SHAARTLegal
Legal

Privacy Policy

How SHAART USA LLC collects, uses, and protects your personal information.

Last updated:

1. Who we are

SHAART USA LLC (“SHAART”, “we”, “our”, “us”) operates the SHAART platform at shaartusa.com and related services (the “Service”).

Privacy questions: privacy@shaartusa.com

Data Protection Officer (or designated privacy lead): Anthony Huntdpo@shaartusa.com

2. Scope and our role

This policy applies when you use our Service. Two important distinctions:

  • Data we control: account information you provide when you sign up directly, billing information, support communications. For this data, SHAART is the “data controller”.
  • Data our Customers control: when businesses (“Customers”) use the Service to manage their own end-users (leads, contacts, bookings), they are the data controller and we are the “data processor” acting on their instructions. Contact the Customer directly for those records.

3. Information we collect

3.1 Information you provide

  • Account: name, email, phone, hashed password, avatar, time zone.
  • Business: company name, address, tax IDs, billing information (processed by Stripe; we receive only metadata such as last 4 digits, brand, expiry).
  • Content: settings, files, configurations, messages you send through the Service.
  • Communications: emails, chat logs, support tickets.

3.2 Information collected automatically

  • Device: browser, operating system, screen size, language.
  • Network: IP address, approximate geolocation derived from IP.
  • Usage: pages viewed, features used, timestamps, performance metrics.
  • Cookies and similar technologies (see Cookie Policy).

3.3 Information from third parties

  • OAuth providers (Google, Meta, Apple) when you sign in via them.
  • Payment processors (Stripe) for transaction events.
  • Analytics and advertising providers (de-identified or aggregated).
  • Integration data from services you connect (e.g., your WhatsApp Business account).

4. Legal bases (GDPR/UK-GDPR)

  • Contract: to provide the Service you signed up for.
  • Consent: marketing emails, optional analytics, non-essential cookies.
  • Legal obligation: tax records, fraud prevention, regulator requests.
  • Legitimate interest: security, fraud detection, product improvement, support.

5. How we use information

  • Provide, maintain, and improve the Service.
  • Authenticate users and prevent unauthorized access.
  • Process payments and manage subscriptions.
  • Send transactional emails (account events, billing, security alerts).
  • Send marketing communications with your consent (you may opt out at any time).
  • Detect, prevent, and address fraud, abuse, security incidents.
  • Comply with legal obligations and respond to lawful requests.
  • Aggregate de-identified analytics to understand usage trends.

6. Sharing of information

We share personal information with:

  • Service providers (sub-processors): hosting, database, payments, email, analytics, error tracking, AI providers. Each has a data processing agreement with us. See our Sub-processors list.
  • Legal requests: when required by law, subpoena, court order, or to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, with notice to you.
  • Customers (data controllers): their data subjects' data is shared with them and processed under their instructions.

We do not sell personal information.

7. International transfers

We may transfer personal information outside your country (including to the United States) for processing. When we do, we rely on appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs) for transfers from the EU/UK/Switzerland.
  • EU-US Data Privacy Framework where applicable.
  • Sub-processor agreements requiring equivalent protections.

8. Data retention

  • Account data: while your account is active and 30 days after deletion request (or longer if required by law).
  • Audit and security logs: up to 7 years (compliance).
  • Backups: rolling 35-day retention.
  • Analytics: 12 months for identifiable data; aggregated indefinitely.
  • Marketing data: until you opt out.

9. Your privacy rights

9.1 EU/UK/Switzerland (GDPR/UK-GDPR)

  • Right of access — obtain a copy of your data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — “right to be forgotten”.
  • Right to restriction — pause processing.
  • Right to data portability — receive data in a machine-readable format.
  • Right to object — to direct marketing or processing based on legitimate interest.
  • Right to withdraw consent — at any time without affecting prior processing.
  • Right to lodge a complaint with a supervisory authority.

Exercise at: Data Subject Access Request or email privacy@shaartusa.com.

9.2 California (CCPA/CPRA)

  • Right to know what categories of personal information we collect.
  • Right to delete (see data deletion).
  • Right to correct inaccurate information.
  • Right to opt out of sale/sharing (we do not sell — see Do Not Sell).
  • Right to non-discrimination for exercising rights.

9.3 Brazil (LGPD)

Rights equivalent to GDPR. Contact our Encarregado at dpo@shaartusa.com.

9.4 Other regions

If you are located in a region with privacy laws not specifically listed (e.g., Canada, Australia, Mexico, Argentina, Colombia, Chile, Peru, Dominican Republic, Puerto Rico), you may exercise equivalent rights by contacting privacy@shaartusa.com.

10. Cookies and similar technologies

See our dedicated Cookie Policy for details and to manage your preferences.

11. Security

We apply industry-standard protections:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Access controls (role-based access, row-level security, audit logs).
  • Regular security audits and penetration tests.
  • Documented incident response procedures.
  • Vendor due diligence and sub-processor agreements.

No system is 100% secure. If a breach affects you, we will notify you in accordance with applicable law (e.g., within 72 hours under GDPR).

12. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have, contact us at privacy@shaartusa.com and we will delete it promptly.

13. Automated decision-making

We may use automated systems (including AI) for content moderation, fraud detection, and personalization. These do not produce legal effects without human review. If you object to a specific automated decision, contact privacy@shaartusa.com.

14. Changes to this policy

We may update this policy. We will notify you of material changes via email and/or in-app banner at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

15. Contact

SHAART USA LLC
1234 Address Pending, City, FL 00000, USA