1. Information That You Provide To Us
1.1 Account and Registration Information: 1.1.1 We ask for and collect personal information about you such as your name, phone number, email address, as well as certain related information like your company name and website name, when you voluntarily provide it while registering for an account to access or utilize API2Cart API. 1.1.2 If you sign-up for a free trial Account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. A third-party intermediary (PayPro, PayPal) is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf. 1.2 Site Form Submissions: 1.2.1. We ask for and collect personal information (your name, telephone, email address) from you when you submit web forms on our Site or as you use interactive features of the Site, including voting for planned platforms, downloading white papers or other materials, scheduling a call or a demo, or otherwise communicating with us.
2. Information That We Collect From You on our Sites
3. How We Use Information That We Collect
3.1. We may use the information we collect about you (including personal information) for a variety of purposes, including:
Enable you to access and use our Service.
Provide, operate, maintain and improve our Service.
Process and complete transactions, and send you related information, like subscription confirmations and invoices.
Send transactional messages, including responses to your inquiries and questions.
Provide customer service and support.
Send you technical notices, updates, security alerts.
3.2. Data collection forms include a consent confirmation checkbox. With your explicit consent, we may use contact information you provide for the following purposes:
Send follow-up emails from the API2Cart team to see if we can help you further with shopping cart integration.
Send special offers we think you'll find valuable.
Contact you regarding functionality changes to our product.
Send occasional product updates and promotions.
Send regular monthly product updates.
3.3. You can choose to “opt out” of these communications anytime. To opt out of any email communications from us, please click the ‘unsubscribe’ link at the foot of the email in question. 3.4. API2Cart doesn't sell or rent your personal information to third parties.
4. Third-Party Service Integration
4.1. API2Cart unified data interface allows you to get and manage information from stores that are based on different shopping platforms. To do this and protect API2Cart users from unauthorized access to information we get and transfer, we need to store credentials for third-party services (shopping carts and marketplaces). We store credentials in our database. They are only used to access data you tell us to. 4.2. We don’t store any of the pass-through data from online stores and other API endpoints, but only transmit it via API requests. 4.3. API2Cart stores Service logs and Account activity of our users for 30 days.
5. Information Security
5.1. We protect API2Cart users from unauthorized access to information we collect. In particular:
We encrypt data in transit using 256-bit TLS encryption.
We control our data collection, storage and processing practices to prevent unauthorized access to API2Cart systems.
We create daily backups.
API2Cart workers are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities. They are bound by confidentiality obligations and may be subject to disciplinary action, including termination and criminal prosecution, if they fail to meet these obligations.
We do not share your personal details with outside third parties without your consent.
5.2. Servers Location 5.2.1. Depending on the location of the shopping platform the integrations can be carried out by API2Cart on Hetzner servers located in Germany according to Hetzner Terms and Conditions or on Amazon Web Services (AWS) servers located in the United States of America or in any other country in which AWS maintains facilities according to AWS Customer Agreement. 5.2.2. Due to para 5.1. of Hetzner Terms and Conditions, Hetzner's data protection policies are in accordance with the GDPR (European Union's General Data Protection Regulation). 5.2.3. Due to the European Economic Area section of the AWS Privacy Notice, when Amazon Web Services EMEA SARL is the provider of an AWS Offering, Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, is the data controller of personal information collected or processed through the AWS Offering. Amazon Web Services EMEA SARL is also the authorized representative of Amazon Web Services, Inc. in the EEA. Also Amazon Web Services, Inc. participates in the EU-US and Swiss-US Privacy Shield frameworks. Click here to learn more.5.3. Network Security 5.3.1. API2Cart security team takes steps to protect your data against the most elaborate electronic attacks. The following measures are taken:
1) network firewalls;
2) DDoS preventions (we use the latest hardware appliances and sophisticated security technologies, which ensure top level protection against large-scale DDoS attacks);
3) network posture assessment
5.4. Application Security Layer 5.4.1. The following measures are taken: 1) Data in transit is protected by HTTPS secure protocol and 256-bit TLS encryption; 2) All requests are validated; 3) Role-based authorization is in place. 5.5. We take all reasonable measures to protect your data, but in case of data breach we will report about it within 72 hour from discovering about the data breach, in accordance with GDPR timeframes. If you suppose your personal information might be leaked, please contact us.
6. Retention of Personal Data
6.1. We retain personal data that you provide us as long as we consider it potentially useful in contacting you about the Service. If you wish to inquire about your personal data that may have been collected by API2Cart, contact us. 6.2. If your account is not active for a period of 90 days (no API calls, webhooks and log ins are made), we send you an email notification with information about the deletion and instructions on how to keep the Account active if desired.
7. How to Withdraw Your Consent
7.1. At any time, you may withdraw consent you have provided to API2Cart for using, disclosing, or otherwise processing your personal data. 7.2. You may withdraw your consent by submitting a contact us form or emailing to [email protected], and following the instructions in our communication to you. 7.3. Please note that your withdrawal of consent to process certain personal data about you may limit our ability to deliver Services to you.
8. GDPR compliance
8.1. API2Cart is strongly committed to privacy, security, compliance and transparency. 8.2. We have taken a set of measures to get compliant with EU data protection requirements that are set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018. More information in the GDPR Compliance of API2Cart. 8.3. API2Cart guarantee that our customers and Site visitors can:
Learn what type of information API2Cart collects and how it may use it.
Request to correct, amend or delete their personal data.
Inquire about their personal data collected by API2Cart.
Withdraw the consent for personal data processing.
11. Additional Terms for California Consumers.
Whenever feasible, API2Cart will match the identifying information provided by the consumer to the personal information of the consumer already maintained by API2Cart.
API2Cart shall avoid collecting the sensitive personal information, unless necessary for the purpose of verifying the consumer.
API2Cart shall consider the following factors: (a) the type, sensitivity, and value of the personal information collected and maintained about the consumer; (b) the risk of harm to the consumer posed by any unauthorized access or deletion; (c) likelihood that fraudulent or malicious actors would seek the personal information.
API2Cart shall generally avoid requesting additional information from the consumer for purposes of verification. If, however, API2Cart cannot verify the identity of the consumer from the information already maintained by API2Cart, then API2Cart may request additional information from the consumer, which shall only be used for the purposes of verifying the identity of the consumer seeking to exercise their rights under the CCPA, security, or fraud-prevention. API2Cart shall delete any new personal information collected for the purposes of verification as soon as practical after processing the consumer's request, except as required to comply with CCPA.
11.1.5.The general description of the process API2Cart may use to verify the consumer request is the following:
Verification for Password-Protected Accounts. More information here.
Verification for Non-Accountholders. More information here.
11.1.6. No Discrimination. We will not discriminate against any consumer for exercising their rights under the CCPA. 11.1.7. CCPA Information Request Rights 22.214.171.124. You have the right to request the provision of the following information about our collection and use of your personal information. 126.96.36.199. If upon receipt of a verifiable consumer request has been confirmed through our review of the information you provide in your request, we will disclose to you:
The categories of personal information we have collected about you.
The categories of sources from which the personal information is collected.
The business or commercial purpose for collecting that personal information.
The categories of third parties with whom we share or have shared that personal information (if any).
The specific pieces of personal information we collected about you.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.