Legal
Review the official privacy policy for CallFusionAI.
Privacy Policy — CartEngage
Effective Date: 22 April 2026 Last Updated: 22 April 2026
1. Introduction
Welcome to CartEngage ("us", "we", or "our"), a Shopify application operated by Vidushi Infotech ("Company"). This Privacy Policy governs our collection, use, storage, and disclosure of personal data in connection with the CartEngage Shopify application and associated services (the "Service"), which helps merchants recover abandoned shopping carts using AI voice calls, SMS messages, and (optionally) email follow-ups.
By installing, connecting, or otherwise using the Service, the Merchant (Shopify store owner) agrees to the terms of this Privacy Policy and the accompanying Data Processing Addendum.
Company: Vidushi Infotech Registered Address: Cerebrum IT Park, Unit No-3A, Building B3, 2nd Floor, Kalyani Nagar, Pune, Maharashtra 411014, India Data Protection Contact: support@vidushiinfotech.com Privacy Contact URL: https://cartengage.vidushiinfotech.ai/privacy Data Protection Officer (DPO): Not applicable under applicable law
2. Roles Under Data Protection Law
- Merchant = Data Controller — the Shopify store owner determines the purposes and means of processing their customers' personal data.
- CartEngage (Vidushi Infotech) = Data Processor — we process personal data solely on behalf of, and on documented instructions from, the Merchant.
- Sub-processors listed in Section 7 act under our authority per the Data Processing Addendum.
This Privacy Policy is incorporated by reference into the CartEngage Data Processing Addendum (DPA) that the Merchant enters into at the moment of app installation.
3. Protected Customer Data — Shopify Declaration
Per Shopify's Protected Customer Data requirements, CartEngage accesses the following Level 2 protected customer data to provide its recovery service:
| Data Field | Why We Need It | Retention |
|---|---|---|
| Customer name (first + last) | Personalize voice calls / SMS ("Hi Alice") | Until store uninstall + 48h |
| Customer email | Recovery messages, customer identification | Until store uninstall + 48h |
| Customer phone | AI voice call delivery, SMS messages | Until store uninstall + 48h |
| Shipping/billing address (city, state, country) | Timezone-aware calling, region context | Until store uninstall + 48h |
| Purchase history & cart contents | Personalized recovery offers, discount eligibility | Until store uninstall + 48h |
We do not access customer payment details, government ID numbers, or health information.
4. Categories of Information We Collect
A. Customer Data (End Users — the merchant's customers)
- Contact information — name, phone, email
- Shopping cart details — items in cart, cart value, applied discounts, checkout URLs
- Customer history — past purchases, order count, total spent, opt-in/opt-out status
- Address data — city, state, country, postal code (from billing/shipping addresses)
B. Merchant Data (Shopify store owner)
- Account information — store domain, contact email, merchant login, plan
- Shop configuration — product catalogs, pricing, active discount codes, currency, timezone, language, region
- Authentication tokens — Shopify OAuth access tokens (encrypted at rest with AES-128 Fernet encryption; decryption key stored as environment variable)
C. Call Telephony Data (AI voice recovery)
- Call metadata — call duration, timestamps, from/to numbers, call status (answered / declined / voicemail), cost
- Recordings — stereo call recordings (AI + customer audio) stored temporarily for quality assurance and compliance
- Transcripts — AI-generated transcription of recovery conversations
- Sentiment analysis — cart-recovery-context-aware sentiment classification (positive / neutral / negative)
- Outcomes — recovered / discount sent / link sent / callback scheduled / not interested / do-not-call requested
D. System & Operational Data
- System logs — actions taken in the dashboard, webhook events, error logs (PII masked where applicable)
- Billing data — subscription tier, usage metrics (call minutes, SMS sent, emails sent), invoices
5. How We Use the Information
- Service provision — enable AI agents to call/message customers with abandoned carts
- Campaign management — filter recovery campaigns by cart value, customer history, opt-in status, and DNC (Do Not Call) preferences
- Analytics — provide merchants with recovery rates, revenue recovered, sentiment breakdowns, campaign performance
- Shopify compliance — adhere to Shopify Partner Program data-handling requirements, including GDPR mandatory webhooks (
customers/data_request,customers/redact,shop/redact) - Service improvement — analyze aggregated, non-identifiable usage patterns to improve recovery success rates
- Billing — calculate subscription usage, enforce plan limits, issue invoices
- Security monitoring — detect abuse, fraud, unauthorized access
6. AI Models & Biometric Data
- Voice audio is processed by the AI voice platform listed in Section 7 for the sole purposes of immediate conversation, transcription, and sentiment analysis
- We do NOT perform biometric identification or create biometric templates from customer voice
- We do NOT train general-purpose AI / ML models using Merchant or End User data without explicit, documented Merchant consent
- Call transcripts are retained only for the Merchant's analytics and quality assurance, subject to the retention periods above
- LLM provider (currently OpenAI via Vapi) processes call turn-by-turn text for generating AI responses; no persistent memory of the customer beyond the single call
7. Sub-processors
We engage the following sub-processors to deliver the Service. All sub-processors are under written Data Processing Agreements with us.
| # | Sub-processor | Purpose | Data Shared | Region |
|---|---|---|---|---|
| 1 | Shopify, Inc. | Platform integration, cart/order webhooks, OAuth | Shop configuration, customer data via webhooks, cart/order data | US / Canada / global per Shopify |
| 2 | Vapi AI, Inc. | AI voice call execution, call recording, transcription | Customer phone, call context (cart items, value), conversation audio + transcripts | US |
| 3 | Twilio, Inc. | Phone number provisioning, SMS delivery | Customer phone, message content, call routing metadata | US / global |
| 4 | OpenAI, L.L.C. (via Vapi) | LLM for generating AI conversation responses | Per-turn conversation text (system prompt + customer turn) | US |
| 5 | Deepgram, Inc. (via Vapi) | Real-time speech-to-text transcription | Customer voice audio during call | US |
| 6 | ElevenLabs (optional, via Vapi) | Natural-voice text-to-speech synthesis for AI agent | AI agent script text | US |
| 7 | PostgreSQL hosting provider (Vidushi Infotech private server) | Primary data storage | All app data (encrypted at rest; sensitive credentials Fernet-encrypted) | India (Pune, Maharashtra) |
| 8 | CanSpace Solutions (SMTP: hades.canspace.ca) | Outgoing emails — OTP, recovery emails, admin notifications | Customer email, email body content | Canada |
| 9 | WhatsApp (via Twilio WhatsApp API) | WhatsApp message delivery — Phase 2, not yet active | Customer phone, message content | Not currently enabled — this table will be updated when WhatsApp is activated |
We share only the minimum data necessary for each sub-processor to perform its function. Any change to our sub-processor list will be notified to the Merchant via email or in-dashboard notice at least 30 days before taking effect, giving the Merchant the opportunity to object or terminate.
8. Data Retention and Deletion
During Active Use
We retain personal data only as long as necessary to provide the Service.
Specific Retention Periods
| Data Category | Retention |
|---|---|
| Abandoned cart data + customer contact | Until cart is recovered, customer opts out, or 90 days after last activity (whichever is earliest) |
| Call recordings | 30 days then permanently deleted |
| Call transcripts | Retained until 12 months after call end, then permanently deleted |
| System logs | 90 days |
| Webhook audit logs | 30 days |
| Billing records | 7 years (tax/audit compliance) |
| DNC (Do Not Call) list entries | Permanent (as required by law / merchant-configured opt-out respect) |
On App Uninstall (shop/redact webhook)
When the Merchant uninstalls CartEngage from Shopify:
- We receive the
app/uninstalledShopify webhook - The Merchant's store is immediately marked
is_connected = falseand access tokens are nulled - All scheduled calls are cancelled
- All End User personal data (email, phone, name, address) is anonymized or deleted within 48 hours per Shopify's mandatory data deletion timeline
- Call transcripts and recordings are deleted on the same 48-hour timeline
GDPR Webhook Endpoints
The following endpoints are registered with Shopify and respond within 5 seconds:
- POST `/api/v1/shopify/gdpr/customers/data_request` — acknowledges the request and prepares a data export package for the merchant
- POST `/api/v1/shopify/gdpr/customers/redact` — anonymizes the specified customer's personal data (matches by email or phone)
- POST `/api/v1/shopify/gdpr/shop/redact` — deletes all shop-level data
All three endpoints verify X-Shopify-Hmac-SHA256 signatures before processing.
9. Data Security
- Transport encryption — all data in transit uses HTTPS/TLS 1.2+
- At-rest encryption — sensitive credentials (Shopify access tokens, API keys, webhook secrets, Twilio SID + auth tokens) are encrypted at rest using AES-128 Fernet with a key held in environment variables (not stored in the database)
- Authentication — merchants sign in via bcrypt-hashed passwords; access JWT tokens expire after 30 minutes; refresh tokens after 7 days
- Webhook authenticity — all Shopify webhook payloads are verified via HMAC-SHA256 signature
- Tenant isolation — all database queries are scoped by
store_id+merchant_id; merchants cannot access each other's data - Secrets management — all sensitive config (API keys, DB password, encryption key) are loaded from environment variables, never hardcoded
- Rate limiting — 429 retry with exponential backoff on Shopify API calls to protect both our platform and Shopify's
- Audit logs — merchant and admin actions are recorded in a tamper-evident system log
10. Your Rights (GDPR, UK GDPR, California CCPA, and similar laws)
If you or your customers are residents of the EU, UK, California, or any other jurisdiction with comparable rights:
| Right | How to Exercise |
|---|---|
| Access | Request a copy of personal data we hold about you |
| Rectification | Request corrections to inaccurate data |
| Erasure ("right to be forgotten") | Request deletion of personal data (subject to legal retention) |
| Restriction of processing | Request we limit how we use your data |
| Portability | Request data in machine-readable JSON/CSV format |
| Objection | Object to our processing based on legitimate interests |
| Withdraw consent | Withdraw previously given consent at any time |
| Do Not Call (DNC) | Be added to the merchant's Do Not Call list to stop all future calls |
California CCPA / CPRA — Additional Rights for California Residents
- Right to know what personal data we collect, the sources, purposes, and categories of third parties with whom we share it (covered in this policy)
- Right to delete personal data (subject to exceptions — see retention above)
- Right to correct inaccurate personal data
- Right to opt-out of "sale" or "sharing" — CartEngage does not sell personal information and does not share personal information for cross-context behavioral advertising
- Right to limit use of Sensitive Personal Information — CartEngage does not collect sensitive personal information (no health data, precise geolocation, financial info, genetic/biometric data, racial/ethnic origin, religious beliefs, or union membership)
- Right to non-discrimination — exercising any right does not result in reduced service quality or pricing
Do Not Sell My Personal Information: CartEngage does not sell personal data. No action required.
How to exercise rights
Merchants should forward End User requests to: support@vidushiinfotech.com. We will action verified requests within the timeframes required by applicable law (typically 30 days for GDPR; 45 days for CCPA).
11. Call Recording Disclosure — Two-Party Consent Jurisdictions
CartEngage records AI voice calls for quality assurance and compliance. In jurisdictions that require all-party consent (e.g., California, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, Washington — two-party consent states in the US; most EU countries; and others):
- The AI agent begins each call with an opening greeting that identifies the store and purpose
- Merchants are responsible for ensuring their AI agent's system prompt includes the appropriate recording disclosure where required by local law (example wording: "This call may be recorded for quality purposes.")
- Merchants must configure the DNC list and opt-out mechanisms to honor immediate opt-out requests
12. International Data Transfers
Personal data processed by CartEngage may be transferred to or stored in servers located outside the End User's country of residence. Where applicable, we rely on Standard Contractual Clauses (SCCs) with our sub-processors, or other safeguards approved by relevant data protection authorities, to ensure adequate protection.
13. Cookies and Tracking
The CartEngage Shopify app embedded dashboard does not use third-party tracking cookies. Authentication is handled via Shopify's session token mechanism (App Bridge) and our own JWT tokens stored in localStorage. No behavioral advertising cookies are used.
14. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact support@vidushiinfotech.com and we will delete the record.
15. Data Breach Notification
In the event of a personal data breach likely to result in risk to affected individuals, we will:
- Notify the affected Merchant(s) without undue delay and in any event within 72 hours of becoming aware of the breach
- Provide details of the nature of the breach, affected categories of data, approximate number of records, likely consequences, and measures taken/proposed to address it
- Cooperate with Merchants in notifying supervisory authorities (e.g., data protection authorities) and End Users where required by law
16. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated:
- By updating the Last Updated date at the top
- By posting a notice in the CartEngage dashboard
- By email to the Merchant's registered contact address for material changes that affect data handling
Continued use of the Service after a material update constitutes acceptance.
17. Contact Us
Company: Vidushi Infotech Product: CartEngage Registered address: Cerebrum IT Park, Unit No-3A, Building B3, 2nd Floor, Kalyani Nagar, Pune, Maharashtra 411014, India General contact: support@vidushiinfotech.com Privacy / data protection inquiries: support@vidushiinfotech.com Dashboard: https://cartengage.vidushiinfotech.ai GDPR webhook endpoints: registered with Shopify Partner Dashboard Governing law: India (see CartEngage Terms & Conditions, Section 13)
CartEngage Privacy Policy — v2.0 — 22 April 2026