Privacy Policy
Last updated: 16 March 2026
This Privacy Policy explains how Nuestra Development Pty Ltd (ABN 63 129 439 738), trading as WK Digital ("Company", "we", "us", or "our"), collects, uses, and protects your information when you use the CartAgent service at www.cartagent.store, including our WordPress plugin, APIs, and related services (the "Service").
1. Information We Collect
1.1 Information You Provide
- Account information: Email address provided during Stripe checkout.
- Store credentials: WooCommerce REST API consumer key and secret, store URL, and store name — provided during plugin activation.
- License key: Generated by us and associated with your subscription.
1.2 Information Accessed via WooCommerce API
When you connect CartAgent to your store, our service accesses the following via your WooCommerce REST API:
- Product data (names, descriptions, prices, images, stock levels, categories);
- Coupon data (codes, discount types, validity);
- Order data (only when cart/checkout features are used);
- Store settings (currency, shipping zones) for accurate responses.
We do not access customer personal data (names, addresses, payment details) from your WooCommerce store unless a customer actively initiates a checkout through the CartAgent chat widget, in which case order data is created through WooCommerce's standard API.
1.3 Information from Store Visitors
When a visitor uses the CartAgent chat widget on your store:
- Chat messages: The text of conversations with the AI assistant;
- Session identifiers: Anonymous session IDs (no personally identifiable information);
- Cart data: Items added to cart during the chat session.
We do not use cookies for tracking. Session identifiers are ephemeral and expire after the chat session ends.
1.4 Information from AI Agents
When third-party AI agents connect via MCP or A2A protocols (Enterprise plan):
- Agent identifiers and request metadata;
- Product queries and cart operations;
- No personal data is collected from agents unless explicitly provided in API calls.
2. How We Use Your Information
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account management, billing, support | Contract performance |
| Store credentials | Connecting to your WooCommerce API | Contract performance |
| Product data | Powering AI search and recommendations | Contract performance |
| Chat messages | Generating AI responses in real-time | Contract performance |
| Session counts | Usage metering for billing tiers | Contract performance |
| Agent requests | Serving MCP/A2A API calls | Contract performance |
3. Third-Party Services
We use the following third-party services to operate CartAgent:
- Stripe: Payment processing. Stripe collects and processes payment information directly. See Stripe's Privacy Policy.
- Anthropic (Claude): AI model provider. Chat messages are sent to Anthropic's API for response generation. See Anthropic's Privacy Policy.
- OpenAI (GPT): Alternative AI model provider. See OpenAI's Privacy Policy.
- OpenRouter: AI model routing service. See OpenRouter's Privacy Policy.
- DigitalOcean: Cloud infrastructure hosting. See DigitalOcean's Privacy Policy.
We do not sell your data to any third party.
4. Data Storage & Security
- Location: Our servers are hosted on DigitalOcean in the Sydney, Australia region.
- Encryption: All data in transit is encrypted via TLS 1.3. Store credentials are stored in encrypted Redis instances.
- Isolation: Each store's data is logically isolated using unique store identifiers. No data is shared between tenants.
- Retention: Store data is retained for the duration of your subscription plus 30 days. Chat messages are not stored permanently — they exist only for the duration of the session.
- License keys: Retained for up to 90 days after subscription expiry to allow reactivation.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Store credentials & config | Duration of subscription + 30 days |
| License keys | 90 days after subscription ends |
| Chat messages | Session duration only (not persisted) |
| Session counts (metering) | Rolling monthly, reset each billing cycle |
| Cart session data | 24 hours after last activity |
| Billing records | As required by law (typically 7 years) |
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the data we hold about you;
- Correction: Request correction of inaccurate data;
- Deletion: Request deletion of your data (subject to legal retention requirements);
- Portability: Request your data in a machine-readable format;
- Objection: Object to certain processing of your data.
To exercise any of these rights, contact us at hello@cartagent.store. We will respond within 30 days.
7. Australian Privacy Act
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you believe we have breached the APPs, you may lodge a complaint with us at hello@cartagent.store. If unsatisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC).
8. International Data Transfers
While our primary servers are in Australia, some data is transferred to third-party AI providers (Anthropic, OpenAI) whose servers may be located in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place with all third-party providers.
9. Children's Privacy
CartAgent is a business-to-business service. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact Us
For privacy-related questions or requests:
Nuestra Development Pty Ltd (ABN 63 129 439 738) trading as WK Digital
Email: hello@cartagent.store