Compliance & Stateless Architecture

Caracal Lite is engineered under a privacy-first execution model.

The system is designed to operate without data persistence, user profiling, or cross-session identifiers.

Stateless Execution Model

Caracal Lite executes exclusively within volatile client-side memory.

The engine:

• Does not persist data in local storage
• Does not set cookies
• Does not create tracking identifiers
• Does not maintain server-side sessions
• Does not transmit runtime data to external endpoints for processing

All operational state exists only within the active browser session and is discarded upon termination.

No customer personal identifiable information (PII) is accessed, stored, or transmitted by the engine.

Regulatory Alignment

Because Caracal Lite does not collect or process personal data, its operational model is structurally aligned with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• VCDPA (Virginia Consumer Data Protection Act)

Compliance obligations remain subject to merchant implementation and broader storefront configuration.

Caracal Lite does not introduce additional data processing responsibilities.

Security Standards