SuperCatalog

SuperCatalog — Privacy Policy

Effective date: January 1, 2025
Contact: privacy@supcat.store

2.1 Overview

This Privacy Policy explains how SuperCatalog collects, uses, and shares information when you use our website and seller dashboard. By using the Service, you agree to this Policy.

2.2 Data we collect

You provide: name, email, password/credentials, store profile, product content and images, contact links, and support messages.
Collected automatically: device/IP, basic usage logs, and limited analytics.
Media handling: images are uploaded and stored with cloud storage and may be compressed/optimized.
No checkout: we do not collect buyers' payment/card data for sellers' customers because purchases occur off‑platform.

2.3 Legal bases (EEA/UK)

  • Contract: to provide the Service (account, dashboard, hosting your catalog).
  • Legitimate interests: security, fraud prevention, abuse/throttling, service improvement.
  • Consent: where required for analytics/cookies.

2.4 How we use data

  • Provide, maintain, and improve the Service (e.g., store hosting, media handling, search, localization).
  • Security/abuse prevention (rate limiting, IP bans, logging/monitoring).
  • Communicate with you (service emails, support).
  • Analytics to understand usage (aggregate).

2.5 Subprocessors / third parties

We use trusted providers to operate the Service, for example: Supabase (database/auth/storage), Cloudinary (media storage/optimization), Google Analytics (usage analytics), and mapping libraries (Google Maps/Leaflet) for optional store location display. We share only what's needed for each service, under data processing terms.

A current list of subprocessors is available upon request at privacy@supcat.store.

2.6 Cookies & analytics

We use minimal first‑party cookies/technologies required for operation, and Google Analytics may set cookies or use similar technologies to provide anonymized/aggregated reports. You can control cookies via your browser settings; EU/EEA users will see a consent prompt where required.

2.7 Data retention

  • Operational logs: up to 12 months unless needed longer for security/legal reasons.
  • Backups: typically 30–90 days.
  • Account/store data: kept while your account is active; after cancellation and the 14‑day grace + ~3 months, we may delete or archive your data unless law requires otherwise.

2.8 International transfers

Where data is transferred internationally (e.g., to EU/US cloud providers), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and equivalent mechanisms.

2.9 Your rights

Depending on your region, you may request access, correction, export, or deletion of your personal data by emailing privacy@supcat.store. If you do not make a deletion request, we may perform account cleanup after 12 months of inactivity following the timelines above.

2.10 Children

We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us and we will delete it.

2.11 Security

We use encryption in transit (HTTPS), access controls/least privilege, rate limiting, IP blocking/bans, file upload limits (e.g., 10 MB), weekly cleanup jobs, logging/monitoring, and regular updates. No method is 100% secure.

2.12 Changes

We may update this Policy. We will post the new version with a new effective date and, for material changes, provide prior notice where required.

Contact

  • General & support: info@supcat.store
  • Privacy/Data: privacy@supcat.store
  • Legal: legal@supcat.store
  • Address: North Asira, Nablus, West Bank, Palestine