Trust, Security & Compliance
Built for scale. Designed with trust at the core.
Cartexel.AI is an AI-powered eCommerce content enrichment platform built with strong security, privacy, and compliance principles. This page provides an overview of how we protect data, use AI responsibly, and support regulatory compliance.
Security by Design
Cartexel.AI implements commercially reasonable administrative, technical, and organisational safeguards designed to protect customer data, including:
- Secure cloud infrastructure
- Access controls and least-privilege permissions
- Encryption in transit (and at rest where appropriate)
- Monitoring and incident response procedures
- Secure authentication mechanisms
No system can be guaranteed to be 100% secure, but security is embedded into our platform architecture and operational processes.
Data Privacy & Protection
We are committed to protecting personal data and supporting our customers’ data protection obligations.
Our approach:
- Transparent data practices
- Processing only for defined purposes
- Processing on customer instruction
- Limited data retention
- Confidentiality and access controls
We do not sell personal data.
GDPR & UK GDPR Readiness
Cartexel.AI supports compliance with:
- EU General Data Protection Regulation (GDPR)
- UK GDPR & Data Protection Act 2018
Roles:
- Customers act as Data Controllers
- Cartexel.AI acts as a Data Processor for customer content
For account, billing, and platform administration data, Cartexel.AI acts as a Data Controller.
Additional GDPR documentation, including our Data Processing Agreement (DPA) and GDPR Compliance Summary, is available upon request.
Responsible Use of AI
Cartexel.AI uses artificial intelligence to generate and enrich:
- Text content
- Images
- Videos and derivative media
Key principles:
- AI outputs are generated only on customer request
- Human review is required before use or publication
- Outputs are probabilistic and not guaranteed to be error-free
- Customer content is not used to train public or general-purpose AI models
Customer Instructions & Re-Enrichment
Customers may provide instructions to refine or re-enrich AI-generated content.
- Instructions are processed only at the customer’s direction
- Customers can choose:
- One-time re-enrichment, or
- Persistent prompt or preference updates
- Instructions are not reused across customers
This ensures transparency, control, and predictable AI behaviour.
Content Controls & Acceptable Use
We prohibit misuse of the platform, including:
- Intellectual property infringement
- Deceptive or misleading AI-generated content
- Unauthorised impersonation or deepfakes
- Unlawful or harmful activity
We reserve the right to suspend or restrict access for misuse in accordance with our Terms of Service.
Cookies & Consent Management
Cartexel.AI uses a consent-based cookie framework aligned with:
- GDPR
- UK GDPR
- ePrivacy Directive
What this means:
- Non-essential cookies are blocked by default
- Users can accept, reject, or manage cookie preferences
- Consent can be changed or withdrawn at any time
We also implement Google Consent Mode v2 to ensure compliant analytics and advertising behaviour.
Key Policies
We maintain clear and accessible policies:
Additional documentation (DPA, GDPR materials) is available on request.
Sub-Processors & Third Parties
We work with trusted third-party service providers for:
- Cloud hosting
- AI infrastructure
- Security and analytics
- Payment providers
All sub-processors are subject to contractual data protection and confidentiality obligations consistent with applicable laws.
Transparency & Accountability
We believe trust is built through transparency, accountability, and responsible design.
While Cartexel.AI supports regulatory compliance, customers remain responsible for:
- Determining lawful bases for processing
- Providing required notices to end users
- Ensuring lawful use of AI-generated content
Contact
For privacy, security, or compliance enquiries:
Email: privacy@cartexel.ai
Legal: legal@cartexel.ai