDPR) or 45 days (CCPA)
• Verify your identity before processing requests
• Provide information in a clear and understandable format
• Not charge fees for most requests (unless excessive or repetitive)

Verification Process:

To protect your privacy, we may need to verify your identity before processing certain requests. This may include:

• Confirming your email address
• Asking for additional identifying information
• Requiring you to log into your account

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

• Adequacy decisions by relevant authorities
• Standard Contractual Clauses
• Your explicit consent where required

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specific retention periods include:

• Account Information: Until account deletion or 3 years after last activity
• Waitlist Data: Until service launch or 2 years from signup, whichever comes first
• Cart Recovery Data: 90 days after cart abandonment event or until successful recovery
• Email Communications: 2 years from last interaction for service emails, 1 year for marketing emails
• Analytics Data: 26 months from collection (in compliance with Google Analytics standards)
• Support Records: 3 years from resolution for quality assurance and legal compliance
• Payment Information: As required by payment processors and tax regulations (typically 7 years)
• Legal Compliance Data: As required by applicable laws and regulations

Automated Deletion:

We have implemented automated systems to delete data when retention periods expire:

• Cart recovery campaigns are automatically purged after 90 days
• Inactive accounts are flagged for review after 2 years of inactivity
• Analytics data is automatically anonymized after 26 months
• Temporary files and logs are deleted within 30 days

Data Deletion Requests:

You can request deletion of your personal information at any time by contacting us. We will:

• Process deletion requests within 30 days
• Confirm completion of deletion via email
• Retain only data required for legal compliance
• Notify third-party processors to delete shared data

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have an account with us
• Post a notice on our website for significant changes
• Obtain your consent for material changes that affect your rights

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our service after any changes indicates your acceptance of the updated policy.

Version History:

• Version 1.0 (January 20, 2025): Initial privacy policy

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Response Times:

• General Inquiries: Within 5 business days
• Privacy Rights Requests: Within 30 days (GDPR) or 45 days (CCPA)
• Data Breach Notifications: Within 72 hours (where required by law)
• Urgent Privacy Concerns: Within 24 hours

Regulatory Authorities:

If you are not satisfied with our response to your privacy concerns, you may contact the relevant data protection authority in your jurisdiction:

• EU Residents: Your local Data Protection Authority
• California Residents: California Attorney General's Office
• Other Jurisdictions: Your local privacy regulator