Privacy Policy

Introduction

At Avetti Commerce, protecting your privacy is a priority. We are committed to handling your personal data responsibly and transparently, complying with global data protection regulations including the GDPR, CCPA, and other applicable privacy laws.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, use our services, or interact with us. By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

Who We Are

Information We Collect

We collect information you provide directly to us and data collected automatically through your use of our website and services.

Personal Information You Provide

• Contact Information: Name, email address, phone number, company name, job title, and mailing address
• Account Information: Username, password, and account preferences
• Business Information: Company details, industry information, and business requirements
• Payment Information: Billing address, payment card details (processed securely through third-party payment processors)
• Communications: Information you provide when you contact us, subscribe to newsletters, or participate in surveys
• Professional Details: Information submitted through career applications or inquiries

Information Collected Automatically

• Usage Data: IP address, device information, browser type and version, operating system, pages visited, time and date of visits, time spent on pages, unique device identifiers, and other diagnostic data
• Location Data: General geographic location based on IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies
• Analytics Data: Website performance metrics and user interaction patterns collected via Google Analytics, Google Tag Manager, Microsoft Clarity, and OpenReplay

Sensitive Personal Information

We may collect sensitive personal information only with your explicit consent where required by law, including:

• Government-issued identification numbers (when legally required)
• Financial account information
• Precise geolocation data (only with your permission)

Cookies and Tracking Technologies

We use cookies and similar technologies to provide essential website functions, improve your experience, analyze site performance, and deliver personalized content.

Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and cannot be disabled
• Performance Cookies: Help us understand how visitors use our website through analytics
• Functional Cookies: Enable enhanced functionality and personalization
• Targeting/Advertising Cookies: Used to deliver relevant advertisements

You can manage your cookie preferences through our CookieYes consent management platform. You may also set your browser to refuse cookies, but some features may not function properly. For more information, please refer to our Cookie Policy.

How We Use Your Data

We use your personal information for the following purposes:

Service Delivery and Operations

• Operate and maintain our website, products, and services
• Process transactions and fulfill orders
• Provide customer support and respond to inquiries
• Manage user accounts and authentication
• Send service-related communications and updates

Business Improvement

• Personalize your user experience
• Analyze website usage and performance
• Conduct research and development
• Improve our products, services, and content
• Develop new features and offerings

Marketing and Communications

• Send promotional materials and newsletters (with your consent where required)
• Conduct marketing campaigns and measure their effectiveness
• Provide information about products and services that may interest you
• You can opt out of marketing communications at any time

Legal and Security

• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and safety, and those of our users
• Prevent fraud, abuse, and security incidents
• Enforce our terms and conditions
• Resolve disputes and troubleshoot problems

We do not sell your personal data to third parties.

Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities (e.g., marketing communications)
• Contract Performance: When processing is necessary to fulfill a contract with you or take pre-contractual steps
• Legal Obligation: When we must process your data to comply with legal requirements
• Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention, security), balanced against your rights and interests

Data Sharing and Third Parties

We share your personal information only when necessary and with appropriate safeguards:

Service Providers

We work with trusted third-party service providers who assist us with:

• Website hosting and infrastructure (e.g., cloud services)
• Payment processing (e.g., Stripe, PayPal)
• Email services and communications
• Analytics and data analysis
• Customer relationship management
• Marketing and advertising platforms
• Security and fraud prevention

All service providers are contractually bound to protect your data and use it only for specified purposes.

Business Partners

We may share information with business partners for joint marketing activities or co-branded services, with your consent where required.

Analytics and Advertising Partners

We use analytics services (Google Analytics, Microsoft Clarity, OpenReplay) and advertising partners to understand user behavior and improve our services. These partners may collect information through their own cookies and tracking technologies.

Legal Requirements

We may disclose your information when required by law, legal process, or government request, or when necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our agreements

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity.

Your Privacy Rights

You have specific rights regarding your personal data. The rights available to you depend on your location:

Rights Under GDPR (EEA, UK, Switzerland)

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

Rights Under CCPA and US State Privacy Laws (California, Virginia, Colorado, etc.)

• Right to Know: Know what personal information we collect, use, and share
• Right to Access: Request a copy of your personal information
• Right to Delete: Request deletion of your personal information
• Right to Correct: Correct inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information, and targeted advertising
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights
• Right to Limit Use of Sensitive Data: Restrict the use of sensitive personal information
• Right to Appeal: Appeal our decision regarding your rights request

Universal Opt-Out Mechanisms

We honor browser-based universal opt-out signals, such as Global Privacy Control (GPC), where required by law.

Exercising Your Rights

To exercise any of these rights, please contact us using the details below. We will respond to your request within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.

Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• Encryption: Data encryption in transit (TLS/SSL) and at rest
• Access Controls: Restricted access to personal data on a need-to-know basis
• Secure Data Centers: Use of reputable cloud service providers with robust security standards
• Regular Security Assessments: Periodic security audits and vulnerability assessments
• Employee Training: Regular training on data protection and security practices
• Incident Response: Procedures for detecting, reporting, and responding to security incidents

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Retention periods vary based on:

• Account Data: Retained while your account is active and for a reasonable period thereafter
• Transaction Records: Retained as required by law (typically 7 years for financial records)
• Marketing Data: Retained until you opt out or as required by applicable law
• Legal and Compliance Data: Retained as needed to comply with legal obligations

When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including Canada and the United States. We ensure adequate protections are in place through:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers from the EEA
• Adequacy Decisions: Relying on jurisdictions deemed to provide adequate protection (e.g., Canada)
• Data Processing Agreements: Contractual safeguards with service providers
• Privacy Shield Successor Framework: Compliance with applicable cross-border transfer mechanisms

Children's Privacy

Our services are not directed to individuals under the age of 16 (or under 13 in the United States). We do not knowingly collect personal information from children. If we learn that we have collected information from a child without proper consent, we will delete it promptly. If you believe we have collected information from a child, please contact us immediately.

Third-Party Links

Our website may contain links to third-party websites, services, or applications not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, as there is no industry standard for how to interpret them. However, we honor universal opt-out mechanisms like Global Privacy Control (GPC) where legally required.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through prominent notice on our website
• Send email notifications to registered users (for significant changes)
• Provide advance notice where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes indicates acceptance of the updated policy.

California Privacy Rights ("Shine the Light" Law)

California residents may request information about personal information we disclosed to third parties for direct marketing purposes during the prior calendar year. To make such a request, please contact us using the information below.

Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain personal information. We do not currently sell personal information as defined under Nevada law. If you have questions, please contact us.

Contact Us

For questions about this Privacy Policy, to exercise your data rights, or to file a complaint, please contact us:

Supervisory Authority

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.