Privacy Policy

Last Updated: October 14, 2025

1. Introduction

YourCart.Store Ltd ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our services.

We comply with the General Data Protection Regulation (GDPR) and other applicable EU privacy laws.

2. Information We Collect

2.1 Account Information

When you create an account with us, we collect information based on your chosen authentication method:

2.1.1 Email/Password Authentication (Privacy-Focused)

When you sign up using our Email/Password authentication, we collect:

• First name and last name
• Email address
• Password (hashed and encrypted)
• Billing and shipping addresses (when you make a purchase)
• Payment information (processed securely through Stripe)

Important: With Email/Password authentication, we collect only the minimum data necessary to operate your account. We do not track your behavior or share your data with third parties for advertising or marketing purposes.

2.1.2 Google Sign-In Authentication (Alternative)

When you choose to sign in with Google, you authorize Google to share the following information with us:

• First name and last name
• Email address
• Profile picture

Important: Google Sign-In is an optional alternative authentication method. When you use Google Sign-In, your authentication and data sharing is subject to Google's Privacy Policy. Google may collect additional data and use it for advertising purposes. We recommend reviewing Google's privacy practices if you choose this authentication method.

Your Choice: You can select either authentication method based on your privacy preferences. Both methods provide access to all YourCart features.

2.2 Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Access times and dates

3. How We Use Your Information

We use your personal information solely for the following purposes:

• Processing and fulfilling your orders
• Managing your account
• Providing customer support
• Sending transactional emails (order confirmations, shipping updates)
• Complying with legal obligations

Data Usage by Authentication Method:

• Email/Password Users: Your data is used only for the purposes listed above. We do not track your behavior, profile you, or share your data with third parties for marketing or advertising purposes.
• Google Sign-In Users: In addition to the above, Google may track your usage across apps and services per their privacy policy (https://policies.google.com/privacy) for advertising and analytics purposes.

We do not use your information for marketing purposes.

We do not sell, rent, or share your personal data with third parties for their marketing purposes (except as noted for Google Sign-In users and service providers below).

4. Cookies

4.1 What Cookies We Use

We use essential cookies only to:

• Keep you logged in to your account
• Maintain your session security

4.2 Cookie Duration

Our authentication cookies expire after a reasonable period of inactivity or when you log out.

4.3 Managing Cookies

You can disable cookies through your browser settings, but this may prevent you from accessing certain features of our website, including the ability to remain logged in.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Your data is stored securely on protected servers.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. When you close your account, we will delete or anonymize your personal data within a reasonable timeframe.

7. Your Rights Under GDPR

As a data subject under EU law, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Request limitation of processing your data
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us using the details provided below.

8. Data Sharing

We do not sell your personal data to third parties.

We may share your information only with:

• Payment processors (to process transactions) - securely via Stripe
• Shipping carriers (to deliver your orders)
• Service providers who assist in operating our website (under strict confidentiality agreements)
• Google (for users who choose Google Sign-In authentication) - subject to Google's privacy policy

8.1 Third-Party Services

Email/Password Users: Your data is shared only with payment processors and shipping carriers as needed.

Google Sign-In Users: When you authenticate with Google Sign-In, Google has access to your account information and may use it according to their privacy practices. For more information, see Google's Privacy Policy.

All third parties (except Google) are contractually obligated to use your data only for the specific services they provide to us and not to share it with other parties for marketing purposes.

9. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

13. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law.