Privacy Policy

Last Updated: November 15, 2025
Effective Date: November 15, 2025

Website: http://www.paretoedge.com
Product: Pareto Cart Guard
Company: Pareto Edge, LLC

1. Introduction

Pareto Edge, LLC (“we,” “us,” “our”) operates the Pareto Cart Guard WordPress plugin and ParetoEdge.com website. This Privacy Policy explains how we collect, use, store, and protect your personal information.

Our Commitment:
– We collect minimal data necessary to provide Cart Guard services
– We do not sell your data to third parties
– We do not track customer shopping behavior or PII
– We comply with GDPR, CCPA, and PIPEDA privacy laws

Questions? Email [email protected]

2. Information We Collect

2.1 Information You Provide Directly

Account Registration (ParetoEdge.com):

Email address (for account login and communications)
Name (optional, for billing invoices)
Billing address (required for tax calculations)
Payment information (processed by third-party payment processors – see Section 5)

License Activation (WordPress Plugin):

License key (e.g., cg_pro_abc123...)
Site URL (e.g., `https://yourstore.com`)
WordPress version and WooCommerce version
Plugin version (e.g., Cart Guard 1.2.3)

Support Requests:

Email correspondence with [email protected]
Technical details (error logs, PHP version, server info) – voluntarily shared for troubleshooting
Screenshots or screen recordings – voluntarily shared for bug reports

2.2 Information Collected Automatically

API Usage Data (via cg.paretoedge.com):

When Cart Guard validates a shopping cart, we log:
– Timestamp of API request
– Site URL making the request
– License tier (FREE or PRO)
– API endpoint called (e.g., /v1/validate)
– Response status (success, blocked, error)
– Rule type triggered (e.g., “BOGO rule,” “min quantity”) – generic categories only
– Violation type (if cart blocked) – no customer PII

What We Do NOT Log:

❌ Customer names, emails, or addresses
❌ Product SKUs, names, or prices
❌ Cart contents or order totals
❌ Payment information
❌ IP addresses of shoppers (only your server’s IP for rate limiting)

Example Log Entry (anonymized):

{
  "timestamp": "2025-11-15T14:32:10Z",
  "site_url": "https://example.com",
  "license_tier": "PRO",
  "rule_type": "bundle_enforcement",
  "result": "blocked",
  "violation": "missing_required_product"
}

Website Analytics (ParetoEdge.com):

Page views and navigation paths (which pages you visit)
Referral source (how you found our site – e.g., Google search, WordPress.org)
Device type (desktop, mobile, tablet) and browser (Chrome, Firefox, Safari)
Geographic location (country/region only – derived from IP address, not stored)

Tools Used:
– Google Analytics (anonymized IP addresses, no cross-site tracking)
– Simple Analytics (privacy-first alternative, GDPR-compliant)

Opt-Out: Use browser extensions like Privacy Badger or uBlock Origin to block analytics trackers.

2.3 Cookies and Tracking Technologies

Essential Cookies (Required for Functionality):

Session cookies (keep you logged in to ParetoEdge.com/my-account)
Shopping cart cookies (persist WooCommerce cart state)
Security cookies (CSRF protection, prevent attacks)

Analytics Cookies (Optional):

Google Analytics cookies (_ga, _gid) – track page views and user behavior
Consent: We use a cookie banner – you can opt out (analytics disabled)

Marketing Cookies (Not Used):

We do not use retargeting pixels (Facebook, Google Ads, etc.)
We do not serve personalized ads based on your browsing

Cookie Duration:
– Session cookies: Deleted when you close browser
– Analytics cookies: Expire after 2 years

Manage Cookies: Browser settings (Chrome: Settings → Privacy → Cookies)

3. How We Use Your Information

3.1 Provide Cart Guard Services

License validation (verify your license key is active and not expired)
API access (process cart validation requests from your WordPress site)
Usage tracking (monitor API calls to enforce tier limits)
Error logging (diagnose technical issues, improve reliability)

3.2 Billing and Payments

Process transactions (via Authorize.net, or BTCPay)
Send invoices and receipts (via email)
Manage subscriptions (renewals, upgrades, cancellations)
Prevent fraud (detect suspicious payment patterns)

3.3 Customer Support

Respond to support tickets (technical troubleshooting, feature requests)
Onboarding assistance (free 30-minute call for PRO customers)
Account management (reset passwords, update billing info)

3.4 Communications

Transactional emails (license activation, subscription renewals, API usage warnings)
Product updates (new features, security patches, bug fixes)
Marketing emails (optional – promotional offers, case studies, blog posts)

Opt-Out: Click “Unsubscribe” link in any marketing email (transactional emails cannot be disabled).

3.5 Improve Cart Guard

Analyze usage trends (e.g., “30% of PRO users create BOGO rules”)
Prioritize features (build what customers use most)
Optimize API performance (reduce response times, prevent downtime)

Note: We use anonymized, aggregated data (no individual user behavior tracking).

3.6 Legal Compliance

Respond to legal requests (subpoenas, court orders, law enforcement)
Enforce Terms of Service (detect license key sharing, API abuse)
Protect rights (prevent fraud, intellectual property violations)

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share limited data with trusted partners to deliver Cart Guard services:

Payment Processors:

- Authorize.net (credit card payments) – Privacy Policy

BTCPay Server (cryptocurrency payments) – Self-hosted, no third-party data sharing

Data Shared: Email, billing address, payment amount (NOT card details – PCI-compliant tokenization)

Email Service Provider:

Brevo (formerly Sendinblue) – Transactional and marketing emails – Privacy Policy

Data Shared: Email address, name, license tier (for segmentation)

Hosting and Infrastructure:

DigitalOcean (API server hosting) – Privacy Policy
Cloudflare (CDN, DDoS protection) – Privacy Policy

Data Shared: Server IP addresses, API request logs (no customer PII)

Analytics:

- Google Analytics (website traffic) – Privacy Policy

Data Shared: Anonymized page views, device types, referral sources

4.2 Business Transfers

If Pareto Edge is acquired, merged, or sells assets, your data may be transferred to the new owner. You will be notified via email and given the option to delete your account.

4.3 Legal Requirements

We may disclose your information if required by law:
– Subpoenas or court orders
– Government investigations (tax, fraud, national security)
– Protect rights (defend against legal claims, prevent harm)

Transparency: We will notify you of legal requests unless prohibited by law.

4.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. This includes:
– Data brokers (Acxiom, LiveRamp, etc.)
– Advertising networks (Google Ads, Facebook Ads)
– Affiliate marketers

5. Data Security

5.1 Technical Safeguards

Encryption in transit: HTTPS/TLS for all API requests and website traffic
Encryption at rest: Database backups encrypted with AES-256
Access controls: Role-based permissions (only authorized employees access customer data)
Regular audits: Quarterly security reviews and penetration testing

5.2 Payment Security

PCI DSS Compliance: We do not store credit card numbers (handled by Authorize.net/PayPal)
Tokenization: Payment details replaced with secure tokens
3D Secure: Fraud prevention for card-not-present transactions

5.3 Data Breach Response

In the unlikely event of a data breach:
1. Notification: Affected users notified within 72 hours (GDPR requirement)
2. Remediation: Vulnerabilities patched immediately
3. Transparency: Public disclosure via blog post (if widespread impact)

6. Data Retention

6.1 Active Accounts

License data: Stored indefinitely while subscription is active
API logs: Retained for 90 days (for troubleshooting and abuse detection)
Support tickets: Retained for 2 years (for training and quality assurance)
Billing records: Retained for 7 years (tax and accounting requirements)

6.2 Canceled Accounts

Automatic deletion: Personal data deleted 90 days after subscription cancellation
Exception: Billing records retained for legal compliance (anonymized)

6.3 Right to Deletion

Request immediate data deletion by emailing [email protected]. We will delete your data within 30 days (except legally required records).

7. Your Privacy Rights

7.1 GDPR Rights (EU Residents)

Under the General Data Protection Regulation (GDPR), you have:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Delete your data (subject to legal retention)
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Export your data in machine-readable format
Right to Object: Opt out of marketing emails or data processing
Right to Withdraw Consent: Revoke consent for optional data collection

How to Exercise Rights: Email [email protected] with subject line “GDPR Request”

7.2 CCPA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA), you have:

Right to Know: What personal information we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of data sales (we do not sell data)
Right to Non-Discrimination: No penalties for exercising privacy rights

How to Exercise Rights: Email [email protected] with subject line “CCPA Request”

Response Time: Within 45 days (may extend to 90 days if complex)

7.3 PIPEDA Rights (Canadian Residents)

Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA):

Right to Access: Request a copy of your personal information
Right to Correct: Update inaccurate information
Right to Withdraw Consent: Stop data collection (except legal obligations)

7.4 Other Jurisdictions

If you reside outside the EU, California, or Canada, you may still have privacy rights under local laws. Contact [email protected] to inquire.

8. Children’s Privacy

Cart Guard is not intended for individuals under 18 years old. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact [email protected] and we will delete it immediately.

9. International Data Transfers

Server Location: Our API servers are hosted in the United States (DigitalOcean NYC datacenter).

EU Data Transfers: If you are in the EU, your data is transferred to the US under Standard Contractual Clauses (SCCs) approved by the European Commission.

Safeguards:
– Encryption in transit and at rest
– Strict access controls
– GDPR compliance for all users (regardless of location)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted at:
– http://www.paretoedge.com/privacy
– Notification sent via email to active customers

Material Changes (e.g., new data collection practices) require explicit consent:
– Email notification with “Accept New Policy” link
– Continued use after 30 days constitutes acceptance

Version History:
– v1.0 (November 15, 2025): Initial policy

11. Contact Information

Data Controller:
Pareto Edge, LLC
Email: [email protected]
Website: http://www.paretoedge.com

Support Inquiries:
Email: [email protected]

Response Time:
– Privacy requests: Within 30-45 days (GDPR/CCPA compliance)
– General inquiries: Within 48-72 hours

12. Third-Party Links

ParetoEdge.com may contain links to external websites (e.g., WordPress.org, WooCommerce documentation). We are not responsible for their privacy practices. Review their policies before sharing personal information.

External Links:
– WordPress.org – Privacy Policy
– WooCommerce.com – Privacy Policy
– GitHub (for plugin repository) – Privacy Policy

13. California “Do Not Track” Disclosure

Do Not Track (DNT) Signals: We honor DNT browser settings. If DNT is enabled, we will:
– Disable Google Analytics cookies
– Not share data with third-party analytics providers

How to Enable DNT:
– Chrome: Settings → Privacy → Send “Do Not Track” request
– Firefox: Preferences → Privacy → Tell sites not to track me

14. Cookie Policy Summary

Cookie Type	Purpose	Duration	Opt-Out
Session Cookies	Keep you logged in	Session	Required (cannot opt out)
Analytics Cookies	Track page views	2 years	Cookie banner or browser settings
Security Cookies	CSRF protection	Session	Required (cannot opt out)

Manage Cookies: Browser settings or cookie banner on ParetoEdge.com

By using Cart Guard, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: November 15, 2025
Version: 1.0