Effective Date
This Privacy Policy is effective and last updated as of December 27, 2023. To see the prior version, click here.At API2Cart, we are committed to protecting your private personal information. This Privacy Policy explains what information we collect and how API2Cart uses it. This Privacy Policy applies to API2Cart developed by MagneticOne and the official API2Cart website www.api2cart.com (the "Site") and API2Cart service web application https://app.api2cart.com.
This Privacy Policy is an integral part of the Terms of Service of API2Cart. The GDPR Compliance and the Security are the integral parts of this Privacy Policy.
By using the Site and/or the Service, you irrevocably agree to this Privacy Policy. If you do not agree to this Privacy Policy, you may not use the Site or the Service.
Our Site is not intended for children and you must be an adult to use the Site.
Glossary of technical terms here.
Information That You Provide To Us
Information That We Collect From You on our Sites
How We Use Information That We Collect
Third-Party Service Integration
Information Security
Retention of Personal Data
How to Withdraw Your Consent
GDPR compliance
Enforcement
Changes
Privacy notice for Residents of California, Virginia, Colorado, Connecticut and Utah
How to Contact Us
1. Information That You Provide To Us
1.1.1 We ask for and collect personal information about you such as your name, phone number, email address, as well as certain related information like your company name and website name, when you voluntarily provide it while registering for an Account to access or utilize API2Cart API.
1.1.2 If you sign-up for a free trial Account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. A third-party intermediary (PayPro, PayPal) is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
1.2 Site Form Submissions:
1.2.1. We ask for and collect personal information (your name, telephone, email address) from you when you submit web forms on our Site or as you use interactive features of the Site, including voting for planned platforms, downloading white papers or other materials, scheduling a call or a demo, or otherwise communicating with us.
2. Information That We Collect From You on our Sites
2.2. We do not use cookies to collect any personally identifiable and sensitive information without your express consent.
2.3. We use cookies for the following purposes:
2.3.1. Authentication
These cookies are associated with your Account in order to remember that you are logged in.
2.3.2. Performance and Analytics
We use cookies to collect analytics information. They allow us to analyze Site traffic and visitor behaviour, which show us our Site and Service performance, so that we can improve our Site and Service.
For that, we may place tracking cookies from third parties, like Google Analytics, Hubspot and Inspectlet.
2.3.3. Marketing
We may use cookies to track our marketing campaigns performances.
We only use this information for statistical analysis purposes and improving visitor experience. This helps us analyze Site traffic, understand and improve visitor experience on our Site.
3. How We Use Information That We Collect
- Enable you to access and use our Service.
- Provide, operate, maintain and improve our Service.
- Process and complete transactions, and send you related information, like subscription confirmations and invoices.
- Send transactional messages, including responses to your inquiries and questions.
- Provide customer service and support.
- Send you technical notices, updates, security alerts.
3.2. Data collection forms include a consent confirmation checkbox. With your explicit consent, we may use contact information you provide for the following purposes:
- Send follow-up emails from the API2Cart team to see if we can help you further with shopping cart integration.
- Send special offers we think you'll find valuable.
- Contact you regarding functionality changes to our product.
- Send occasional product updates and promotions.
- Send regular monthly product updates.
3.4. API2Cart doesn't sell or rent your personal information to third parties.
4. Third-Party Service Integration
4.2. We don’t store any of the pass-through data from online stores and other API endpoints, but only transmit it via API requests.
4.3. API2Cart stores Service logs and Account activity of our users for 30 days.
5. Information Security
- We encrypt data in transit using 256-bit TLS encryption.
- We control our data collection, storage and processing practices to prevent unauthorized access to API2Cart systems.
- We create daily backups.
- API2Cart workers are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities. They are bound by confidentiality obligations and may be subject to disciplinary action, including termination and criminal prosecution, if they fail to meet these obligations.
- We do not share your personal details with outside third parties without your consent.
5.2.1. Depending on the location of the shopping platform the integrations can be carried out by API2Cart on Hetzner data centers in Germany and in Finland according to Hetzner Privacy Policy or on Amazon Web Services (AWS) servers located in the United States of America or in any other country in which AWS maintains facilities according to AWS Customer Agreement.
5.2.2. Due to para 6.1. of Hetzner Terms and Conditions, Hetzner's data processing is performed in accordance with GDPR.
5.2.3. Due to the European Economic Area section of the AWS Privacy Notice, when Amazon Web Services EMEA SARL is the provider of an AWS Offering, Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, is the data controller of personal information collected or processed through the AWS Offering. Amazon Web Services EMEA SARL is also the authorized representative of Amazon Web Services, Inc. in the EEA. Also Amazon Web Services, Inc. participates in the EU-US and Swiss-US Privacy Shield frameworks. Click here to learn more. 5.3. Network Security
5.3.1. API2Cart security team takes steps to protect your data against the most elaborate electronic attacks. The following measures are taken: 1) network firewalls; 2) DDoS preventions; 3) network posture assessment.
5.4. Application Security Layer
5.4.1. The following measures are taken: 1) Data in transit is protected by HTTPS secure protocol and 256-bit TLS encryption; 2) All requests are validated; 3) Role-based authorization is in place.
5.5. We take all reasonable measures to protect your data, but in case of data breach we will report about it within 72 hour from discovering about the data breach, in accordance with GDPR timeframes. If you suppose your personal information might be leaked, please contact us.
6. Retention of Personal Data
6.2. If your Account is not active for a period of 90 days (no API calls, webhooks and log ins are made), we send you an email notification with information about the deletion and instructions on how to keep the Account active if desired.
7. How to Withdraw Your Consent
7.2. You may withdraw your consent by submitting a contact us form or emailing to [email protected], and following the instructions in our communication to you.
7.3. Please note that your withdrawal of consent to process certain personal data about you may limit our ability to deliver Services to you.
8. GDPR compliance
8.2. We have taken a set of measures to get compliant with EU data protection requirements that are set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018. More information in the GDPR Compliance of API2Cart.
8.3. API2Cart guarantee that our customers and Site visitors can:
- Learn what type of information API2Cart collects and how it may use it.
- Request to correct, amend or delete their personal data.
- Inquire about their personal data collected by API2Cart.
- Withdraw the consent for personal data processing.
9. Enforcement
9.2. If you have questions or suggestions regarding Privacy Policy, please submit contact us form or email to [email protected].
9.3. As soon as any written complaint is received, API2Cart takes the responsibility to contact the complaining user with the necessary solutions.
9.4 We will cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of personal data that cannot be resolved between API2Cart and an individual.
10. Changes
10.2 If we decide to change our Privacy Policy, we will post those changes on this page and if the changes are significant we will notify you previously.
10.3 We will not reduce your rights under this Privacy Policy without your agreement.
10.4 By using our Site and Services, you acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of the possible modifications.
11. Privacy notice for Residents of California, Virginia, Colorado, Connecticut and Utah.
11.1. The sections 1-3 of this Privacy Policy describes the categories of personal information that API2Cart collects, the categories of sources from which the personal information is collected, and the purposes for collecting such personal information.
11.2. Consumer rights. Due to the US Privacy Laws consumers are provided with the following rights:
1) to know what their personal information is being collected by API2Cart; 2) to access their personal information collected by API2Cart; 3) to request correction of their inaccurate personal information collected by API2Cart; 4) to request the deletion of their personal information collected by API2Cart; 5) to know whether personal information about the consumer is sold or shared to third parties by API2Cart (if yes - what information and to whom); 6) consumers’ right of no retaliation following opt out or exercise of other rights; 7) to obtain a copy of the consumer's personal information that the consumer previously provided to API2Cart in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means; 8) to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer; 9) other rights prescribed by the US Privacy Laws.
11.3. Consumer requests. US consumers may apply to API2Cart with the following verifiable consumer requests:
1) to know and access what consumer’s personal information is being collected by API2Cart; 2) to correct inaccurate consumer’s personal information collected by API2Cart; 3) to delete a consumer’s personal information collected by API2Cart; 4) to receive a copy of consumer’s personal information, etc. as detailed below by contacting API2Cart via the following designated methods for submitting requests:
(1) by submitting contact us form or (2) by emailing to [email protected].
11.3.1. The consumer shall provide the following information in the verifiable consumer request: your name, surname; email; contact phone; company website (if applicable); select your industry (if applicable); type of the consumer request according to the consumer rights, prescribed by paras 11.2., 11.3. of this Privacy Policy, country and state of consumer’s residence in the message.
11.3.2. We are required by the US Privacy Laws to verify requests from consumers. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
11.3.3. General rules regarding verification of the consumer request are as follows:
- Whenever feasible, API2Cart will match the identifying information provided by the consumer to the personal information of the consumer already maintained by API2Cart.
- API2Cart shall avoid collecting the sensitive personal information, unless necessary for the purpose of verifying the consumer.
- API2Cart shall consider the following factors: (a) the type, sensitivity, and value of the personal information collected and maintained about the consumer; (b) the risk of harm to the consumer posed by any unauthorized access, correction, or deletion; (c) likelihood that fraudulent or malicious actors would seek the personal information.
- API2Cart shall generally avoid requesting additional information from the consumer for purposes of verification. If, however, API2Cart cannot verify the identity of the consumer from the information already maintained by API2Cart, then API2Cart may request additional information from the consumer, which shall only be used for the purposes of verifying the identity of the consumer seeking to exercise their rights under the US Privacy Laws, security, or fraud-prevention. API2Cart shall delete any new personal information collected for the purposes of verification as soon as practical after processing the consumer's request, except as required to comply with US Privacy Laws.
11.4. If you have made a consumer request to API2Cart relating your personal information and believe your request was denied by API2Cart, you can exercise your right to appeal the results of your request by contacting API2Cart: (1) by submitting contact us form or (2) by emailing to [email protected]. If your appeal is unsuccessful and depending upon the state where you live, you may have the right to contact your state Attorney General.
11.5. NO DISCRIMINATION.
We will not discriminate against any consumer for exercising their rights under the US Privacy Laws.
11.6. WE DO NOT SELL YOUR PERSONAL INFORMATION.
We do not sell personal information collected about consumers to third parties.
We do not share consumer’s personal information with outside third parties without the consumer's consent, unless instructed by the consumer for the purpose of providing the consumer the Services.
11.7. WE DO NOT COLLECT YOUR SENSITIVE PERSONAL INFORMATION.
We do not collect consumer’s sensitive personal information.
11.8. WE DO NOT PROCESS THE PERSONAL INFORMATION FOR PURPOSE OF AUTOMATED PROFILING.
We do not process the consumer’s personal information for the purpose of automated profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.