PRIVACY NOTICE

Company: Digital Stratagems Limited

UK Company number: 14268586

Address: 153-155 London Road, Hemel Hempstead, Hertfordshire, HP3 9SQ

Contact (legal): legal@heycart.ai

1.1. We may collect and process the following categories of personal data:

• (a) Account data: name, email address, organisation, login details.
• (b) Billing data: payment details, invoicing information.
• (c) Usage data: IP addresses, device information, logs, activity within the Service.
• (d) Support data: information provided when you contact us for support.
• (e) Marketing data: subscription preferences, engagement with our communications (if you opt in).

2.1. We use your personal data for the following purposes:

• (a) To provide and operate the heycart Service.
• (b) To manage billing, payments, and accounts.
• (c) To communicate with you about updates, maintenance, and support.
• (d) To improve, monitor, and secure the Service.
• (e) To comply with legal obligations.
• (f) To send marketing communications if you have consented (you can opt out at any time).

3.1. We process personal data under the following lawful bases:

• (a) Contract: where processing is necessary to provide the Service you signed up for.
• (b) Legitimate interests: for service improvement, security, and business operations.
• (c) Consent: where required for marketing communications or cookies.
• (d) Legal obligation: where we must comply with laws or regulations.

4.1. We may share personal data with:

• (a) Our trusted service providers (e.g. hosting, payment processing, email delivery).
• (b) Professional advisers (e.g. legal, accounting).
• (c) Regulators or law enforcement where legally required.

4.2. We do not sell personal data.

5.1. Some of our service providers are located outside the United Kingdom and the European Economic Area, including in the United States.

5.2. Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place to protect it, such as:

• (a) the UK International Data Transfer Agreement (IDTA);
• (b) the UK Addendum to the EU Standard Contractual Clauses (SCCs); or
• (c) other mechanisms approved under applicable data protection law.

5.3. These safeguards ensure that your personal data remains protected to a standard equivalent to that required under UK data protection law.

6.1. We keep your personal data only as long as necessary:

• (a) Account and billing data: while your account is active and for up to 6 years after closure (for tax/legal purposes).
• (b) Usage and support data: up to 12 months.
• (c) Backups: up to 30 days.

7.1. You have rights under data protection law, including to:

• (a) Access your personal data.
• (b) Correct inaccuracies.
• (c) Request deletion ("right to be forgotten").
• (d) Restrict or object to processing.
• (e) Data portability (receive your data in a structured, machine-readable format).
• (f) Withdraw consent (where consent is the lawful basis).

7.2. To exercise your rights, contact us at hello@heycart.ai

7.3. You may also complain to the UK Information Commissioner's Office (ICO) or your local regulator.

8.1. We implement appropriate technical and organisational measures to protect personal data, including:

• (a) Encryption in transit and at rest.
• (b) Access controls and authentication.
• (c) Regular backups and monitoring.

9.1. We may update this Privacy Notice from time to time. If we make material changes, we will notify you by email or through the Service.