GenCart AI

Privacy

Privacy policy

v0 draft — pending counsel review. Last updated 2026-05-12.

1. Who we are

GenCart AI ("GenCart", "we", "us") builds AI purchase assistants for online stores. For privacy questions, write to privacy@gencart.ai.

2. What this policy covers

This policy describes how we handle personal data in two places:

  • This website (gencart.ai) — when you join the waitlist or browse.
  • The GenCart chat widget — when a merchant has installed GenCart on their store and you interact with the assistant.

When the widget is installed on a merchant's store, the merchant is the data controller of the shopper's data; GenCart acts as a data processor under their instructions.

3. What we collect

On this website

  • Email address (only when you submit the waitlist form).
  • Standard request metadata (IP, user agent, timestamp) recorded transiently by our hosting provider for security and abuse prevention. No tracking pixels, no third-party analytics, no advertising cookies.

Through the chat widget

  • Messages you send to the assistant and the assistant's responses.
  • A randomly-generated session identifier stored in your browser's localStorage.
  • Your approximate IP-derived geography (used for rate-limiting and abuse prevention).
  • Cart and order context the merchant's store passes to us when you interact.

We do not knowingly collect data from anyone under the age of 16, nor do we collect special-category personal data (health, biometrics, religion, etc.).

4. How we use it

  • To reply to your messages and recommend products on behalf of the merchant.
  • To send you the one-time email you asked for when you joined the waitlist.
  • To keep the service reliable — rate-limit abuse, detect prompt injection, debug bugs.
  • To improve the product (in aggregate, never to train third-party models on your data).

We do not sell your data, share it with advertisers, or use it for cross-site retargeting.

5. Subprocessors

We rely on a small set of vendors to operate the service:

  • Anthropic (United States) — generates assistant responses.
  • OpenAI (United States) — generates text embeddings and transcribes voice messages.
  • Supabase (Singapore, EU regions available) — stores agent configuration, chat history, and account data.
  • Vercel (United States) — hosts our website and API endpoints.
  • Resend (United States) — sends transactional emails (waitlist confirmation, account invitations).
  • Google Fonts (United States) — serves the typefaces used on this website. Loading a Google-hosted font transmits your IP address to Google. No cookies are set.

We disclose changes to this list with at least 30 days notice. Anthropic and OpenAI do not train their public models on data submitted through our API.

6. International transfers

Some of our subprocessors operate in the United States. Where transfers leave the EEA, UK, or Switzerland, they're governed by the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.

7. How long we keep it

  • Waitlist emails — kept until you ask us to delete them or until we close the waitlist.
  • Chat messages — retained for up to 90 days by default; merchants can shorten this in their workspace settings.
  • Account data — retained while your workspace is active and for up to 30 days after deletion (then permanently erased).
  • Security logs — kept for up to 12 months for abuse investigation.

8. Your rights

Under the GDPR (and similar laws), you can:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to erasure").
  • Export your data in a portable format.
  • Object to or restrict processing.
  • Withdraw consent at any time (where consent is the legal basis).

To exercise any of these, email privacy@gencart.ai. We aim to respond within 30 days. If we collected your data through a merchant's widget, we'll route the request to that merchant when appropriate.

You also have the right to complain to your local data protection authority. Within the EU, you can find yours at edpb.europa.eu.

9. Cookies and similar technologies

This website does not set cookies for analytics or advertising. The chat widget uses localStorage to store a random session identifier so your conversation persists across page loads. You can clear it at any time from your browser settings.

10. Changes to this policy

We may update this policy as the product evolves. Material changes will be announced on this page with the "Last updated" date refreshed. Substantive changes affecting merchants will be communicated by email.

11. Contact

Questions, requests, or complaints: privacy@gencart.ai.