Legal

Privacy Policy.

Last updated: June 2, 2026 · What we collect, why, and your rights.

This Privacy Policy explains how Nxcart Technologies Pvt. Ltd. (“Nxcart”, “we”) handles personal information when you use our platform (the “Service”). It applies to merchants who sign up for an account and to the shoppers who visit our merchants' storefronts.

1. Who we are

Nxcart Technologies Pvt. Ltd. operates the Service from Bengaluru, India. For questions about this policy or your data, write to privacy@nxcart.io.

2. Information we collect

From merchants

  • Account data — name, email, phone, business name, GSTIN, billing address.
  • Payment data — collected via Razorpay; we store only the last 4 digits and brand. Full card numbers never reach our servers.
  • Store data — product info, orders, customer records you bring into the Service.
  • Usage data — pages viewed, features used, device/browser info.

From shoppers (on merchant storefronts)

  • Contact — name, email, phone, shipping/billing address you provide at checkout.
  • Order info — items, totals, payment status (the same applies as above — no raw card data).
  • Analytics — anonymised session info to help the merchant understand traffic and conversion.

The merchant is the “controller” of shopper data; Nxcart is the “processor” operating on their behalf. The merchant's own privacy policy applies first.

3. How we use it

  • Provide and operate the Service — render the storefront, process orders, send transactional emails.
  • Improve the platform — performance, reliability, new features.
  • Power AI features — copy generation, pricing, inventory forecasting (see § 5).
  • Communicate — product updates, billing notices, security alerts.
  • Comply with the law — GST, anti-fraud, lawful requests.

4. Cookies

We use essential cookies to keep you logged in, hold your cart, and protect against CSRF. We use analytics cookies (server-side, first-party) to understand product usage. We don't use third-party advertising cookies. Merchants may add their own analytics through their theme; that's governed by the merchant's policy.

5. AI features & your data

When you use AI features, your prompts and the relevant context (e.g. product info you're describing) are sent to our AI providers strictly to generate the output you requested. We do not allow your data to be used to train third-party foundation models. Outputs are stored alongside your store data and are yours.

6. Sharing

We share information with:

  • Payment processors (Razorpay) to charge cards / receive payouts.
  • Shipping providers (Delhivery) to print labels and track parcels.
  • Email providers (ZeptoMail / SMTP relays) to deliver transactional email.
  • Cloud hosting (AWS) for compute and storage.
  • Authorities when required by law, with valid process.

We do not sell personal information.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database backups are encrypted. Internal access is least-privilege and logged. Critical secrets (gateway keys, etc.) are encrypted at the application layer with environment-specific keys. We run quarterly access reviews and have an incident-response process.

8. Your rights

Subject to applicable law, you may:

  • Access, correct, or delete your personal data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent (where processing is based on consent).

Email privacy@nxcart.io with your request — we respond within 30 days.

9. Data retention

We retain account data while your subscription is active and for 30 days after cancellation, during which you can export. After that, data is deleted in accordance with our retention schedule, except where we must keep records for legal or accounting purposes (e.g. invoices, GST records, retained for 7 years).

10. International transfers

Our infrastructure runs primarily in India. Some sub-processors operate elsewhere; transfers use standard contractual clauses or equivalent safeguards.

11. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from children. If you believe a child has provided information, contact us and we'll delete it.

12. Changes

We may update this policy. Material changes will be communicated by email or in-app notice at least 14 days in advance.

13. Contact

Privacy questions: privacy@nxcart.io. Postal address available on request.