Cartpo

Legal

Privacy Policy

Last updated: 15 April 2026

1. Introduction

This Privacy Policy explains how Cartpo, a product of the iHolda platform (“we,” “us,” or “our”), collects, uses, shares, and protects information when you use the Cartpo mobile application, the Cartpo marketing website at cartpo.com, and any related services (collectively, the “Services”).

Cartpo is a merchant-facing mobile point-of-sale and commerce management application that enables registered merchants to process sales, manage products, track orders, create discount and loyalty programs, collaborate with creators on the iHolda social platform, and coordinate delivery workflows.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

2. Definitions

  • Personal Data means any information that identifies, or could reasonably be used to identify, a natural person.
  • Merchant means a business owner, manager, or authorised employee who registers for and uses Cartpo.
  • End-Customer means an individual who purchases goods or services from a Merchant. Cartpo does not maintain direct accounts for End-Customers; however, certain transaction data entered by Merchants may include End-Customer details.
  • Creator means a user of the iHolda platform who collaborates with a Merchant to promote or sell products.
  • Processing means any operation performed on Personal Data, including collection, storage, use, transfer, and deletion.

3. Data We Collect

3.1 Account and Identity Data

When you register for Cartpo, we collect your phone number, email address (if provided), and a one-time verification code (OTP) to confirm your identity. You also set a PIN or password for ongoing authentication.

3.2 Business and Shop Data

To set up and operate your shop within Cartpo, we collect your business name, business type, description, phone number, physical address (including geolocation coordinates for map display), opening hours, cover image, featured images, currency preference, delivery options, and accepted payment methods.

3.3 Product and Catalog Data

We store product names, descriptions, prices, categories, images, and referral commission settings that you enter into your catalog.

3.4 Transaction and Order Data

When you process a sale through the Cartpo POS — whether by cash or direct payment — we record the transaction amount, payment method, discount applied (if any), change due, timestamps, and associated order details such as items purchased, quantities, and order status (new, pending, shipped, completed, cancelled).

3.5 Discount and Loyalty Program Data

We store the discount rules you create, including percentage, customer type conditions (new or returning), order-count thresholds, application frequency, and validity duration.

3.6 Creator Collaboration Data

When a Creator requests to link to your business, we store the collaboration status (pending, approved, rejected), Creator profile identifier, and any referral commission parameters you set.

3.7 Delivery and Shipping Data

If you use delivery features, we collect order shipping status, tracking numbers, selected drop-off locations, and interactions with drop-off agents.

3.8 Device and Technical Data

We automatically collect device identifiers, operating system and version, app version, IP address, push notification tokens, and general usage logs (screen views, feature interactions). This data helps us maintain and improve the Services.

3.9 Location Data

With your permission, we may access your device location to auto-populate your shop address and to power location-based features such as nearby restaurant discovery. You can revoke location permission at any time through your device settings.

3.10 Communications

If you contact us through in-app support, email, or the contact form on our website, we retain the content of those communications along with your contact details for the purpose of responding to and resolving your enquiry.

3.11 Camera and Photos

When you upload shop images, product photos, or scan QR codes, we request access to your device camera and photo library. Images you upload are stored as part of your shop or product data.

4. How We Use Your Data

We use the information we collect to:

  • Provide, operate, and maintain the Services, including processing transactions, managing your shop, and fulfilling orders.
  • Authenticate your identity and secure your account.
  • Display sales summaries, performance analytics, and transaction history within the app.
  • Facilitate Creator collaborations, including sharing relevant business information with approved Creators on the iHolda platform.
  • Enable discovery features such as nearby shop listings and product visibility on the iHolda social platform.
  • Send push notifications for new orders, collaboration requests, and service updates.
  • Prevent fraud, detect abuse, and enforce our Terms of Service.
  • Improve and develop the Services through aggregated analytics and usage patterns.
  • Comply with applicable laws, regulations, and legal processes.
  • Respond to your support enquiries and communications.

5. Legal Basis for Processing

Depending on your location and applicable law, we rely on the following legal bases:

  • Contractual necessity: Processing required to provide the Services you signed up for (account management, transactions, order fulfillment).
  • Legitimate interests: Improving our products, preventing fraud, and ensuring service security, where those interests are not overridden by your rights.
  • Legal obligation: Where we must process data to comply with tax, financial reporting, or regulatory requirements.
  • Consent: For optional features such as location access and marketing communications. You may withdraw consent at any time.

6. Sharing and Disclosure

We may share your information in the following circumstances:

  • iHolda Platform: If you connect your shop to the iHolda social network, your business name, product catalog, and visibility settings are shared with the iHolda platform to enable social discovery and Creator collaboration. This sharing is governed by your in-app settings.
  • Creators: When you approve a Creator collaboration, the Creator can see your business name, products, and the commission structure you define. Creators do not receive access to your financial records or transaction history.
  • Service providers: We use third-party providers for cloud hosting, push notifications, analytics, and image storage. These providers process data on our behalf under contractual obligations to protect your information.
  • Payment providers: If you use direct payment features, your selected payment account information is shared with the relevant payment processor to complete the transaction. Cartpo does not store full bank or card credentials.
  • Professional advisors: We may share data with legal, financial, and accounting advisors as necessary.
  • Legal and regulatory requests: We may disclose data where required by law, court order, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such transfer.

We do not sell your Personal Data to third parties.

7. International Data Transfers

Your data may be processed in countries other than the one in which you reside, including countries where our cloud infrastructure providers maintain servers. When we transfer data across borders, we implement appropriate safeguards, such as standard contractual clauses or reliance on adequacy decisions, to protect your information in accordance with applicable data protection laws.

8. Data Retention

We retain your information as follows:

  • Account data: For as long as your Cartpo account remains active, plus a reasonable period afterward to allow reactivation and to comply with legal obligations.
  • Transaction records: For a minimum of seven (7) years from the date of the transaction, or longer where required by tax or financial regulations in your jurisdiction.
  • Technical logs: Generally retained for up to twelve (12) months for security and debugging purposes, then deleted or anonymised.
  • Support communications: Retained for two (2) years after the enquiry is resolved, unless a longer period is required for legal purposes.

When data is no longer needed, we delete or anonymise it. In some cases, aggregated, non-identifiable data may be retained indefinitely for analytical purposes.

9. Security

We implement technical and organisational measures to protect your data, including encrypted data transmission (TLS/HTTPS), secure authentication mechanisms (OTP and PIN/password), access controls limiting internal access to authorised personnel, and regular reviews of our security practices. While we strive to protect your information, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

  • Access: Request a copy of the Personal Data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal retention requirements.
  • Restriction: Request that we limit certain processing of your data.
  • Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Complaint: Lodge a complaint with a data protection supervisory authority in your jurisdiction.

To exercise any of these rights, contact us at support@iholda.com. We will respond within the timeframe required by applicable law (typically within 30 days).

11. Cookies and Similar Technologies

The Cartpo marketing website at cartpo.com may use essential cookies to maintain site functionality. We do not use advertising or tracking cookies on this website. The Cartpo mobile application does not use browser cookies but may use analytics SDKs to collect anonymised usage data as described in Section 3.8.

12. Age Restrictions

Cartpo is designed for use by business owners, managers, and employees who are at least eighteen (18) years of age. We do not knowingly collect Personal Data from individuals under 18. If we become aware that we have collected data from a minor, we will promptly delete that information.

13. Third-Party Links and Services

The Services may contain links to third-party websites and services, including app stores, social platforms, and payment providers. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you access.

14. Automated Decision-Making

Cartpo does not currently use automated decision-making or profiling that produces legal or similarly significant effects on Merchants. If we introduce such features in the future, we will update this policy and provide appropriate notice and opt-out mechanisms.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Cartpo app, by email, or by posting a prominent notice on our website. The “Last updated” date at the top of this page indicates when the most recent revision took effect. Your continued use of the Services after a change constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your Personal Data, please contact us:

This Privacy Policy should be read alongside our Terms of Service, which govern your use of the Cartpo platform.