Privacy Policy

1. Introduction

This Privacy Policy explains how DevCart Studio ("DevCart", "we", "our", "us") collects, uses, and protects information when you visit devcart.io, contact us for development work, or use our Shopify apps — including ShipCast. If you do not agree with this policy, please do not use our website or services.

2. Data we collect

2.1 Information you give us directly

When you contact us, request a quote, or fill out an audit request, we collect:

• Your name and work email
• Your Shopify store URL, if you choose to share it
• The project details and goals you describe
• Any files or documents you share with us

2.2 Information from active engagements

For active client projects, we also process:

• Billing details — company name, billing address, payment-processor IDs
• Shopify store access tokens you grant us during a build
• Code, designs, and content you share with us under contract

2.3 App user data

When you install one of our Shopify apps, we receive:

• Your store domain, primary email, and country
• Carrier and shipping-zone configuration
• Shipping-rate requests via the Shopify Carrier Service API
• The rules, conditions, and thresholds you configure

We do not collect or store individual shopper personal data through our apps.

2.4 Website usage data

When you browse devcart.io, we may automatically collect:

• IP address and approximate location
• Browser type and device information
• Pages viewed, time on page, referring URL
• Cookie identifiers (see Section 11)

3. How we use your data

We use the information we collect to:

• Respond to your inquiries and provide quotes
• Deliver the services you have engaged us for
• Operate, maintain, and improve our Shopify apps
• Process payments and meet our contractual obligations
• Comply with legal, accounting, and tax requirements
• Detect, prevent, and address technical issues or fraud

We do not sell your data. We do not use your data to train AI models. We do not share it with advertisers.

4. Legal basis for processing (EU and UK visitors)

If you are in the EEA or UK, we process your data on these legal bases:

• Contract — to deliver services you have engaged us for
• Legitimate interest — to respond to inquiries and improve our products
• Consent — for non-essential cookies and direct marketing
• Legal obligation — tax, accounting, and regulatory compliance

5. How we share data

We share data only with parties that help us run our business, and only as needed:

• Payment processors (such as Stripe) to handle billing
• Email and CRM tools to manage replies and project communication
• Cloud infrastructure providers (such as Cloudflare and AWS) for hosting
• Professional advisors (accountants, lawyers) under confidentiality
• Shopify, as required by the Shopify Partner Program and app review

Each processor is bound by data-processing terms that limit what they can do with your information.

6. Marketing communications

We do not run a newsletter. We do not buy or sell email lists. If we email you, it is because you contacted us first, you are an active client, or you opted in to a specific announcement (such as the ShipCast launch waitlist). You can opt out of any marketing email at any time using the unsubscribe link, or by emailing support@devcart.io.

7. Data retention

We retain personal data only as long as we need it:

• Contact form submissions — 24 months from submission
• Closed project files — 5 years after the engagement ends, for tax and dispute purposes
• App usage data — deleted within 30 days of app uninstall
• Waitlist sign-ups — until you unsubscribe

8. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct data that is inaccurate or incomplete
• Delete your data ("right to be forgotten")
• Port your data to another service
• Object to certain types of processing
• Withdraw consent for processing that is based on consent

To exercise any of these rights, email support@devcart.io. We respond within 30 days.

California residents have additional rights under the CCPA, including the right to know what categories of personal information we collect and the right to opt out of any sale of personal information. We do not sell personal information.

9. Data security

We protect your data with industry-standard measures:

• Encryption in transit (TLS) and at rest where appropriate
• Access controls based on the principle of least privilege
• Regular security reviews of our infrastructure
• Vendor security assessments before integration

No system is perfectly secure. If we ever experience a breach affecting your data, we will notify you and the appropriate authorities as required by law.

10. International transfers

DevCart is based in Delaware, United States. Some of our service providers — including Cloudflare, Stripe, and Shopify — operate globally. When your data is transferred outside your country, we rely on standard contractual clauses or other lawful transfer mechanisms.

11. Cookies and tracking

devcart.io uses a small set of cookies:

• Essential cookies — required for the site to work; cannot be disabled
• Analytics cookies — anonymous usage data; can be disabled in your browser

We do not use third-party advertising cookies. We do not run retargeting pixels.

12. Children

Our services are not directed at children under 16, and we do not knowingly collect personal data from them. If you believe we have collected data from a child, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Material changes will be announced at devcart.io or by direct email to active clients.

14. Contact

Questions or requests about your data?

DevCart Studio
124 Broadkill Rd #599
Milton, DE 19968
United States
support@devcart.io