GDPR Compliance

StreamCart, Inc. is the data controller for personal data processed in connection with the StreamCart platform and marketing website. As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Our registered correspondence address and full legal details are available upon request by contacting privacy@streamcart.it. For merchants operating within the European Economic Area, we act as a data processor when handling personal data about your store's customers on your behalf, under the terms of our Data Processing Agreement (DPA), which is available upon request.

We process your personal data on the following legal bases: (1) Contractual necessity — processing is required to deliver the Services you have subscribed to, including account management, billing, and platform operation. (2) Legitimate interests — we process certain data to improve our product, ensure security, prevent fraud, and conduct analytics, where these interests are not overridden by your rights.

(3) Consent — where we send marketing communications or use non-essential cookies, we rely on your consent. You may withdraw consent at any time without affecting the lawfulness of prior processing. (4) Legal obligation — we may process data where required to comply with applicable law, regulatory requirements, or valid legal process.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects about you, except as explicitly described in our product documentation with appropriate safeguards.

As a data subject under the GDPR, you have a comprehensive set of rights with respect to your personal data. To exercise any of the rights listed below, please submit a written request to privacy@streamcart.it. We will acknowledge receipt within 72 hours and fulfill your request within one month, extendable by a further two months for complex or numerous requests.

We will not charge a fee for handling your request unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse to act. If we refuse your request, we will explain the reasons and inform you of your right to lodge a complaint with a supervisory authority.

We process personal data about our merchant users for the purposes of account management, subscription billing, dashboard analytics, customer support, product improvement, and security monitoring. The categories of data processed include contact information, payment metadata (but not full card numbers, which are handled by Stripe), usage data, and communication records.

When you use StreamCart to power video on your store, we act as a data processor on your behalf, processing anonymized session and interaction data from your store's visitors. We do not use this data for any purpose other than providing you with analytics and powering the widget experience. A Data Processing Agreement (DPA) governing this relationship is available upon request.

We do not engage in the sale, rental, or exchange of personal data with third parties for their own marketing purposes. We do not use personal data to build advertising profiles or to engage in cross-context behavioral advertising.

StreamCart is a US-based company and our primary infrastructure is hosted in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US or other countries that have not been deemed to provide an adequate level of data protection, we rely on the EU Standard Contractual Clauses (SCCs) as a legal mechanism for the transfer.

Our key sub-processors — including Vercel (hosting), Supabase (database), and Stripe (payments) — are subject to the same transfer mechanisms and maintain their own GDPR compliance certifications. A full list of our sub-processors and applicable transfer mechanisms is available upon request.

You may request a copy of the relevant transfer mechanism documentation by contacting our DPO at the address below.

For GDPR-related inquiries, to exercise your rights, or to lodge a complaint about our data processing practices, please contact our Data Protection Officer (DPO) at: dpo@streamcart.it.

You also have the right to lodge a complaint with your local supervisory authority. In the EEA, this is typically the data protection authority in the country where you live or work, or where you believe an infringement of the GDPR has occurred. We encourage you to contact us first so we have the opportunity to address your concerns directly.