Privacy Policy

Effective Date: February 24, 2026
Document Version: 2.0.1 (High-Protection Protocol)

At CloudCart, we recognize that our customers’ privacy is the cornerstone of a secure global e-commerce environment. This comprehensive Privacy Policy serves as a legally binding framework that governs the collection, storage, processing, and protection of personal data acquired through our platform. Our operations are strictly aligned with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the electronic commerce regulations of Bolivia and the United States.

1. LEGAL BASIS FOR DATA PROCESSING

CloudCart operates under a transparent legal framework for data processing:

Contractual Execution: Data processing is essential to fulfill the purchase agreement and coordinate international delivery.

Legitimate Business Interests: To ensure network security, monitor for fraudulent activity, and optimize the user experience.

Payment Clearance & Security: A mandatory 1 to 5 business day verification period is implemented to guarantee the legitimacy of funds and protect the financial interests of both the customer and CloudCart.

Compliance with Global Law: Adherence to tax, anti-money laundering, and trade regulations.

2. DETAILED INFORMATION COLLECTION

We collect three primary categories of information to provide an unparalleled service:

Personally Identifiable Information (PII): Including full legal name, precise shipping coordinates, billing address, primary email, and telephone number. This is the minimum requirement for cross-border logistics.

Technological & Interaction Data: We automatically capture IP addresses, device hardware identifiers, operating system specifications, and behavioral clickstream data through high-level encrypted cookies and web beacons. This prevents "bot" interference and ensures site stability.

Financial Transactional Data: CloudCart utilizes Tier 1 PCI-DSS compliant gateways. We do not store or process full credit card numbers on our internal servers. All financial data is handled by encrypted third-party processors. During the 1-5 business day clearance phase, we monitor transaction status to ensure successful settlement before product dispatch.

3. THIRD-PARTY DISCLOSURE AND THE DROPSHIPPING MODEL

As a global intermediary, CloudCart shares essential data with vetted third-party partners:

Strategic Fulfillment (Zendrop): For the purpose of order fulfillment, we transmit delivery data to our primary partner, Zendrop, and their associated network of international fulfillment centers. This allows for direct-from-manufacturer shipping, ensuring competitive pricing and global availability.

Infrastructure & Analytics: Data is shared with Shopify Inc. (Platform Host) and Google Analytics (Optimization) to maintain the store's operational integrity.

Legal & Regulatory Authorities: We reserve the right to disclose data to prevent fraud, protect our legal rights, or comply with judicial proceedings or subpoenas.

4. INTERNATIONAL DATA TRANSFERS & SOVEREIGNTY

CloudCart is governed and managed from Santa Cruz de la Sierra, Bolivia. However, our technological and logistics architecture is geographically decentralized. By engaging with our services, you explicitly consent to the transfer of your data across international borders, including to the United States, Europe, and Asia. We implement administrative, technical, and physical safeguards to ensure data remains protected regardless of where it is processed.

5. YOUR GLOBAL PRIVACY RIGHTS

CloudCart grants all users, regardless of jurisdiction, the following rights:

Right to Information: To know how your data is used and shared.

Right to Access & Portability: To request a digital copy of the data we hold.

Right to Rectification: To correct inaccurate or outdated information.

Right to Erasure: To request the permanent deletion of personal records, subject to legal and financial retention requirements (Tax audits/Transaction history).
To exercise these rights, please contact our Legal Compliance Officer at cloudcart.rm@gmail.com.

6. DATA SECURITY AND RETENTION

We utilize 256-bit SSL/TLS encryption for all data transmissions. Personal information is retained only for the duration necessary to satisfy the purposes outlined in this policy, unless a longer retention period is required by Bolivian commercial law or international trade standards.

7. GOVERNING LAW AND JURISDICTION

This Privacy Policy shall be governed by and construed in accordance with the laws of Santa Cruz de la Sierra, Bolivia. Any disputes shall be resolved within the competent courts of the same jurisdiction.