Privacy Policy

Effective Date: March 30, 2025 | Last Updated: March 30, 2025

Pingcart ("we", "our", "us") is a Shopify application that enables merchants to send automated WhatsApp messages to their customers. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our application. By installing or using Pingcart, you agree to this Privacy Policy.

Pingcart acts as a data processor on behalf of merchants, who are the data controllers of customer data.

Merchants are responsible for ensuring their own compliance with applicable privacy laws.

1. Scope

This Privacy Policy applies to:

2. Information We Collect

2.1 Merchant Information

2.2 Customer Data (Processed on Behalf of Merchants)

2.3 WhatsApp / Messaging Data

2.4 Technical Data

3. How We Use Information

We use collected data strictly for the following purposes:

3.1 Legal Basis

We process personal data based on legitimate interest, contractual necessity, and user consent where applicable. Pingcart does not have a direct relationship with end customers and processes data only on behalf of merchants.

We do not use customer data for advertising, profiling, or any purpose beyond what is described above.

4. WhatsApp Data Usage & Compliance

Pingcart processes WhatsApp data solely to deliver messaging services on behalf of merchants. We comply with the WhatsApp Business API Terms of Service and Meta's Platform Policies.

Pingcart does not access or read the content of personal WhatsApp messages beyond what is necessary to deliver and track messages via the WhatsApp Business API.

Important: Merchants are solely responsible for obtaining valid opt-in consent from their customers before Pingcart sends any WhatsApp messages. Pingcart will not send messages to customers who have not consented through the merchant's configured opt-in flow. Merchants must comply with all applicable WhatsApp Business Policy requirements regarding customer consent.

5. User Consent and Communication

Pingcart does not independently collect consent from customers. Customer communication preferences are managed by the merchant and/or Shopify.

6. Data Sharing

We do not sell, trade, or rent personal data. We only share data in the following limited circumstances:

RecipientPurpose
Meta (WhatsApp)To deliver messages via the WhatsApp Business API
ShopifyShopify acts as an independent data controller for data collected through their platform, governed by Shopify's own Privacy Policy
Cloud Infrastructure ProvidersTrusted providers (e.g., AWS, Google Cloud) for secure hosting and storage
Legal AuthoritiesWhen required by law, court order, or valid legal process

7. Data Retention

We retain data only as long as necessary for the purposes described in this policy:

Upon uninstallation of Pingcart, merchant data will be permanently deleted within 30 days. Merchants may request deletion of their data at any time by contacting us at sales@pingcart.in or through the in-app disconnect request option. We will process all verified deletion requests in accordance with applicable laws.

End customers should contact the respective merchant directly for any data deletion requests, as Pingcart acts only as a data processor on behalf of merchants.

8. Data Security

We implement industry-standard security practices to protect data against unauthorised access, disclosure, or loss:

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected parties and, where required by law (e.g., GDPR Article 33), the relevant supervisory authority within 72 hours of becoming aware of the breach.

9. Cookies and Tracking Technologies

Pingcart uses cookies and similar tracking technologies on our admin dashboard and website. These include:

You may manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Pingcart dashboard.

10. Your Rights

Depending on your location, you may have rights under applicable privacy laws, including GDPR (EU/UK) and CCPA (California). These may include the right to:

To exercise any of these rights, contact us at: sales@pingcart.in. We will respond to all verified requests.

11. Data Processing Agreement (DPA)

As a data processor under GDPR, Pingcart is prepared to enter into a formal Data Processing Agreement with merchants who require one for their GDPR compliance obligations.

Merchants who require a DPA may request one by contacting: sales@pingcart.in

12. International Data Transfers

Your data may be processed in countries outside your home jurisdiction. Where data is transferred internationally, we take reasonable steps to ensure appropriate safeguards are in place, including:

13. Children's Privacy

Pingcart is not directed to or intended for use by individuals under the age of 16 (or 13 where applicable under local law, such as COPPA in the United States). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

14. Third-Party Services

Pingcart integrates with the following third-party services, each of which is governed by its own privacy policy:

We are not responsible for the privacy practices of these third parties and encourage you to review their respective policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. When we make material changes, we will notify you via:

The "Last Updated" date at the top of this policy will always reflect the most recent revision. Continued use of Pingcart after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or how we handle your data, please contact us:

Pingcart

Email: sales@pingcart.in

For DPA requests, data deletion, or rights inquiries, please use the subject line:
"Privacy Request – [Your Store Name]"