/vector/default-monochrome-black.svg)
Terms of Use
Comprehensive legal terms for access to Xcarty services, applications, and content. Effective date: April 5, 2026.
Scope and acceptance
These Terms apply to all users, visitors, buyers, and account holders using any Xcarty web or app service.
By accessing or using the platform, you agree to these Terms and all linked policies incorporated by reference.
If you do not agree with any part of these Terms, you must stop using the service immediately.
Account responsibilities and security
You must provide accurate account information and keep it current for ordering, billing, delivery, and compliance purposes.
You are responsible for safeguarding credentials and all activity under your account, whether authorized by you or not.
We may suspend, restrict, or terminate access where misuse, fraud, security risk, or policy violations are detected.
Orders, pricing, and availability
Product availability, prices, fees, and delivery windows may change before order confirmation and are not guaranteed until accepted.
We may limit quantities, refuse or cancel orders, and apply risk checks for abuse, reselling, fraud, or operational constraints.
In case of pricing or listing errors, we may correct, cancel, or reissue offers before or after submission where legally allowed.
Restrictions and prohibited conduct
You may not copy, reproduce, publish, mirror, scrape, decompile, reverse engineer, or train machine-learning models on site materials.
Unauthorized automation, bot access, account farming, credential stuffing, and bypassing technical controls are strictly prohibited.
Any attempt to extract databases, hidden metadata, recommendation logic, profile markers, or ranking signals is prohibited.
Liability limits and legal remedies
Services are provided on an as-available basis, and we disclaim implied warranties to the fullest extent permitted by applicable law.
To the maximum extent allowed, Xcarty is not liable for indirect, incidental, consequential, special, or punitive damages.
For unauthorized use of intellectual property or data extraction, we reserve rights to injunctive relief and all available legal remedies.
Dispute framework and governing law
These Terms are governed by the laws of the State of California and applicable U.S. federal law, without conflict-of-law principles.
You agree to resolve disputes through individual proceedings and waive participation in class or representative actions where enforceable.
Any clause found unenforceable will be interpreted narrowly, while remaining clauses stay in full force and effect.
Privacy Policy
Rules governing collection, use, retention, and protection of personal data. Effective date: April 5, 2026.
Data we collect
We collect account identifiers, contact data, order history, delivery preferences, payment profile metadata, and device/session data.
We may collect personalization inputs, quiz answers, budget settings, recurring cart preferences, and customer support communications.
We do not intentionally collect sensitive data unless you provide it for a supported use case and applicable law allows processing.
How we use data
Data is used to provide core service functions, including identity verification, order processing, fraud prevention, and delivery execution.
We use profile and preference signals to personalize ready carts, substitution suggestions, and product recommendations.
We may use aggregated or de-identified data for service optimization, analytics, reliability monitoring, and legal compliance.
Sharing and disclosure
We may share data with service providers that process payments, logistics, analytics, communications, and fraud/security operations.
We may disclose data when required by law, court order, lawful process, or to protect rights, safety, and platform integrity.
We do not authorize third parties to resell your personal data acquired through our services.
Data security and retention
We apply layered administrative, technical, and organizational safeguards, including access controls, monitoring, and environment separation.
Retention periods are based on legal obligations, fraud-prevention needs, transaction lifecycle, and operational necessity.
When data is no longer needed, we delete, anonymize, or aggregate it in accordance with our Data Retention Policy.
Your rights and controls
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing.
You may manage language, currency, recommendation preferences, and communication settings from your account profile where available.
Privacy requests can be submitted through support channels and are processed with verification controls to protect account security.
Data Retention Policy
Retention rules for account data, order data, logs, and support records. Effective date: April 5, 2026.
Retention principles
Data is retained only for periods required to deliver services, meet legal obligations, enforce rights, and prevent abuse.
Retention schedules are based on data category, legal requirements, security posture, and documented business necessity.
We apply data minimization and regularly review stores to remove or anonymize data no longer required.
Category-level retention
Account profile records are retained for account lifecycle and a limited period after closure for legal and anti-fraud reasons.
Transactional records, invoices, and payment history may be retained for tax, accounting, audit, and dispute requirements.
Security logs and access records are retained for incident response, abuse prevention, and reliability investigations.
Deletion, anonymization, and legal holds
Deletion requests are processed subject to identity verification, legal exceptions, and security controls.
Where full deletion is not possible, data may be restricted, pseudonymized, or irreversibly anonymized.
If litigation, regulatory inquiry, or legal hold applies, certain records may be preserved until obligations are resolved.
Security Policy
Security controls and expectations for platform users, partners, and internal operations. Effective date: April 5, 2026.
Security controls
We use role-based access control, authentication checks, request validation, rate limits, and environment-level segmentation.
Sensitive operations are monitored and subject to additional risk checks and fraud mitigation controls.
Systems are maintained through secure development lifecycle practices, patching, and controlled release workflows.
User security obligations
Users must protect account credentials, avoid credential reuse, and report suspicious activity without delay.
Account sharing, security bypassing, and malicious probing are prohibited and may trigger immediate access restrictions.
We may enforce additional verification before high-risk actions such as billing changes or suspicious order activity.
Incident response and disclosure
We triage security incidents with severity classification, containment procedures, and remediation tracking.
When legally required, we provide notices to affected users and regulators in accordance with applicable breach laws.
Responsible vulnerability reports can be submitted through support channels with reproduction details.
Shipping Policy
Order processing, delivery timeframes, and shipping charge rules for Xcarty purchases. Effective date: April 5, 2026.
Processing and dispatch windows
Processing times vary by item type, stock location, delivery address, and fraud/security verification requirements.
Estimated delivery windows are shown at checkout and in order details; these are estimates, not guaranteed deadlines.
If no specific shipment time is stated, shipping occurs within commercially reasonable periods under applicable law.
Charges, delays, and exceptions
Shipping charges, speed tiers, and thresholds are displayed before checkout confirmation and may vary by destination.
Weather, carrier disruption, high-demand periods, address issues, and force-majeure events can delay delivery timelines.
We are not liable for delays caused by events outside our reasonable control, subject to mandatory consumer law.
Risk transfer and failed delivery
Title and risk transfer rules are determined by order terms and applicable law at shipment, handoff, or successful delivery.
If delivery fails due to incorrect address, recipient unavailability, or access restrictions, additional fees may apply.
Repeated failed delivery attempts may lead to order return, cancellation, or account restrictions.
Returns and Refunds Policy
Eligibility criteria, return process, and refund rules for products and recurring orders. Effective date: April 5, 2026.
Return eligibility
Items must be returned within the listed return window, in acceptable condition, and with required packaging where applicable.
Perishable goods, hygiene items, customized goods, digital goods, and restricted categories may be non-returnable.
We may reject returns that show misuse, tampering, material damage after delivery, or policy abuse.
Refund method and timing
Approved refunds are issued to the original payment method unless law requires or allows an alternate method.
Refund processing times depend on payment providers, card issuers, and banking networks after approval.
Shipping fees and service fees may be non-refundable except where required by law or due to our fulfillment error.
Abuse prevention and account controls
Excessive return rates, repeated false claims, and intentional damage patterns may trigger manual review or account limits.
We may require additional evidence for damaged, missing, or incorrect item claims.
Policy abuse can result in rejected claims, account suspension, and legal enforcement where appropriate.
Recurring Orders and Auto-Delivery Policy
Terms for recurring baskets, cadence controls, and renewal billing. Effective date: April 5, 2026.
Recurring setup and disclosures
Before enabling recurring orders, we disclose delivery cadence, estimated recurring charges, and cancellation controls.
Recurring basket pricing can change when inventory, substitutions, taxes, fees, or selected products change over time.
You are responsible for reviewing upcoming order previews and keeping payment and delivery data accurate.
Billing and renewal
Charges may occur on schedule, at order creation, at dispatch, or after delivery depending on selected payment model.
Where authorization holds are used, final settlement amount may differ based on substitutions and final basket composition.
Failed payments may result in skipped deliveries, retry attempts, and temporary recurrence suspension.
Cancellation and modifications
You can modify or cancel recurring orders from profile settings before the published lock deadline for the next cycle.
Changes submitted after lock deadline may apply to a subsequent cycle and not to the already processing order.
We may suspend recurring plans in cases of fraud, policy abuse, security risk, or unresolved payment failures.
Payments, Pricing, and Billing Policy
Rules for pricing display, currency conversion, taxes, and payment processing. Effective date: April 5, 2026.
Pricing and taxes
Displayed prices may vary by currency, location, tax treatment, promotions, and delivery method.
Taxes and fees are calculated according to applicable law and shown at checkout before order placement where required.
Obvious listing or arithmetic errors may be corrected and affected orders may be cancelled as permitted by law.
Payment authorization and settlement
Payment providers may place pre-authorization holds to verify payment methods before final charge capture.
Final charge amounts may differ from initial estimates because of substitutions, quantity changes, taxes, or service fees.
Customers are responsible for ensuring sufficient funds and valid payment instruments for scheduled or one-time charges.
Chargebacks and disputes
If you believe a charge is incorrect, contact support promptly so we can investigate before initiating external disputes.
Fraudulent or abusive chargeback patterns may lead to account restrictions and additional verification requirements.
We may share required transaction evidence with payment processors and financial institutions to defend valid charges.
Product Information and Disclaimer Policy
Scope and limitations of product data, imagery, availability, and recommendation outputs. Effective date: April 5, 2026.
Content accuracy
We attempt to keep product descriptions, prices, stock, specifications, and imagery accurate and current.
Because supplier data and inventories change, product details may occasionally contain errors, omissions, or outdated values.
We reserve the right to correct product information and update listings without prior notice.
Substitutions and recommendation logic
If items become unavailable, replacements may be offered or auto-selected based on category and key characteristics rules.
Personalized recommendations are informational and may not fully reflect medical, dietary, or legal suitability for all users.
You remain responsible for reviewing final basket composition, ingredients, and restrictions before order confirmation.
No professional advice
Site content does not constitute medical, legal, tax, or financial advice and must not be used as a substitute for professionals.
Health-related products and wellness suggestions are not diagnoses, prescriptions, or treatment plans.
Consult qualified professionals for decisions involving health conditions, allergies, medication, or regulated goods.
Children and Minors Policy
Age restrictions and safeguards for children and minor users. Effective date: April 5, 2026.
Age requirement
Xcarty services are intended for users who can form binding agreements under applicable law in their jurisdiction.
Users under 18 should use the service only with active involvement and authorization of a parent or legal guardian.
Children under 13 are not permitted to create accounts where prohibited by applicable law.
Children data controls
We do not knowingly collect personal information from children in violation of applicable children privacy laws.
If we become aware of unauthorized children data collection, we take steps to remove such data and restrict access.
Parents or guardians may contact support to request review and deletion where applicable.
Parental responsibility
Parents and guardians are responsible for supervising account use, purchasing activity, and shared devices.
Account holders must prevent minors from submitting protected personal data without proper consent.
We may require verification when processing requests related to child privacy rights.
Acceptable Use Policy
Permitted and prohibited behavior for safe, lawful, and fair platform usage. Effective date: April 5, 2026.
Permitted use
You may use Xcarty only for lawful shopping, account management, and related personal or business purchasing workflows.
Use must comply with these policies, applicable laws, and rights of other users, merchants, and partners.
Any use causing security risk, system instability, or abuse of services may be limited or blocked.
Prohibited activity
You may not engage in fraud, identity misuse, account takeover, payment abuse, harassment, or illegal transactions.
You may not probe, scan, exploit, reverse engineer, or bypass security controls, authorization checks, or rate limits.
You may not automate account creation, manipulate rankings, or interfere with normal platform operations.
Enforcement
Violations may result in warning, content removal, throttling, transaction cancellation, suspension, or account termination.
Serious violations may be referred to law enforcement or regulators and pursued through civil legal remedies.
Enforcement decisions are made to protect users, platform integrity, and legal compliance obligations.
Intellectual Property and Brand Policy
Strict ownership and usage restrictions for all Xcarty content, code, and data assets. Effective date: April 5, 2026.
Ownership
All site content, software, page structure, branding, logos, graphics, product datasets, and recommendation architecture are protected.
Xcarty and licensors retain all copyrights, trademark rights, database rights, trade dress, and other intellectual property rights.
No ownership rights are transferred to users by accessing the site or purchasing products.
Limited license and no-copy rule
Users receive a limited, non-exclusive, revocable license for personal or internal purchasing use only.
Copying, downloading in bulk, republising, reselling, framing, mirroring, or creating derivative works is prohibited without written consent.
Use of any Xcarty content, data, or markup to train AI models, build datasets, or power external recommendation engines is prohibited.
Trademark and brand controls
Use of Xcarty names, logos, slogans, or visual identifiers in ads, domains, social pages, or metadata requires prior written permission.
Impersonation, confusingly similar marks, and unauthorized brand associations are prohibited.
Unauthorized brand use may trigger immediate takedown demands and legal enforcement.
Enforcement and remedies
We reserve rights to block access, demand deletion, issue legal notices, and seek injunctive relief for unauthorized copying or reuse.
Where allowed by law, we may recover damages, legal costs, and any profits derived from unauthorized use.
Repeated violations may result in permanent bans and referrals to relevant legal authorities.
Anti-Scraping and Automation Policy
Strict prohibition on unauthorized data extraction and automated access. Effective date: April 5, 2026.
Prohibited extraction and crawling
You may not scrape, crawl, index, harvest, or systematically extract any page content, metadata, feeds, or catalog data.
Automated scripts, bots, headless browsers, and emulators may not access services without explicit written authorization.
Collection of pricing, stock, product attributes, profile markers, or recommendation outputs for reuse is prohibited.
Technical and legal boundaries
Bypassing CAPTCHAs, authentication, rate limits, robots controls, or other technical protections is prohibited.
You may not use proxy rotation, identity masking, or distributed automation to evade platform restrictions.
Unauthorized automation may violate contract, anti-hacking, privacy, and intellectual property laws.
AI and dataset restrictions
Xcarty data and content may not be used to build, fine-tune, test, benchmark, or evaluate machine-learning systems.
No compilation of mirrored catalogs, embeddings datasets, or derivative databases from site content is permitted.
We reserve rights to block automated traffic and pursue immediate legal remedies for non-permitted data use.
Enforcement
Violations can result in IP blocks, account bans, API restrictions, takedown notices, and evidence preservation.
We may seek emergency injunctive relief to stop active extraction and demand deletion of copied datasets.
We may coordinate enforcement with infrastructure providers, hosting services, and legal authorities.
User Content and Reviews Policy
Rules for submitting ratings, reviews, media, and public-facing user content. Effective date: April 5, 2026.
Submission standards
User submissions must be lawful, accurate, non-deceptive, and must not infringe rights of third parties.
Content containing hate, harassment, malware, personal data leaks, fraud signals, or illegal material is prohibited.
We may remove or moderate content that violates policy, legal obligations, or platform safety requirements.
License to Xcarty
By posting content, you grant Xcarty a non-exclusive, worldwide, royalty-free license to host, display, and process that content.
License scope includes moderation, quality checks, anti-fraud analysis, and product experience improvements.
You represent that you own or control rights necessary to grant this license.
Enforcement and repeat violations
We may suspend posting rights, hide content, terminate accounts, and preserve records for legal and security investigations.
Users who repeatedly submit infringing or abusive content may be permanently removed from the platform.
Copyright complaints are handled under our DMCA policy procedures.
DMCA and Copyright Complaint Policy
Notice-and-takedown process aligned with U.S. copyright complaint handling expectations. Effective date: April 5, 2026.
Submitting a copyright notice
If you believe content on Xcarty infringes your copyright, submit a written notice with all legally required elements.
Your notice should identify the copyrighted work, infringing material location, contact details, and a good-faith statement.
Notices must include a statement under penalty of perjury and a physical or electronic signature.
Counter-notice process
Users who believe content was removed by mistake may submit a lawful counter-notice with required identification and statements.
Upon receiving a valid counter-notice, we may restore content if legal conditions are met and no court action is reported.
Abusive or fraudulent notices and counter-notices may result in account action and legal consequences.
Repeat infringer policy
Xcarty may terminate accounts of repeat infringers and block access where recurring validated infringement is observed.
We reserve rights to preserve logs and records for legal investigation and defense.
Nothing in this policy limits our right to pursue any additional legal remedy.
Copyright agent contact
DMCA email: legal@xcarty.com
Mail: Xcarty Legal, Copyright Agent, 500 Market Street, San Francisco, CA 94105, United States.
For faster handling, include URL, screenshot, timestamp, and a complete rights ownership explanation.
Accessibility Statement
Commitment to usable and inclusive digital experiences across devices and assistive technologies. Effective date: April 5, 2026.
Commitment and standards
We aim to provide an accessible experience for users with diverse abilities and assistive technology needs.
Our objective is alignment with recognized accessibility standards such as WCAG 2.2 AA where practical.
Accessibility is integrated into design, development, and QA workflows as an ongoing effort.
Known limitations and remediation
Some sections may temporarily include accessibility gaps due to active development or third-party integration constraints.
Reported barriers are prioritized by impact and tracked through remediation plans and release cycles.
We continuously review contrast, keyboard support, focus behavior, semantics, and responsive adaptation.
Accessibility support contact
If you encounter an accessibility barrier, contact support with page URL, device, browser, and assistive technology details.
We review reports promptly and provide practical workarounds whenever immediate fixes are not available.
Accessibility requests can be submitted through the Help Center.
California Privacy Rights Notice
Additional notice for California residents regarding rights and request workflows. Effective date: April 5, 2026.
California rights overview
California residents may have rights to know, access, correct, delete, and receive portability of personal information.
Where applicable, residents may opt out of sale or sharing of personal information and limit use of sensitive information.
We do not discriminate against users for exercising privacy rights as required by law.
How to submit requests
Requests can be submitted through support channels and may require identity verification for account protection.
Authorized agent requests are accepted with documentation required by law and anti-fraud safeguards.
We respond within statutory timelines and may extend where law permits with notice.
California-specific disclosures
This notice supplements our Privacy Policy and applies only to residents covered by California privacy law.
Category-level data practices, purposes, and recipient classes are described in the Privacy Policy and related notices.
For opt-out controls, use the Your Privacy Choices page.
Your Privacy Choices
User controls for targeted advertising and data sharing preferences where applicable. Effective date: April 5, 2026.
Available choices
Users may have the right to opt out of certain data sharing or targeted advertising activities under applicable law.
You may manage available controls through in-product preference tools and browser/device privacy settings.
Global privacy preference signals may be recognized where legally required and technically supported.
Scope and limitations
Opt-out choices may be browser-specific or device-specific unless tied to an authenticated account-level preference.
Some processing remains necessary for security, fraud prevention, basic analytics, service delivery, and legal compliance.
Preference changes may take time to propagate across service providers and advertising systems.
Need help
If controls are unavailable for your region or account state, contact support to submit a rights request.
We may require account verification to apply rights requests securely and prevent unauthorized changes.
This page supplements, and does not replace, full details in our Privacy Policy.
Interest-Based Advertising Policy
How ad personalization works and how to limit targeted advertising signals. Effective date: April 5, 2026.
How ad personalization works
We and partners may use device data, session context, and inferred interests to show potentially relevant advertising.
Personalization may use cookies, SDK identifiers, and event data depending on platform and consent/legal requirements.
We seek to avoid use of sensitive data for advertising in prohibited ways.
Opt-out controls
You can opt out through Your Privacy Choices, browser controls, mobile ad settings, and applicable industry tools.
Opt-out does not remove all ads; it reduces use of personalization signals for certain ad experiences.
Preference resets, device changes, or cookie deletion may require reconfiguration.
Partner accountability
Advertising partners are expected to follow contractual privacy, security, and legal requirements.
We may disable, limit, or replace partners that fail to meet compliance or trust standards.
For additional rights information, review California Privacy Rights Notice where relevant.
Health Privacy Policy
Handling of health-related preferences and wellness signals used for personalization. Effective date: April 5, 2026.
Data scope
Health-related data in Xcarty is primarily user-provided preference data used to improve shopping relevance.
We do not provide diagnosis, treatment, or clinical services, and site content is not medical advice.
Users should avoid submitting unnecessary medical details and should consult licensed professionals for medical decisions.
Use and protection
Health-related preferences are used for filtering, substitutions, and recommendation quality improvements.
Access to such data is restricted by role, operational need, and technical controls.
Data sharing is limited to service providers required to operate core services and subject to legal and contractual controls.
Important limitation
Unless explicitly stated otherwise, Xcarty is not acting as a covered entity or business associate under HIPAA for standard retail flows.
Users remain responsible for verifying ingredients, allergens, and product suitability before purchase.
For privacy rights requests, use general privacy channels.
California Supply Chain Transparency Statement
Disclosure regarding anti-slavery and anti-trafficking controls in supply chain operations. Effective date: April 5, 2026.
Verification
We evaluate supplier and partner risk signals related to forced labor, human trafficking, and labor-rights compliance.
Risk reviews may include onboarding questionnaires, contract representations, and available compliance records.
Higher-risk scenarios may trigger enhanced due diligence or supplier restrictions.
Audits and standards
Supplier compliance may be assessed through internal reviews and, where appropriate, independent audit procedures.
Contracts may require compliance with anti-trafficking laws and remediation steps when violations are identified.
Material violations may result in suspension, termination, or refusal to onboard suppliers.
Internal accountability and training
Relevant personnel are expected to follow procurement controls designed to reduce labor abuse risks.
Policy ownership includes periodic review of procurement controls and incident escalation channels.
This statement is published in support of applicable California transparency obligations.