fullcart logomarkfullcart wordmark
Get Started

Prviacy Policy

Last Updated: July 3, 2025

At Fullcart.ai (“we,” “us,” or “our”), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our chatbot platform for ecommerce businesses (the “App”), including any integrations with third-party services (collectively, the “Services”). By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

This Privacy Policy applies to Fullcart.ai, provided by Luz Data, Inc., and governs data handling for users, including businesses and their authorized representatives. For questions about this Privacy Policy, contact us at [email protected].

1. Information We Collect

We collect information to provide and improve the Services, as described below:

1.1 Information You Provide

  • Account Information: When you register for an account, we collect individually identifiable information, such as your name, email address, company name, billing information, and other details you provide. If you use a corporate email address (e.g., [email protected]), your account may be subject to organizational oversight, as described in our Terms and Conditions. If choose to connect to the App with your Google account, we will access basic profile information (name, email address, profile picture) to authenticate your identity.
  • Input Data: You may provide data to the App, such as data from integrated third-party services (e.g., ecommerce platforms, analytics tools, communication services, or data warehouses), to enable chatbot functionality. This may include product details, customer data, or analytics metrics (“Input”).
  • Feedback: Any feedback, support requests, or communications you send us, including via email or in-app channels.

1.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the App, such as IP addresses, device information, browser type, pages visited, and timestamps.
  • Analytics Data: We use analytics tools to track usage patterns, performance metrics, and errors to improve the App. This may include data from third-party analytics services you integrate.

1.3 Information from Third-Party Integrations

When you connect third-party services to the App, we may collect data from those services to provide chatbot functionality. This may include:

  • Ecommerce Data: Product catalogs, order details, or customer information from platforms like Shopify.
  • Analytics Data: Metrics or reports from tools like Google Analytics.
  • Communication Data: Email or SMS content or metadata from integrated communication services.
  • Data Warehouse Data: Structured data from platforms like Snowflake.
    We only collect data necessary to provide the Services, and you control which third-party services to integrate.

2. How We Use Your Information

We use your information to:

  • Provide the Services: Process Input to generate chatbot responses (“Output”), enable integrations, and deliver core App functionality.
  • Improve the App: Analyze usage data, feedback, and Content (Input and Output) to enhance performance, and develop new features.
  • Manage Accounts: Authenticate users, process payments, and facilitate account transfers to organizational control for corporate domain accounts.
  • Communicate: Respond to inquiries, send service-related notifications (e.g., account transfers, termination notices), and provide updates about the App.
  • Ensure Security and Compliance: Detect and prevent fraud, abuse, or harmful activities, and comply with legal obligations, such as trade control laws.
  • Personalize Experiences: Tailor chatbot responses or App features based on your preferences and usage patterns.

3. How We Share Your Information

We do not sell your personal information. We may share your information as follows:

  • With Your Consent: When you authorize us to share data, such as through third-party integrations you enable.
  • Corporate Account Administrators: If you use a corporate email address, your account information and Content may be shared with your organization’s administrator, as outlined in our Terms and Conditions.
  • Service Providers: We share information with trusted third-party providers (e.g., hosting, analytics, or payment processors) who assist in operating the App, subject to strict confidentiality agreements.
  • Third-Party Integrations: Data you provide through integrations is shared with the respective third-party services to enable functionality, governed by their privacy policies.
  • Legal Obligations: We may disclose information to comply with applicable laws, respond to legal processes (e.g., subpoenas), or protect our rights, users, or others, including in cases of harmful use as described in our Terms and Conditions.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to a successor entity, with notice to you where required.

4. AI and Data Processing

The App uses artificial intelligence to process Input and generate Output. We may use Content to enhance the Services. You can opt out of having your Content used for training by contacting us at [email protected]. Opting out may limit the App’s ability to provide personalized or optimized responses.

Due to the probabilistic nature of AI, Outputs may not always be accurate. You are responsible for verifying Outputs before use, as outlined in our Terms and Conditions.

5. Data Security

5.1 Security Measures

We implement reasonable technical and organizational measures to protect your information from unauthorized access, loss, or alteration. These measures include encryption, access controls, and regular security assessments. However, no system is completely secure, and you are responsible for securing your account credentials and third-party integrations.

5.2 Data Loss Prevention Strategy

We employ a data loss prevention (DLP) strategy to minimize the risk of data loss, including automated backups, restricted access to sensitive data, and monitoring for unauthorized activities. Our DLP measures are designed to protect your account information, Input, and Output from accidental deletion or corruption.

5.3 Security Incident Response

In the event of a security incident (e.g., a data breach), we have a response policy to promptly investigate, mitigate, and notify affected users as required by law (e.g., within 72 hours under GDPR). We will notify you via email or in-app notification if your personal information is impacted, including details of the incident and recommended actions.

5.4 Separation of Test and Production Data

We maintain separate environments for test and production data to ensure your live data (e.g., from third-party integrations) is not used in testing or development. Test environments use anonymized or synthetic data to protect your information.

6. Your Data Protection Rights

Depending on your location (e.g., under GDPR for EU residents or CCPA for California residents), you may have the following rights:

  • Access: Request a copy of your personal information.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal obligations.
  • Restriction: Request restriction of processing in certain cases.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing for specific purposes, such as AI training.
  • Non-Discrimination: Exercise your rights without discrimination (e.g., no denial of service).
    To exercise these rights, contact us at [insert contact email]. We will respond within the timeframes required by law (e.g., 30 days under GDPR, 45 days under CCPA).

7. Data Retention

We retain your information only as long as necessary to provide the Services, comply with legal obligations, or resolve disputes. Account information, Input, and Output are retained until you delete your account or it is terminated under our Terms and Conditions (e.g., for harmful use or inactivity). Upon termination (e.g., after churn), we delete your personal information within 30 days, unless required to retain it by law (e.g., for tax or audit purposes). Data from third-party integrations is retained only as needed to provide the Services, subject to the third-party’s retention policies. Fullcart offers a Zero Data Retention option for additional fees. Please reach out to [email protected] to learn more about Zero Data Retention.

8. International Data Transfers

If you are located outside the United States, your information may be transferred to and processed in jurisdictions with different data protection laws. We use safeguards, such as Standard Contractual Clauses for EU data, to ensure compliance with applicable laws.

9. Third-Party Integrations

You may integrate the App with third-party services (e.g., ecommerce platforms, analytics tools, communication services, or data warehouses). These services are governed by their own privacy policies, and we are not responsible for their practices, including any tracking technologies they may use. You are responsible for ensuring that your use of integrations complies with applicable laws and third-party terms.

10. California-Specific Disclosures

For California residents (under the CCPA):

  • Categories of Personal Information: We collect identifiers (e.g., name, email), commercial information (e.g., billing details), internet activity (e.g., usage data), and professional information (e.g., company name).
  • Sources: Directly from you, automatically via the App, or from third-party integrations.
  • Business Purposes: Providing Services, improving the App, security, and compliance.
  • Sharing: With service providers, corporate account administrators, third-party integrations, or as required by law.
  • Your Rights: You may request access, deletion, or opt-out of data sharing (though we do not sell data). Contact us at [insert contact email].

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new integrations. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. Continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

12. Children

Our Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

13. Contact Us

For questions, requests, or complaints about this Privacy Policy, contact us at:
[email protected]

If you are in the EU, you may also contact lodge a complaint with your local data protection authority to [email protected].