Help Center

Privacy Policy

Privacy Policy

Effective: 06 June, 2025

This Privacy Policy explains how 1688 Bangladesh Ltd. (trading as “GoCNcart”) (“Company”, “we”, “us”, “our”) collects, uses, shares, and protects personal information when you use our website GoCNcart.com, our Android app (CN Cart), and related services (quoting, purchasing, warehousing/consolidation/QC, shipping, tracking, and support). This Policy applies whether you access our services via PC, mobile, or other devices.

Official API partner Multi‑currency payments Global shipping

Who we are and how to contact us

Data Controller
1688 Bangladesh Ltd. (operating the GoCNcart platform)
Website
https://GoCNcart.com
Email
Privacy: privacy@gocncart.com  |  Support: support@gocncart.com
Bangladesh office
House 28, Road 12, Sector 12, Uttara, Dhaka 1230
China warehouse (receiving)
House 1, No. 63, Qingfeng 3rd Road Industrial Zone, Shijing St., Baiyun District, Guangzhou (Navigation: Xinhankang Food Co., Ltd.)

Scope and notes

  • This Policy covers our website, Android app (CN Cart), and associated operations (purchasing, warehousing/QC, shipping, tracking, and support).
  • Users visiting 1688Bangladesh.com may be redirected to GoCNcart.com; data is processed under this Policy.
  • We use official API integrations (via an authorized technology partner) with 1688 and Taobao to power search and product data retrieval.

Information we collect

A) Information you provide

  • Account: name, email, phone, password (hashed), language/currency preferences.
  • Identity/KYC (where required): government ID/passport for high‑value orders, fraud prevention, or customs compliance.
  • Order & delivery: billing/shipping addresses, product links, notes to warehouse, packing instructions.
  • Communications: messages with support (email/chat), call records (where applicable), survey responses, marketing preferences.
  • Payments: payment method details handled by providers (we receive tokens/transaction IDs, not raw card numbers).

B) Information collected automatically

  • Discovery activity: pasted URLs, text queries, and images uploaded for reverse search (including thumbnails, fingerprints/hashes, metadata).
  • Technical: device/browser info, IP address, OS/app version, crash logs, cookies/pixels, approximate location.
  • Usage: visited pages/screens, buttons tapped, timestamps, referral sources, and (with consent) ad/attribution data.

C) From third parties

  • Logistics/carriers: tracking events, delivery exceptions, proofs.
  • Fraud‑prevention/verification: risk scores or signals.
  • Analytics: aggregated usage metrics from analytics providers.
  • Marketplaces via APIs: public product metadata (price/stock/specs/images); we do not receive your personal data from these platforms unless necessary for order fulfillment.

How we use information

Contract and service delivery

  • Create and manage accounts; process quotes/orders; purchase on your behalf; receive at our China warehouse; perform QC/repack/consolidation; arrange shipping (express/economy); track and notify.
  • Provide support (email/chat/phone); handle disputes, returns, and refunds per our policies.
  • Process payments and issue invoices/receipts.

Legitimate interests

  • Improve discovery relevance (link/text/image search), site/app performance, and user experience.
  • Prevent, detect, reduce, and investigate fraud/abuse/security incidents.
  • Measure logistics performance and partner SLAs; run analytics and A/B tests.

Consent (where applicable)

  • Send marketing emails/push/SMS; you can opt out anytime.
  • Use advertising/remarketing cookies or analytics identifiers.
  • Process sensitive data strictly for requested services (e.g., KYC for customs).

Legal obligations

  • Tax, customs, accounting, sanctions screening, and responding to lawful requests.

Mobile SDKs

We integrate SDKs for analytics, push notifications, crash reporting, social sign‑in/sharing, and payments. We review SDKs and require partners to protect your data.

  • Firebase Analytics — usage analytics (app instance ID, events).
  • Firebase Cloud Messaging — push notifications (device token).
  • Crashlytics/Bugly — crash diagnostics (device model, OS, crash logs).
  • Google/Facebook Login — third‑party sign‑in (basic profile with your consent).
  • Payment SDKs — Stripe/Payoneer (tokens, transaction IDs); Binance where legally permitted.

Updates: SDKs may change to support new features; we will update this section when material changes occur.

Payments we support

  • International: Stripe, Payoneer (cards), Binance (where permitted and compliant).
  • Bangladesh: Nagad, bKash, Rocket, CellFin, Upay, and bank transfer.

Security: Payments are processed by PCI‑compliant providers with 3D Secure where available. We do not store raw card numbers.

How we share information

We do not sell or rent your personal information to third parties for their marketing. We share data only as needed to provide our services or comply with law.

  • Service providers (processors): hosting/cloud, support tools, analytics, fraud prevention, payment processors, warehousing/labeling, IT/security—bound by contracts to use data only per our instructions.
  • Logistics & customs: carriers (e.g., DHL/FedEx/economy lines), last‑mile partners, customs brokers/clearing agents—limited to data necessary for shipping and clearance.
  • Related entities: 1688 Bangladesh Ltd. operates Bangladesh lanes; limited data sharing to fulfill BD shipments and support.
  • Business transfers: in a merger, acquisition, or reorganization, the new entity must honor this Policy.
  • Legal and compliance: to comply with laws, court orders, or protect rights, property, and safety.

International transfers

Your data may be processed in Bangladesh, China, the EU, the US, or other countries where our providers operate. Where required, we use Standard Contractual Clauses or equivalent safeguards.

Data retention

  • Account & order records: typically 6 years (tax/legal).
  • Support tickets: 24 months.
  • Marketing consent/opt‑out: 3 years.
  • Image search thumbnails/logs: typically deleted within 30 days; anonymized fingerprints/statistics may be retained longer.
  • We may retain data longer if required by law or to resolve disputes.

Security

  • Encryption in transit, access controls, least‑privilege, network monitoring, secure development practices, vendor/SDK reviews.
  • Payments via PCI‑compliant processors; we do not store raw card numbers.
  • Note: No method of transmission or storage is 100% secure; we continuously improve safeguards.

Cookies and tracking

  • Essential cookies (login/cart), analytics cookies, and (with consent) advertising/remarketing cookies.
  • Manage preferences via our cookie banner or your browser settings.
  • We do not currently respond to “Do Not Track” signals.

Your rights and choices

Subject to applicable laws, you may:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing; request data portability.
  • Withdraw consent for marketing/cookies at any time.
  • Opt out of targeted advertising cookies via our cookie banner.
  • California (CCPA/CPRA): right to know/delete/correct; opt out of “sharing” for targeted ads (we do not “sell” personal data).

To exercise rights, email privacy@gocncart.com. We may need to verify your identity.

Children’s privacy

Our services are not directed to children under 13; we do not knowingly collect children’s data.

Automated decision‑making

We may use automated risk checks/fraud scoring to protect users and our services. We do not use solely automated decisions that produce legal or similarly significant effects without your consent or as required by law.

Compliance and important notes

  • Incoterms: Unless otherwise agreed, international shipments are DAP; the customer is Importer of Record (IOR) and pays duties/taxes upon arrival.
  • Restricted items: Dangerous/restricted goods move only via eligible lines with proper documentation. We do not accept or ship counterfeit/replica or IP‑infringing goods.
  • Mis‑declaration: If a customer mis‑declares or sends restricted items to our China warehouse and customs impose fines/penalties or seize goods, the costs and consequences rest with the customer; 1688 Bangladesh Ltd. will not bear such costs.
  • Payments: Local wallets/banks (Nagad, bKash, Rocket, CellFin, Upay) and international processors (Stripe/Payoneer/Binance) have their own privacy terms.

Trademark disclaimer

“Alibaba”, “AliExpress”, “1688”, and “Taobao” are trademarks of Alibaba Group. GoCNcart is not affiliated with, endorsed by, or an official agent of Alibaba Group. We use official API integrations via an authorized technology partner.

Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on the website/app and, where appropriate, notified to you. The “Effective” date indicates the latest version.

Consent

By using our website and app, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, processing, and storage of your information as described. If you do not agree, please discontinue use. You may withdraw consent where applicable by contacting us.

Legal note: This document is provided for general information and does not constitute legal advice. Please have it reviewed by counsel for your target jurisdictions.