Privacy Policy

Last updated: April 15, 2026

      CartGhost is a WhatsApp-based abandoned cart recovery service for Shopify merchants. We take data privacy seriously and handle all data — including WhatsApp Platform Data obtained through Meta — strictly in accordance with this policy and Meta's Platform Terms.
    

1. Who We Are

CartGhost is operated by Helicon Solutions LLC ("we," "us," or "our"). We provide an automated cart recovery service that sends WhatsApp messages to customers who have abandoned their shopping carts, on behalf of Shopify store owners ("merchants").

For questions about this policy, contact us at: [email protected]

2. Data We Collect

Merchant data (collected when a merchant installs CartGhost):

Shopify store domain and access credentials
WhatsApp Business Account credentials (Phone Number ID, access token)
Configuration preferences (recovery timing, discount settings)

Customer data (collected from Shopify when a cart is abandoned):

Phone number (only if provided during checkout)
First name (for personalised messages)
Cart contents and total value
Checkout URL

WhatsApp conversation data (Platform Data obtained through Meta):

Incoming message content from customers (replies to cart recovery messages)
Message delivery and read status
WhatsApp Business Account metadata

3. How We Use Data

We use the data we collect solely to provide the CartGhost service:

Detecting abandoned carts via Shopify webhooks
Sending WhatsApp recovery messages to customers on behalf of the merchant, using the merchant's own WhatsApp Business number
Processing customer replies using AI to continue the recovery conversation
Displaying recovery statistics in the merchant's dashboard

      Meta Platform Data restriction: Data obtained through Meta's WhatsApp Business Platform (including message content, delivery status, and WhatsApp Business Account information) is used exclusively to deliver the cart recovery service. This data is never used for advertising, profiling, sold to third parties, or shared with any party other than the merchant whose account it originates from.
    

4. How We Share Data

We do not sell, rent, or trade personal data. Data is shared only in the following limited circumstances:

Meta / WhatsApp: Messages are sent and received via the WhatsApp Business API, operated by Meta. Message content is transmitted to Meta's infrastructure in order to deliver and receive messages.
Anthropic: Customer reply messages are processed by Claude (Anthropic's AI) to generate contextually appropriate responses. Message content is transmitted to Anthropic's API for this purpose only and is not retained by Anthropic for training.
The merchant: Merchants can view conversation history and recovery statistics for their own store's customers in their CartGhost dashboard.
Legal requirements: We may disclose data if required by law or to protect the rights and safety of CartGhost, our merchants, or others.

5. Data Retention

Abandoned cart records are retained for 90 days after the cart was created, then deleted.
Conversation messages are retained for 90 days, then deleted.
Merchant account data is retained for as long as the app is installed. When a merchant uninstalls CartGhost, their data is deleted within 30 days.
WhatsApp access tokens are stored encrypted and rotated when refreshed or when the merchant disconnects.

6. Customer Rights (End Users)

Customers who receive WhatsApp messages from CartGhost on behalf of a merchant have the following rights:

Opt out: Customers can reply "STOP" at any time to stop receiving messages. CartGhost will honour all opt-out requests immediately.
Access and deletion: Customers may contact the merchant directly, or contact us at [email protected], to request access to or deletion of their data.

Customers in the European Economic Area (EEA) have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.

7. Merchant Rights

Merchants can:

Disconnect their WhatsApp Business Account at any time from the CartGhost dashboard, which immediately stops all outgoing messages
Request deletion of all their data by contacting [email protected]
Export their recovery statistics from the dashboard

8. Security

We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction. These include:

Encryption of WhatsApp access tokens at rest
HTTPS for all data in transit
Access controls limiting who within our organisation can access customer data
Regular review of third-party service providers for compliance

9. Cookies and Tracking

The CartGhost app dashboard does not use advertising cookies or third-party tracking. The CartGhost landing page (cartghost.com) may use basic analytics to measure visit counts. No personal data is collected on the landing page.

10. Children's Privacy

CartGhost is a business-to-business service. We do not knowingly collect data from individuals under the age of 16. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where changes are material, notify merchants via email or in-app notice.

12. Contact

For any privacy-related questions, data requests, or concerns:

Email: [email protected]
Website: cartghost.com