Privacy Policy
Last Updated on: March 8, 2024


1. Who we are

Ourcart Ltd. (hereinafter: “The Company”, “We”) is a Company that provides receipt capture, analyzing and processing services, dissemination of derived data and conclusions, and other services and products which may be offered or promoted by us from time to time (hereinafter: “the Services”). Our Services are offered and provided on the Ourcart website: (hereinafter: “the Website”), and the Ourcart mobile application/s (hereinafter: “the App”), which are operated by us.

2. Privacy statement


This Privacy Policy sets forth our policy with respect to information that can be associated with or which relates to a person and/or could be used to identify a person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including without limitation such information included in receipt images processed by us (“Personal Data”), all as defined by the General Data Protection Regulation (GDPR) (EU) 2016/679, or other applicable data protection legislation.

“Non-Personal Data”, as used in this Privacy Policy, is therefore any information that does not relate to a person and/or cannot be used to identify a person, including such information which may have been derived from Personal Data.

We may use Personal Data in the manner permitted in this Privacy Policy. We may also use Non-Personal Data. The limitations and requirements in this Privacy Policy on how we gather, use, disclose, transfer, and store/retain Personal Data do not apply to Non-Personal Data.

3. Consent

3.1. To use our Services, we may collect, store or process data provided by you, including Personal Data, and including such data included in receipt images uploaded by you to our Service. Therefore, we might receive, collect, store and process Personal Data or Non-Personal Data that:

3.1.1. you voluntarily provide; and/or

3.1.2. give your consent to collect and process it; and/or

3.1.3. is collected and/or stored as an integral part of using the Services or entering or registering to the Website or the App. 

3.1.3 the processing of which is necessary to meet contractual obligations entered by you and us or our customers; and/or

3.1.45. the processing of which is necessary to comply with legal obligations of us or our customers; and/or

3.1.6. the processing of which is for the purposes of legitimate interests pursued by us or our customers.


3.2. Without derogating from the aforesaid, by the use of our Services or allowing someone else to use the Services on your behalf, you are consenting to our collection, use, disclosure, transfer and storage in accordance with this Privacy Policy of any Personal Data or Non-Personal Data and other information received by us as a result of such use.

4. Personal data that we use

4.1 Some information may be mandatorily provided by you to us, as part of the Services, and some information may be collected by us during provision of the Services. The types of data that we may receive, collect, store and process may include your:

4.1.1 Personal Data – such as: Name, Address, Email address, Phone number, ID number, IP address, age, gender, country, preferred language; Financial Data; Location data; cookies; your shopping list etc.

4.1.2 Media Data: your receipt snapshot.

4.1.3 Device and Usage Data: We may also collect information on how the Service and Website are accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s or device IP address, device ID number, browser type or version, which Service pages you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.5. How we use the Personal Data

We use Personal Data in a manner that is consistent with this Privacy Policy and applicable laws and regulations. We may use the Personal Data as follows: 

5.1 Performing our Services:  your receipt snapshots and any usage data of any mobile application provided by you, are used to perform our Services (i.e. receipt analysis, processing etc.). Furthermore, we may provide our customers whose receipts were uploaded by you with your Personal Data.

5.2 Access and Use: Any Personal Data provided to us by you in connection with obtaining access to any functionality of our Services may be used by us in order to provide you with access to the needed functionality and to monitor your use of such functionality.

5.3 Internal Business: We may use your Personal Data for internal business purposes, including, without limitation, to help us improve Website and App content and functionality to better understand our Customers and Users, to improve and enhance our Services, develop new services and products, to protect against, identify or address wrongdoing, to enforce our contracts and this Privacy Policy, to provide you with customer service, and to generally manage and operate our business.

5.4 Specific Purpose: If you provide Personal Data for a specific purpose, Ourcart may use said Personal Data in connection with the purpose for which it was provided. For instance, if you contact Ourcart by email, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address used to contact us; or if you upload a receipt for which you may be entitled to certain benefits or credits from one or more of our customers, we will share your Personal Data with such customers.

5.5 Marketing and Offers: We may use any Personal Data you provide us with to contact you in the future for marketing and advertising purposes, including, without limitation, to inform you about our Services and new services or products, whether developed or offered by us or by our partners or customers, we believe might be of interest to you, and to develop promotional or marketing offers or materials and provide those offers or materials to you. By providing us with your Personal Data you consent to receive promotional and marketing offers from us and our partners or customers. 


5.6 Statistics: We may use your Personal Data to generate statistical reports containing aggregated information, which we may also share with third parties, with or without consideration. We may also share or market aggregated data, including data derived from your usage and your Personal data, for market research purposes, for our use or the use of our partners or customers.

5.7 Security and Dispute Resolution: We may use Personal Data to protect the security of our Website, App and Services, to prevent, detect and resolve cyber attacks, fraud, phishing, identity theft, and data leaks, to verify genuine software licenses and genuine users or uploaded receipts or information, to resolve disputes, and to enforce our agreements and policies.

5.8 Data Retention, Archives: We retain and archive Personal Data so long as it is necessary to operate our business and maintain our Services, meet contractual obligations, laws and regulations, and subject to our retention policies and this Privacy Policy.

5.9 Transfer/Share/Disclose Personal Data: We may share your Personal Data with our partners, contractors and service providers who process, store or analyze Personal Data on behalf of the Company or our customers, as may be required to perform certain business-related functions. We may provide them with information, including Personal Data, in connection with their performance of such functions. Furthermore, We may also transfer data, including Personal Data, to third parties in connection with providing the Services and/or developing or improving the Services. While we do so, we demand that the recipients are bound to maintain said Personal Data in accordance with this Privacy Policy.

5.10 Cloud Services: We may need to share Personal Data with our cloud service. For example, in order to protect and secure our Website, App or Services, the cloud service admin may need access to Personal Data to provide those functions. In such cases, the cloud service provider must abide by our data privacy and security requirements and is not allowed to use Personal Data they receive from us for any other purpose.

5.11 Development and Customer Service: For example, to provide customer service and support or assist in protecting and securing our systems and services our development and customer service team may require access to Personal Data. In such cases, our personnel must abide by our data privacy and security requirements and policy and are not allowed to use Personal Data for any other purpose.

5.12 Corporate Sale, Merger, Reorganization, Dissolution or Similar Event: Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of Ourcart (or its assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy. We will also share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. 

5.13 Law Enforcement: We may use, share or disclose Personal Data in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or enforcement requirements), or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of Users of the Website and  Services or the public, or (e) protect against legal liability. 

5.14 Other service providers: We share Personal Data with third party service providers that perform functions on our behalf and help us to provide the Services and Website (e.g. cloud service providers, business analytic tools, customer service software, support ticket system, goods providers, survey conducting services, image analysis providers etc.).  We transfer only data that is necessary for conducting our Services with these third party service providers.  

5.15 Other Purposes: If we intend to use any Personal Data in any manner not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time the Personal Data is processed.


Non-Personal Data: Please note that because Non-Personal Data cannot be used to identify you in person, we may use such data in any way permitted by law.

6. How We Store and Transfer Information

6.1 We have no intention to transfer stored data to third-party countries. Therefore, we try to store Personal data at the same region where it was collected, and in any event we do our best comply with applicable privacy laws with respect to the storage of Personal Data.

6.2 To deliver our services and/or operate our business, information, which may include Personal Data, may be processed by our third-party service providers (“Suppliers”) (e.g. hosting and storage services, business analytic tools, customer service software & support ticket system, goods providers, survey conducting services, image analysis providers etc.). We transfer only the minimum data that is necessary for conducting our services. The data is transferred only to Suppliers approved by us that allow compliance with GDPR or other applicable local privacy laws.

6.3 Personal Data may be transferred, stored, and processed in countries outside the countries where it was collected. Such transfer to third-party countries may include countries that do not guarantee an adequate level of data protection laws as required under applicable privacy laws. We implement a high level of information security techniques and technical measures and/or third-party contractual obligations to ensure that their information security level matches that implemented by us.

6.4 We may transfer Personal Data to Israel – where we maintain our headquarters. The EU considers Israel to have an adequate data protection law.

7. Personal Data Security

7.1 We implement and maintain reasonable security measures to protect the personal information we collect and maintain from unauthorized access, destruction, use, modification, or disclosure.  However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.  Therefore, you should take special care in deciding what information you disclose. If you notice any security risks or violations, please report them to us at so that we may resolve them as soon as possible. 

7.2 OurCart takes precautions to protect your information.  When you submit sensitive information via the website such Personal Identifying Information or Data, your information is protected both online and offline.  Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way.  You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the webpage.  OurCart also uses Secure Socket Layer (SSL) for authentication and private communications to build users’ trust and confidence in the internet and website use by providing simple and secure access and communications of Personal Identifying Information or Data.  OurCart takes a data-centric stance that enables it to respond faster and with more confidence to compliance with consumer rights and requirements under California Consumer Protection/Privacy Act (CCPA), Colorado Privacy Protection Act (CPA), Virginia Consumer Data Protection Act (VCDPA), Utah Consumer Privacy Act (UCPA), the Connecticut Data Privacy Act (CTDPA), the General Data Protection Regulation (GDPR), and Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) regarding the false or misleading header information and deceptive subject lines.

7.3 You also have the right to access, rectification or erasure of the Personal Identifying Information or Data held on our systems, the right to object or restrict the processing of your Personal Identifying Information or Data, and the right to data portability. You may lodge a complaint with the competent data protection authority regarding the processing of your Personal Identifying Information or Data. To protect the privacy and the security of your Personal Identifying Information or Data, we may request information from you to enable us to confirm your identity and right to access such information, as well as to search for and provide you with the Personal Identifying Information or Data we maintain. There are instances where applicable laws or regulatory requirements allow or require us to refuse to provide or delete some or all of the Personal Identifying Information or Data that we maintain. You may contact us by sending an email to to exercise your rights. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days. OurCart agrees to hold your information for a period of at least 180 days unless a business reason requires, we hold it for more such as a subscription or you are a registered user.

7.4 We recommend that you use, disclose and share your Personal Data and information with caution and do not give out Personal Data and information unless it is necessary, as we cannot guarantee the security of data over the internet and cannot control the actions of other users of the Services with whom you choose to share Personal Data and information.

8. Children’s Privacy 

Our products and services are not intended to be used by children. We do not knowingly solicit or collect any personal information about children under the age of sixteen (16) nor knowingly allow children to communicate with us or use any of our services. If a child has provided us with personal information, a parent or guardian of that child may contact us to have that information deleted from our records. If you believe that we might have any information from a child under the age of sixteen (16), please report this to us at  We will take all reasonable steps to delete the child’s information as soon as possible except where necessary to protect the safety of the child or others as required by law.  OurCart does not have actual knowledge that it sells personal information of children under the age of sixteen (16) years.

9. Individual Rights 

9.1 Your Rights as a Resident of California

The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (CPRA) grants certain rights to California residents (subject to certain exceptions) with respect to their personal information. If our processing of your personal information is subject to the CPRA, you are entitled to the following rights:

  1. Right to know/access: You have the right to request what personal information we have collected, used, disclosed, and sold about you within the preceding 12 months. Below, there are details on how to exercise this right. You may only make a request for access twice within a 12-month period. 
  2. Right to deletion: You have the right to request the deletion of your personal information about you that we collect from you, subject to certain exceptions. Once we receive your request and confirm your identity, we will delete (and direct any service providers or third parties, who we have shared or sold your personal information to, to delete) your personal information from our records, unless an exception applies under applicable law.
  3. Right to opt-out of sale or sharing: You have the right to opt-out of the sale or sharing of your personal information to third parties. Each of our Privacy Policies sets out whether or not we sell or share personal information. Across all of our digital properties, our use of third-party cookies may be deemed a sale or sharing under the CCPA/CPRA. To exercise your right to opt-out of the sale or sharing of your personal information through cookies,. For further information on sale/sharing via cookies, please visit our [Cookie policy]. 
  4. Right to non-discrimination: You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CPRA. For example, this means we cannot deny goods or services to you or charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, due to you having exercised your rights.
  5. Right to correct: You have the right to correct inaccurate personal information that we collect or maintain. If we believe the information in question is correct we will ask you to provide documentation if necessary to rebut our own documentation that the personal information is accurate. 
  6. Right to limit use of sensitive personal information: You have the right to limit how we use your sensitive personal information. Sensitive information includes Social Security number, driver’s license number, biometric information, precise geolocation, and racial and ethnic origin.  We may collect precise geolocation to suggest where a customer can purchase a Promoted Product or Offering near them.  
  7. Right to know/appeal inaction: If you submit a request to exercise any rights under the CPRA and we do not take action on your request, we will inform you, without delay and at the latest within the time period permitted for our, of the reasons for not taking action.  We will also inform you of any rights you may have to appeal the decision to us.
  8. To exercise your right to know, access or delete your personal information, you may submit a request by emailing Please include “CPRA Access/Deletion Request” in the subject line of your email.  For requests submitted via email, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. To exercise your right to know/access, you may submit a request by emailing  Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal information. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.

9.2 Your Rights as a Resident of Nevada

If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your personal information. We do not currently sell any of your personal information under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.

10. Do Not Track

We do not respond to Do Not Track (DNT) signals.  DNT is a preference you can set on your web browser to inform websites that you do not want to be tracked.  You can enable or disable DNT by visiting the preferences or settings page of your web browser. 

11. Accessing, Updating, Correcting, and Deleting Information, Restricting Information Processing, and Lodging a Complaint with a Supervisory Authority

11.1 You may have the right to request access to some of your Personal Data being stored by us. You can also ask to correct, update or delete any inaccurate Personal Data that we process about you. The foregoing is subject to our policies and the applicable laws and regulations. To exercise these rights, you can contact us at:

11.2 We may retain your Personal Data for any period permitted or required under applicable laws. Even if we delete your Personal Data it may remain stored on backup or archival media for an additional period due to technical issues or for legal, tax or regulatory reasons, or for legitimate and lawful business purposes.

11.3 You may have the right to restrict processing if one of the following applies:

11.3.1 The accuracy of the Personal Data is contested by the data owner;

11.3.2 The processing is unlawful and the data owner objects to having their Personal Data erased, instead requesting that its use be restricted;

11.3.3 Your service provider no longer needs the Personal Data for the purposes of the original processing, but the data is required by the data owner for establishing, exercising or defending legal claims;

11.3.4 The data owner has objected to processing pending verification of whether the legitimate grounds of your service provider override those of the data owner. 


11.4 You may have the right to lodge a complaint with a supervisory authority. However, prior to doing so, you are welcome to contact us by email at: in order to resolve the issue for the benefit of all parties. Our supervisory authority is the Israeli Data Protection Authority.

12. General

12.1 This Privacy Policy does not apply to any Personal Data that you provide to third-parties.  

12.2 This Privacy Policy applies only to the Services, Website and App; it does not apply to third-party websites or services linked to by the Website or whose services we distribute. Links from the Website or App or the distributed third-parties’ services do not imply that we endorse or have reviewed said third-party websites or services. We suggest contacting these third-parties directly for information regarding their privacy policies. 

13. Change of Privacy Policy

The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right, at our sole discretion, to update or modify this Privacy Policy at any time (collectively, “Modifications”). If the changes allow us to use personal information in ways that materially affect your rights, we will post a special note on our website and, if required by law, will prompt you for your consent for certain changes via email or SMS. When Modified, this Privacy Policy will be posted on the Website with a revised ‘Last Updated’ date at the top of this Privacy Policy.

European Union Members - International Transfer of Data

The OurCart platform service is international in scope. By using the Services, you consent to your private information being sent and processed in other jurisdictions outside the European Union and European Economic Area, including the United States where there may be less stringent data protection laws.

For EU users only - Transferring your information outside the European Economic Area.

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the EEA.  In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on alternative legal bases such as the Privacy Shield, where applicable, or binding corporate rules where our affiliates, consultants or service providers have adopted such internal policies approved by European data protection authorities. If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

For EU users only -Legal Basis For The Processing of Personal Identifying Information or Data from EEA Residents

If you reside within the European Economic Area (EEA), our processing of your Personal Identifying Information or Data will be legitimized as follows: Whenever we require your consent for the processing of your Personal Identifying Information or Data such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If the processing of your Personal Identifying Information or Data is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b). Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

For EU users only -Cross-border Transfer

We may share Personal Identifying Information or Data with our affiliates' employees, consultants and third party service providers outside your country but only for purposes of performing the Services for which you provided your Personal Identifying Information or Data, even to countries that might not offer a level of protection for your Personal Identifying Information or Data that is equivalent to the one offered in your country of residence. We will obtain your express consent, however, before using your Personal Identifying Information or Data for any purposes other than performing the Services for which you provided the Personal Identifying Information or Data.

For EU users only -Choice/Opt-out

You will be required to ‘opt-in’ to having your Personal Identifying Information or Data used for any purpose not directly related to the Site upon registration to the Site. If you no longer wish to receive additional information or promotional materials from OurCart, you may opt-out of receiving these communications by sending an email with the word ‘unsubscribe’ in the subject line to the following email address or using the opt-out mechanism described in the relevant email.

Please review this Privacy Policy periodically, and especially before you provide any Personal Data or information. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services following the implementation of any Modifications to this Privacy Policy constitutes acceptance of those Modifications. If you do not accept any Modification to this Privacy Policy, your sole remedy is to cease accessing, browsing and otherwise using the Website, App or our Services.  

14. Dispute Resolution

14.1 If you have a complaint about Ourcart’s privacy practices, you should write to us at: We will take reasonable steps to work with you to attempt to resolve your complaint.

14.2 You agree that this Privacy Policy is governed by the laws of the State of Israel. Any dispute arising in connection with this Privacy Policy shall be brought before the competent court in the Tel Aviv District of Israel, which shall be granted exclusive jurisdiction to adjudicate the matter.

Representation for data subjects in the EU or in the UK:

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: