Privacy Policy
Last updated: March 1, 2025
In short: We collect only what we need to run the Service. We never sell your data. Payment credentials are tokenized and never stored on our servers. You can delete your account and data at any time.
1. Information We Collect
We collect information you provide directly: account details (name, email, company), payment information (processed by Stripe — we never store card numbers), and catalog data you sync through our platform. We also collect usage data automatically: API call logs, dashboard interactions, device information, and IP addresses.
2. How We Use Your Information
We use your data to: (a) operate and improve the Service; (b) process transactions and sync your product catalog; (c) provide analytics and reporting; (d) send service-related communications; (e) detect and prevent fraud or abuse; (f) comply with legal obligations. We do not sell your personal data to third parties.
3. Data Sharing
We share data only as necessary: with AI agent platforms to facilitate product discovery and checkout (only catalog data you have opted to make available); with payment processors to complete transactions; with infrastructure providers who process data on our behalf under strict contracts; and when required by law.
4. AI Agent Data Flow
When AI agents query your catalog through CheckoutNow, we share product information (names, descriptions, pricing, availability) with the requesting agent platform. We do not share end-user personal data with AI agents. Checkout sessions are tokenized and isolated — agents receive a secure checkout URL, not payment credentials.
5. Data Retention
We retain your account data for as long as your account is active. Transaction records are retained for 7 years for tax and compliance purposes. API logs are retained for 90 days. Upon account deletion, personal data is purged within 30 days, except where retention is required by law.
6. Security Measures
We implement industry-standard security measures including: TLS 1.3 encryption for all data in transit; AES-256 encryption for data at rest; SOC 2 Type II certified infrastructure; regular penetration testing; role-based access controls; and 24/7 security monitoring. See our Security page for full details.
7. Your Rights
Depending on your jurisdiction, you may have the right to: access your personal data; correct inaccurate data; delete your data; export your data in a portable format; opt out of marketing communications; restrict or object to certain processing. To exercise these rights, contact privacy@checkoutnow.com.
8. Cookies & Tracking
We use essential cookies to operate the dashboard and maintain your session. We use analytics cookies (which you can opt out of) to understand usage patterns. We do not use third-party advertising cookies. Our API endpoints do not set cookies.
9. International Transfers
Your data may be processed in the United States. We use Standard Contractual Clauses and other appropriate safeguards for international data transfers. EU and UK users are protected under GDPR-compliant data processing agreements.
10. Children’s Privacy
The Service is not intended for individuals under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The “Last updated” date at the top reflects the most recent revision.
12. Contact Us
For privacy-related inquiries: privacy@checkoutnow.com. For general questions, visit our Contact page. Data Protection Officer: dpo@checkoutnow.com.