Last updated: 1 May 2026
Cartlly is built on the belief that your data is yours. We collect what we need to provide the Services and nothing more. We never sell personal information.
We use your information to provide and improve the Services, communicate with you about your account, comply with legal obligations, and protect against fraud and abuse.
We share data only with service providers who help us operate the Services (hosting, payment processing, email delivery), and only to the extent necessary. All providers are bound by confidentiality agreements. We may also disclose information if required by law.
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You can exercise these rights from your account settings or by reaching out via our Contact page. We respond to verified requests within 30 days.
We keep your data for as long as your account is active. After cancellation, account data is retained for 30 days in case of restoration, then permanently deleted (except where required by law).
We use industry-standard encryption in transit (TLS 1.3) and at rest (AES-256), enforce least-privilege access internally, and undergo regular third-party security audits. If you discover a vulnerability, please report it via our Contact page.
The Services are not directed to anyone under 18. We do not knowingly collect personal information from children.
We use first-party cookies for essential functionality (login, preferences) and third-party cookies for analytics. You can control cookies through your browser settings. Disabling essential cookies may affect functionality.
Questions about this policy? Get in touch via our Contact page.