cartsenseBook a demo

Privacy Policy

Effective Date: April 15, 2026

StoneFrontier LLC ("we," "our," or "us") operates Cartsense, an AI agent system that runs TikTok Shop operations — creator discovery, outreach, conversations, campaign execution, and GMV tracking — on behalf of merchants. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use Cartsense and related services (the "Services").

By using the Services, you agree to the practices described here.

1. Information We Collect

Account & Merchant Information

When you sign up, we collect your name, email address, business name, role, and billing details. If you purchase a paid plan, our payment processor collects and stores your payment information on our behalf.

TikTok Shop Data (via OAuth)

When you connect your TikTok Shop, you authorize us to access shop data through TikTok's official APIs. Depending on the scopes you grant, this may include:

  • Shop and product data: product catalog, inventory, pricing, listings.
  • Order and GMV data: orders, fulfillment status, returns, refunds, GMV, attribution, and commission records.
  • Creator and affiliate data: creator profiles, affiliate relationships, invitations, sample requests, commission rates, and performance metrics.
  • Messaging data: creator conversations, message history, and message metadata handled through TikTok Shop's messaging surfaces.
  • Analytics: traffic, conversion, and campaign performance data exposed by TikTok.

On first sync we backfill historical data covered by the granted scopes so agents have context; we continue to sync on an ongoing basis while your connection is active.

Agent Activity Data

To operate the Services, we generate and store:

  • Agent actions, decisions, and the full inspectable reasoning trail (the "Transparency Stack," including fit-score breakdowns and source data snapshots).
  • Briefings, approvals, overrides, and corrections you provide.
  • Rules the system learns from your corrections, scoped to creators, campaigns, or your account.
  • Campaign briefs, playbooks, and other content you create in the Services.

Usage and Device Data

We collect IP address, device and browser type, operating system, referring URLs, pages visited, features used, session timestamps, and similar diagnostic information.

Cookies and Similar Technologies

We use cookies, local storage, and analytics (including first- and third-party analytics such as PostHog) to keep you signed in, remember preferences, measure feature usage, and diagnose issues.

Information About Third Parties

To help you discover and manage relationships with creators, the Services process publicly available TikTok creator information and creator-facing conversations. If you upload creator lists or contact details from other sources, those are also processed under this Policy.

2. How We Use Information

We use the information above to:

  • Run your TikTok Shop operations through the agent system — source creators, send invitations, manage conversations, launch and monitor campaigns, track GMV, and re-engage at-risk creators.
  • Generate daily briefings and escalate decisions that exceed thresholds you configure.
  • Produce the Transparency Stack so every agent action is inspectable.
  • Improve agent accuracy using your approvals, overrides, and learned rules (scoped to your account by default — see Section 4).
  • Authenticate users, process payments, and provide customer support.
  • Maintain security, prevent abuse, and debug issues.
  • Comply with legal obligations and enforce our Terms of Service.
  • Send service announcements and, with your consent where required, product updates.

Where GDPR or UK GDPR applies, we rely on: (a) contract to deliver the Services you've signed up for; (b) legitimate interests to secure, improve, and operate the platform; (c) consent for optional cookies and marketing communications; and (d) legal obligations for tax, accounting, and compliance requirements.

4. AI and Model Training

We use third-party large language model providers to power agent reasoning. Customer data sent to these providers is transmitted under contractual terms that prohibit the provider from using it to train their general-purpose models.

We do not use your TikTok Shop data, creator conversations, or campaign content to train shared or cross-customer models. Learned rules derived from your corrections are scoped to your account. Aggregated, de-identified metrics (for example, overall response rates or benchmark distributions) may be used to improve the product.

5. How We Share Information

We do not sell your personal information. We share information only in these limited cases:

  • Service providers and subprocessors: cloud hosting, database, observability, analytics, email delivery, customer support, payment processing, and LLM providers. They act on our instructions under written agreements.
  • TikTok: to perform actions you authorize via the TikTok Shop APIs (for example, sending an invite, adjusting a commission, or replying to a creator). Our access and use of TikTok data is governed by TikTok's developer terms and policies.
  • Other integrations you connect: if you connect additional tools (e.g., email, analytics, or messaging integrations), we exchange data with them at your direction.
  • Legal and safety: to comply with law, a valid legal process, or to protect the rights, safety, and property of users, the public, or us.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

6. Data Retention

We retain account and TikTok Shop data for as long as your account is active and for a reasonable period after to handle billing, support, disputes, and legal obligations. You may delete your account at any time by emailing contact@cartsense.ai; we will delete or de-identify your data within a reasonable period, except where retention is required by law. Backup copies may persist for a limited time before being overwritten.

7. Security

We use industry-standard technical and organizational measures — encryption in transit, access controls, logging, and least-privilege practices — to protect your information. TikTok OAuth tokens are stored encrypted. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have rights to:

  • Access, correct, or delete information we hold about you.
  • Port a copy of your data.
  • Object to or restrict certain processing.
  • Withdraw consent (including disconnecting your TikTok Shop or other integrations at any time).
  • Opt out of "sale" or "sharing" of personal information (we don't sell, but California residents have this right under the CCPA/CPRA).
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email contact@cartsense.ai. We will verify your request and respond within the timeframe required by applicable law.

9. International Transfers

We are based in the United States and process data there. If you are in the EEA, UK, or another region with different data protection laws, your information will be transferred to and processed in the United States under appropriate safeguards (such as Standard Contractual Clauses) where required.

10. Children

Cartsense is a business tool intended for merchants 18 years and older. We do not knowingly collect personal information from children.

11. Third-Party Platforms

The Services operate on and alongside third-party platforms (primarily TikTok Shop and TikTok). Those platforms have their own privacy practices, and we are not responsible for them. Your use of TikTok is subject to TikTok's terms and privacy policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date and, where appropriate, notify you by email or in-app notice before the changes take effect.

13. Contact Us

Questions, requests, or concerns?

StoneFrontier LLC
Email: contact@cartsense.ai