Evercart

Legal

Privacy Policy

Effective date: 1 October 2026·Last updated: 1 October 2026·Version 1.0
The short version:Evercart collects information to provide and improve our platform. We don’t sell your personal data. Merchants control the data of their own customers. You have the right to access, correct, or delete your information at any time.

Section 1

Who we are

Evercart (“Evercart”, “we”, “us”, or “our”) operates the e-commerce platform available at www.evercart.io and app.evercart.io. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our services.

For the purposes of the General Data Protection Regulation (GDPR), the UK GDPR, and the South African Protection of Personal Information Act (POPIA), Evercart is the data controller (in POPIA terms, the “responsible party”) for merchant account data. For data that merchants collect from their customers through their Evercart stores, the merchant is the data controller / responsible party and Evercart acts as the data processor (the “operator”).

If you have any questions about this policy, please contact us at privacy@evercart.io.

Section 2

Information we collect

Information you provide to us

  • Account information: When you create an Evercart account, we collect your name, email address, and password. If you sign up via Google, we receive your name, email address, and profile photo from Google.
  • Store information: Store name, description, logo, contact email, and address that you provide when setting up your store.
  • Billing information:Payment details for your Evercart subscription. Card data is processed and stored by Stripe — Evercart never stores raw card numbers.
  • Communications: Any messages you send to our support team, feedback you submit, or responses to surveys.

Information collected automatically

  • Usage data: Pages visited, features used, time spent in the dashboard, and actions taken within the platform.
  • Device and browser data: Browser type, operating system, IP address, and device identifiers.
  • Log data: Server logs including request timestamps, error reports, and referring URLs.
  • Cookies and similar technologies: See Section 5 and our Cookie Policy for details.

Merchant customer data

When shoppers purchase from a merchant’s Evercart store, the merchant collects customer information (name, email, address, order history) through our platform. Evercart processes this data on behalf of the merchant. Merchants are responsible for their own privacy policies governing their customer relationships.

Section 3

How we use your information

We use the information we collect to:

  • Provide, operate, and improve the Evercart platform
  • Process your subscription payments and send billing communications
  • Send transactional emails including account confirmations, password resets, and billing receipts
  • Respond to your support requests and communicate with you about your account
  • Send product updates and platform announcements (you can opt out at any time)
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Comply with our legal obligations
  • Analyse usage patterns to improve the platform’s features and performance

We will never use your data to train AI models, sell to third parties for advertising, or share with data brokers.

Section 4

How we share your information

We do not sell your personal data. We share information only in the following limited circumstances:

Service providers

We work with trusted third-party companies to operate our platform. These providers are contractually required to protect your data and may only use it to provide services to Evercart:

  • Stripe— payment processing and subscription billing
  • Cloudflare— CDN, DDoS protection, and custom domain routing
  • Railway— cloud infrastructure and database hosting
  • Resend— transactional email delivery
  • Vercel— frontend hosting and edge functions

Legal requirements

We may disclose your information if required to do so by law or in response to valid legal process, including to meet national security or law enforcement requirements.

Business transfers

If Evercart is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

With your consent

We may share your information for any other purpose with your explicit consent.

Section 5

Cookies & tracking

We use cookies and similar technologies to operate the platform, remember your preferences, and understand how people use Evercart. A full inventory of the cookies we set, and the controls you have over them, is documented in our Cookie Policy.

Essential cookies

Required for the platform to function. These cannot be disabled. They include your authentication session, security tokens, and shopping cart state.

Analytics cookies

Help us understand how merchants use the dashboard. We use this to improve the product. These are only set after you accept cookies via our consent banner.

Marketing cookies

Used on our marketing website (evercart.io) to measure the effectiveness of our advertising campaigns. Only active after consent.

You can control non-essential cookies at any time via the cookie settings link in the footer of evercart.io, or through your browser settings.

Section 6

Data retention

We retain your personal data for as long as your account is active or as needed to provide services. If you close your account:

  • Your store data (products, orders, customers) is retained for 30 days and then permanently deleted
  • Your billing records are retained for 7 years to comply with financial regulations
  • Anonymised, aggregated analytics data may be retained indefinitely
  • You may request immediate deletion at any time — see Section 7

Section 7

Your rights

Depending on where you live, you may have the following rights regarding your personal data. We honour these rights for all users regardless of location.

  • Access: Request a copy of the personal data we hold about you
  • Correction: Ask us to correct inaccurate or incomplete data
  • Deletion: Request that we delete your personal data (right to erasure)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for direct marketing
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Withdrawal of consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at privacy@evercart.io or use the data export and deletion tools available in your account settings. We will respond within 30 days.

Regional rights: If you are based in the EU or UK, you have the right to lodge a complaint with your local data protection authority. If you are based in South Africa, you may lodge a complaint with the Information Regulator. If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to opt out of the sale or sharing of your personal information (we do not sell or share for cross-context behavioural advertising).

Section 8

International transfers

Evercart is a global platform. Your data may be processed in countries other than where you live. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
  • UK International Data Transfer Agreements for transfers from the UK
  • Conditions for cross-border transfers under POPIA Section 72
  • Data Processing Agreements with all third-party service providers

EU and UK customer data is hosted on EU-region servers and is not transferred outside the EEA without appropriate safeguards.

Section 9

Children's privacy

Evercart is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@evercart.io and we will delete it promptly.

Section 10

Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

  • All data encrypted in transit via TLS 1.3
  • Passwords hashed using bcrypt with a minimum of 12 salt rounds — never stored in plain text
  • Authentication tokens stored in httpOnly cookies, not localStorage
  • Daily automated database backups with 30-day retention
  • Card data handled entirely by Stripe — Evercart is never in scope for raw card numbers
  • Rate limiting on all authentication endpoints

No system is completely secure. If you discover a security vulnerability, please report it responsibly to security@evercart.io.

Section 11

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and by displaying a prominent notice in your dashboard at least 14 days before the changes take effect.

Your continued use of Evercart after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to the revised policy, you may close your account before the changes take effect.

Section 12

Contact us

If you have questions about this Privacy Policy or how we handle your data, please get in touch.

Evercart Privacy Team

Email: privacy@evercart.io
Website: www.evercart.io

We aim to respond to all enquiries within 5 business days.