NodeCart

Privacy Policy

Effective Date: March 2026

1. Information We Collect

Account Information: Email address, business name, phone number, and location when you create an account.

Payment Credentials: M-Pesa Daraja API credentials (if provided) are encrypted using AES-256-GCM before storage. These are only decrypted server-side for payment processing and are never exposed to any frontend.

Customer Data: Names, phone numbers, and order details of your shop's customers, stored per-tenant with strict data isolation.

2. How We Use Your Information

We use your information to provide and improve the Platform, process orders, send notifications, and generate AI content for your shop. We do not sell your data to third parties.

3. Data Security

We implement industry-standard security measures including AES-256-GCM encryption for sensitive credentials, Row Level Security (RLS) in our database to ensure data isolation between tenants, and HTTPS for all data in transit.

4. Data Isolation

Each seller's data is strictly separated using tenant IDs and database-level Row Level Security policies. No seller can access another seller's data, products, orders, or customer information.

5. Third-Party Services

We use the following third-party services:

  • Supabase — database, authentication, and file storage
  • Google AI — image and content generation
  • Vercel — hosting and edge computing
  • Safaricom Daraja — M-Pesa payment processing (using seller's own credentials)

6. Payment Data

NodeCart does not process, collect, or store customer payment information. All payments flow directly between customers and sellers through M-Pesa. We only store encrypted Daraja API credentials that sellers voluntarily provide.

7. Your Rights

You have the right to access, update, or delete your personal data. You can update your information in your dashboard settings or contact us to request data deletion.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your data within 30 days, except where required by law.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email.

10. Contact

Questions about privacy? Contact us at support@nodecart.co.ke.