Privacy Policy
Effective date: [DATE — set on publish]
Asteris Cart is operated by My Cosmic Message Pty Ltd (ABN 30 652 358 159), trading as WOW Enterprise Company, under its Asteris Commerce brand (“we”, “us”, “our”). This policy explains what personal data we handle, why, and the choices you have.
1. Who we are
We are the data controller for personal data we collect about visitors and customers of asteriscart.com. You can contact us about privacy at [email protected].
2. What we collect
- Account and billing data: name, email, password (stored hashed), and billing details you provide when you subscribe. Payments are processed by our payment provider; we do not store full card numbers.
- Support data: messages you send us and the context you include, such as your WooCommerce and Asteris Cart versions.
- Usage data: standard server logs and analytics about how the website is used, including IP address, device and browser information.
Separately, when you install the Asteris Cart plugin on your own WooCommerce store, the plugin processes your customers’ data on your store, under your control. For that processing you are the controller and we are not; this policy covers our own website and customer relationship, not your store’s data.
3. How we use it
We use personal data to provide and maintain the service, take payment and manage subscriptions, provide support, send service messages, keep the website secure, and meet legal obligations. We send marketing only where you have opted in, and you can withdraw at any time.
4. Legal bases
Where the GDPR or UK GDPR applies, we rely on: performance of our contract with you (providing the service and support); our legitimate interests (securing and improving the service); your consent (marketing); and compliance with legal obligations.
5. Cookies
We use cookies as described in our Cookie Policy.
6. Sharing and processors
We share personal data only with service providers who process it on our behalf — for example payment processing, email delivery, hosting and analytics — under contracts that require appropriate protection. [CC: list named sub-processors before publish.] We do not sell personal data.
7. Retention
We keep personal data only as long as needed for the purposes above or as required by law, then delete or anonymise it. Billing records are kept for the period required by tax and accounting law.
8. Your rights
Depending on your location you may have the right to access, correct, delete, port or restrict your data, to object to certain processing, and to withdraw consent. To exercise a right, contact us at [email protected]. You also have the right to complain to your data-protection authority.
9. International transfers
We may process data outside your country. Where we do, we use appropriate safeguards such as standard contractual clauses.
10. Children
The service is not directed to children, and we do not knowingly collect their data.
11. Security
We take reasonable technical and organisational measures to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Changes
We may update this policy and will change the effective date above. Material changes will be notified where required.