Privacy Policy

Armour Consortium AI - Cart Recovery API
Effective Date: December 2025 | Last Updated: December 2025

1. Who We Are

Armour Consortium AI operates the Cart Recovery API, an AI-powered service that generates personalised cart recovery content for e-commerce businesses.

Contact:
Email: hello@armourconsortium.ai
Website: https://armourconsortium.ai

2. Scope of This Policy

This policy covers:

The Cart Recovery API service
The marketing website at armourconsortium.ai
Human subscription products
The x402 agentic API

3. Data We Process

3.1 API Data (Processor Role)

When merchants use our API, we process data they submit:

Data Type	Examples	Purpose	Retention
Customer Identifiers	Email, phone, first name	Content personalisation	None - transient only
Transaction Data	Cart value, products, currency	Message context	None - transient only
Consent Flags	Marketing preferences	Compliance enforcement	None - transient only

Important: We do not store any customer personal data. All processing is transient (milliseconds).

3.2 Website Data (Controller Role)

When you visit our website:

Data Type	Purpose	Retention	Lawful Basis
Contact form submissions	Responding to enquiries	2 years	Consent
Waitlist signups	Product launch notifications	Until unsubscribe	Consent
Analytics (anonymised)	Service improvement	26 months	N/A (non-personal data)

3.3 Subscription Customer Data

For Subscription based customers:

Data Type	Purpose	Retention
Account details	Service provision	Duration of contract + 6 years
Payment information	Billing (via Stripe)	Handled by Stripe
Usage analytics	Service provision, billing verification, performance monitoring	Duration of contract + 6 years

4. Legal Bases for Processing (UK/EU)

Processing Activity	Lawful Basis	Reference
API content generation	Contract performance (with merchant)	Art. 6(1)(b)
Marketing to subscribers	Consent	Art. 6(1)(a)
Billing and accounts	Legal obligation	Art. 6(1)(c)

5. Cookies and Tracking

We do not use cookies on our marketing website.

No tracking cookies
No advertising pixels
No third-party analytics cookies
Essential functionality only

6. Data Sharing

6.1 Sub-Processors (API)

For content generation, data processed by:

Anthropic (Claude) - USA
Google (Gemini) - USA/EU
OpenAI (GPT) - USA
xAI (Grok) - USA
Coinbase (x402 payments) - USA

See Sub-Processor List for details.

6.2 Service Providers

Stripe (payment processing)
Elastic Email (email delivery)
Plivo (SMS delivery)

6.3 Legal Requirements

We may disclose data if required by law or to protect our legal rights.

7. International Transfers

Where data is transferred outside the UK/EEA:

Standard Contractual Clauses are in place
UK IDTA addendum applied where required
Supplementary security measures implemented

8. Your Rights (UK/EU)

Under UK GDPR and EU GDPR, you have the right to:

Right	Description	How to Exercise
Access	Request copies of your data	Email us
Rectification	Correct inaccurate data	Email us
Erasure	Request deletion (where applicable)	Email us
Restriction	Limit how we use your data	Email us
Portability	Receive data in machine-readable format	Email us
Object	Object to processing based on legitimate interests	Email us
Withdraw Consent	Where processing is based on consent	Email us or unsubscribe link

Response Time: Within 30 days (extendable by 60 days for complex requests).

Contact: hello@armourconsortium.ai

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

9.1 Right to Know

You may request:

Categories of personal information collected
Specific pieces of personal information collected
Categories of sources
Business purposes for collection
Categories of third parties with whom we share data

9.2 Right to Delete

You may request deletion of personal information we hold, subject to exceptions.

9.3 Right to Opt-Out of Sale

We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.5 How to Exercise CCPA Rights

Email: hello@armourconsortium.ai
Subject: "CCPA Request"

We will verify your identity before fulfilling requests.

10. CAN-SPAM Compliance (USA)

For any commercial emails we send:

Clear identification as advertisement (where applicable)
Valid physical address included
Unsubscribe mechanism in every email
Opt-out requests honoured within 10 business days

Our Address:
Armour Consortium AI
United Kingdom

11. Data Security

We implement appropriate security measures:

TLS 1.3 encryption for all transmissions
No storage of customer PII
Rate limiting and access controls
Regular security reviews

See Security Measures for details.

12. Data Retention

Data Type	Retention Period
API request data	None - transient processing
Website contact forms	2 years
Subscription accounts	Contract duration + 6 years
Anonymised analytics	26 months

13. Children's Privacy

Our services are not directed at individuals under 18. We do not knowingly collect data from children.

14. Changes to This Policy

We may update this policy periodically. Material changes will be notified via:

Website announcement
Email to registered users

Check the "Last Updated" date for the current version.

15. Complaints

If you have concerns about our data practices:

Contact us first: hello@armourconsortium.ai
UK ICO: ico.org.uk (if unsatisfied with our response)
EU DPAs: Your local supervisory authority

16. Contact Us

Armour Consortium AI
Email: hello@armourconsortium.ai
Website: https://armourconsortium.ai

This policy applies to all services offered by Armour Consortium AI.