Privacy Policy

Introduction to Privacy at UrbanKart

At UrbanKart, we are fundamentally committed to protecting your privacy and ensuring the security of your personal information. This comprehensive privacy policy outlines our data practices, your rights, and our obligations regarding the collection, use, storage, and protection of your information across all our platforms and services.

Our privacy framework is built on principles of transparency, accountability, and user empowerment. We believe you should have complete control over your personal data and understand exactly how it's being used at every stage of your journey with UrbanKart.

Information We Collect

Personal Identification Information

  • Full Legal Name: Complete name as appears on official identification documents
  • Date of Birth: For age verification and account security purposes
  • Gender Identity: Optional demographic information for service personalization
  • National Identification Numbers: Government-issued ID numbers where required by law
  • Passport/Driver's License Information: For identity verification processes
  • Residential Address: Complete postal address including apartment/suite numbers
  • Permanent Address: Long-term residence information for account verification
  • Temporary Address: Current location information for service delivery

Contact Information

  • Primary Email Address: Main communication channel for account notifications
  • Secondary Email Addresses: Alternative contact methods and recovery options
  • Mobile Phone Number: Primary contact number with country code
  • Landline Telephone: Fixed-line contact information where applicable
  • Emergency Contact Information: Designated emergency contacts and their details
  • Business Contact Details: Professional contact information for business accounts

Financial Information

  • Credit Card Details: Card numbers, expiration dates, CVV codes (encrypted)
  • Debit Card Information: Bank card details for payment processing
  • Bank Account Numbers: Account details for direct transfers and refunds
  • Routing Numbers: Bank routing information for electronic transfers
  • Digital Wallet Information: PayPal, Apple Pay, Google Pay details
  • Cryptocurrency Wallets: Digital currency wallet addresses where applicable
  • Billing Address: Address associated with payment methods
  • Purchase History: Complete transaction records and payment patterns

Technical and Device Information

  • IP Address: Unique network identifier for location and security
  • MAC Address: Hardware identifier for network devices
  • Device Type: Mobile, tablet, desktop, smart TV, or other connected devices
  • Operating System: Version and build information of device OS
  • Browser Information: Browser type, version, and configuration details
  • Screen Resolution: Display specifications for optimal user experience
  • Device Performance Metrics: Processing power, memory, storage capacity
  • Network Information: Connection type, speed, and service provider
  • Geographic Location: GPS coordinates and location-based data

Behavioral and Usage Data

  • Browsing History: Pages visited, time spent on each page, navigation patterns
  • Search Queries: All search terms and search result interactions
  • Product Views: Items browsed, time spent viewing, comparison activities
  • Click Patterns: Mouse movements, click heatmaps, interaction patterns
  • Purchase Behavior: Buying patterns, cart abandonment, decision processes
  • Time-Based Usage: Peak usage hours, session duration, frequency of visits
  • Feature Usage: Which platform features are used most frequently
  • Content Preferences: Categories of interest, preferred content types

Time-Based Access and Return Policy

Strict Time-Based Access Policy:

  • Limited Access Windows: Users can only access products and services during specifically designated time periods
  • No Grace Periods: Time limits are strictly enforced with no exceptions or extensions
  • Automatic Access Termination: System automatically revokes access when time limits expire
  • Real-Time Monitoring: Continuous tracking of user access time and session duration
  • Time-Based Authentication: Access credentials expire based on predetermined schedules
  • Session Time Limits: Maximum allowed session duration with automatic logout enforcement
  • Peak Hour Restrictions: Access may be limited during high-traffic periods
  • Time Zone Considerations: Access windows based on user's registered time zone

Product Return Restrictions:

  • Strict Return Deadlines: Returns must be initiated within specified time frames without exception
  • No Late Returns Accepted: Any return request after deadline is automatically rejected
  • Condition Requirements: Products must be in pristine, unused condition with all original packaging
  • Complete Documentation: All original receipts, tags, and documentation must be included
  • Return Shipping Responsibility: Customer bears all shipping costs for returns
  • Inspection Process: All returns undergo thorough inspection before approval
  • Restocking Fees: Applicable restocking fees may apply to returned items
  • Refund Processing Time: Approved refunds processed within 7-10 business days

Product Usage and Copy Restrictions

Strict Product Limitations:

  • Personal Use Only: Products strictly limited to personal, non-commercial use
  • No Reproduction Rights: Complete prohibition on copying, reproducing, or duplicating products
  • Intellectual Property Protection: All IP rights fully protected and enforced
  • No Reverse Engineering: Prohibition on deconstructing, analyzing, or replicating product technology
  • No Distribution Rights: Users cannot share, sell, or distribute products to third parties
  • Time-Limited Access: Product access automatically expires after specified periods
  • Digital Rights Management: Advanced DRM prevents unauthorized copying and sharing
  • Watermarking Technology: Invisible watermarks track unauthorized distribution
  • Legal Enforcement: Violations result in immediate legal action and prosecution

Data Storage and Security Infrastructure

PCI DSS Compliance Requirements

As per Payment Card Industry Data Security Standard (PCI DSS) 4.0, we maintain:

  • Firewall Protection: Install and maintain firewalls to protect cardholder data environments
  • No Default Passwords: Never use vendor-supplied default security parameters
  • Stored Data Protection: Protect stored cardholder data with strong encryption
  • Encrypted Transmission: Encrypt payment card data across open, public networks
  • Antivirus Software: Use and regularly update anti-virus software
  • Secure Systems: Develop and maintain secure systems and applications
  • Need-Based Access: Restrict access to cardholder data to employees with business need
  • Unique Identification: Assign unique ID to each person with computer access
  • Physical Access Restriction: Restrict physical access to cardholder data
  • Network Monitoring: Track and monitor all access to network resources
  • Security Testing: Regularly test security systems and processes
  • Security Policy: Maintain comprehensive information security policy

PCI Compliance Level

Based on transaction volume, we maintain:

  • Annual Assessment: Complete Self-Assessment Questionnaire (SAQ) annually
  • Quarterly Scanning: Approved Scanning Vendor (ASV) network vulnerability scans
  • Validation Documentation: Maintain compliance documentation for review
  • Staff Training: Regular employee security awareness training

Storage Architecture

  • Distributed Storage: Data stored across multiple secure global locations
  • Redundant Backups: Real-time synchronized backup systems
  • AES-256 Encryption: All databases encrypted with industry-standard encryption
  • Secure Cloud Infrastructure: Enterprise-grade cloud security services
  • Physical Security: 24/7 security personnel and surveillance at data centers
  • Environmental Controls: Climate-controlled facilities with redundant power
  • Geographic Distribution: Multi-region data storage for resilience
  • Disaster Recovery: Comprehensive business continuity and recovery plans

Security Measures

  • SSL/TLS Encryption: End-to-end encryption during data transmission
  • Multi-Factor Authentication: Required for all system access
  • Biometric Verification: Fingerprint and facial recognition for sensitive operations
  • Third-Party Security Audits: Independent security assessments and penetration testing
  • Real-Time Threat Detection: AI-powered monitoring for suspicious activities
  • Intrusion Prevention: Automated blocking of unauthorized access attempts
  • 24/7 Security Team: Immediate incident response capabilities
  • Compliance Monitoring: Continuous regulatory compliance tracking

Third-Party Sharing and Data Transfers

Limited Sharing Circumstances

  • Service Providers: Only essential service providers with strict confidentiality agreements
  • Payment Processors: Financial institutions for payment processing only
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In case of merger, acquisition, or business sale
  • Safety and Security: To protect against fraud, abuse, or security threats
  • User Consent: With explicit user permission for specific purposes
  • Research and Analytics: Anonymized data for research and service improvement
  • Quality Assurance: With trusted partners for service quality verification

International Data Transfers

  • Global Infrastructure: Data may be transferred and processed globally
  • Adequacy Decisions: Only to countries with adequate data protection laws
  • Standard Contractual Clauses: Legal safeguards for international transfers
  • Binding Corporate Rules: Internal rules for intra-company data transfers
  • Data Localization: Some data may be stored in specific geographic regions
  • Compliance Framework: Full compliance with international data transfer regulations

Your Privacy Rights and Choices

GDPR Required Rights

Under GDPR, we provide all eight required user rights:

  • Right to Access: Request copies of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal information
  • Right to Erasure: Request deletion of personal data (“Right to be Forgotten”)
  • Right to Portability: Transfer your data to other service providers
  • Right to Object: Object to processing of your personal data
  • Right to Restrict: Limit how we use your personal information
  • Right to Information: Know what data we collect and how we use it
  • Right to Complain: Contact data protection authorities about concerns

E-commerce Specific Rights

Based on real e-commerce practices like Amazon and Etsy:

  • Account Management: Comprehensive privacy settings in account dashboard
  • Marketing Preferences: Control over marketing communications and emails
  • Cookie Management: Control over browser cookies and tracking technologies
  • Data Export: Download your personal data at any time (like Costco's policy)
  • Account Deletion: Option to permanently delete your account and data
  • Privacy Dashboard: Centralized view of your privacy settings and data
  • Notification Controls: Choose what notifications you receive
  • Third-Party Connections: Manage connected apps and services

Verification Process

To ensure security, we implement verification procedures:

  • Identity Verification: Multi-factor verification before data access
  • Authorization Confirmation: Ensure only authorized individuals can access data
  • Secure Authentication: Verified login credentials for sensitive requests
  • Documentation Requirements: Proper documentation for data requests

Cookies and Tracking Technologies

Cookie Categories (Following Sephora's Model)

We use cookies for specific purposes as clearly outlined:

  • Essential Cookies: Required for basic website functionality and security
  • Performance Cookies: Collect information about website usage and performance metrics
  • Functional Cookies: Remember your preferences and personalization choices
  • Targeting Cookies: Used to deliver relevant advertising based on your interests
  • Session Cookies: Temporary cookies deleted when browser closes
  • Persistent Cookies: Remain on your device for specified periods
  • First-Party Cookies: Set directly by our website
  • Third-Party Cookies: Set by external services we use

Tracking Technologies (Canva's Approach)

We use specific tracking technologies for transparency:

  • Log Files: Server logs recording user activity and IP addresses
  • Web Beacons: Small images used to track user interactions and email opens
  • Pixel Tags: Electronic files for tracking email marketing effectiveness
  • Device Fingerprinting: Unique device identification for security purposes
  • Geolocation Tracking: Location-based services and regional content delivery
  • Analytics Tools: Google Analytics and similar measurement services
  • Advertising Trackers: For personalized advertising delivery
  • Social Media Widgets: Integration with social media platforms

Opt-Out Options

Following U.S. state laws and best practices:

  • Cookie Preferences: Manage cookie settings through our preference center
  • Google Analytics Opt-out: Browser add-on to opt out of Google Analytics
  • Advertising Opt-out: Industry-standard advertising opt-out tools
  • Do Not Track: Honor browser Do Not Track signals where applicable
  • CCPA Opt-out: “Do Not Sell” option for California residents
  • Location-Based Opt-out: Disable geolocation tracking features

Legal and Regulatory Compliance

Applicable Regulations

  • GDPR (General Data Protection Regulation): EU data protection law
  • CCPA (California Consumer Privacy Act): California privacy law
  • LGPD (Lei Geral de Proteção de Dados): Brazilian data protection law
  • PIPEDA (Personal Information Protection Act): Canadian privacy law
  • PDPA (Personal Data Protection Act): Singapore data protection law
  • Data Protection Act: UK data protection legislation
  • Industry-Specific Regulations: Sector-specific compliance requirements
  • International Standards: ISO 27001 and other global standards

Compliance Measures

  • Regular Audits: Independent privacy and security audits
  • Privacy Impact Assessments: Systematic evaluation of privacy risks
  • Data Protection Officer: Dedicated DPO for privacy oversight
  • Staff Training: Comprehensive privacy training for all employees
  • Legal Review: Regular legal review of privacy practices
  • Documentation: Detailed records of processing activities
  • Breach Notification: Procedures for data breach notifications
  • Continuous Improvement: Ongoing enhancement of privacy measures

Policy Updates and Changes

We reserve the right to update this privacy policy at any time to reflect changes in our practices, legal requirements, or business operations. Any significant changes will be communicated through prominent notices on our website, email notifications, or other appropriate channels.

Your continued use of our services after any policy changes constitutes acceptance of the updated terms. We recommend reviewing this policy periodically to stay informed about our privacy practices.

Material changes to our privacy practices will be implemented with appropriate notice and, where required by law, with your consent.

Contact Information and Support

Privacy-Related Inquiries

  • Privacy Email: privacy@urbankart.com
  • Data Protection Officer: dpo@urbankart.com
  • Legal Department: legal@urbankart.com
  • Customer Support: support@urbankart.com
  • Hotline: +1-800-PRIVACY (for urgent privacy matters)
  • Response Time: We respond to privacy inquiries within 30 days
  • Escalation Process: Multi-level escalation for unresolved issues
  • Language Support: Support available in multiple languages

Additional Resources

  • Privacy Center: Comprehensive privacy resource hub
  • FAQ Section: Detailed answers to common privacy questions
  • Educational Materials: Resources about privacy best practices
  • Community Forum: Privacy discussions and peer support
  • Video Tutorials: Step-by-step privacy setting guides
  • Blog Updates: Regular privacy news and updates
  • Newsletter: Monthly privacy and security updates
  • Help Center: 24/7 automated support and documentation

This privacy policy is part of our ongoing commitment to transparency and user privacy. By using UrbanKart, you acknowledge that you have read, understood, and agree to these terms.