Privacy Policy
Last updated: February 1, 2026
1. Who we are
CatalogRelay ("we", "us", "our") is an e-commerce product feed management platform operated by the CatalogRelay team. Our service is available at catalogrelay.com and the application at app.catalogrelay.com.
For privacy-related questions, contact us at: privacy@catalogrelay.com
2. What data we collect
Account data: name, email address, company name (optional), and billing information when you subscribe to a paid plan. Billing data is processed by Stripe and never stored on our servers.
Product data: supplier feed URLs, raw feed contents, normalized product data, and export configurations that you provide to operate the service. This data is processed solely to provide the service and is never shared with third parties.
Usage data: import and export run logs, error messages, and usage metrics (number of products, sync frequency) used to enforce plan limits and improve the service.
Technical data: IP addresses, browser type, and access logs collected automatically when you use the service. Retained for security purposes for 90 days.
3. How we use your data
- To provide and operate the CatalogRelay service
- To process billing and manage your subscription via Stripe
- To send transactional emails (account confirmation, billing receipts, sync failure alerts)
- To enforce plan limits and detect abuse
- To improve the service based on aggregate usage patterns
- To comply with legal obligations
We do not sell your data to third parties. We do not use your product data for any purpose other than providing the service.
4. Legal basis (GDPR)
For users in the European Economic Area, we process personal data on the following legal bases:
- Contract performance: processing necessary to provide the service you signed up for
- Legitimate interests: security monitoring, fraud prevention, and service improvement
- Legal obligation: where required by applicable law
- Consent: for marketing emails (you can unsubscribe at any time)
5. Data storage and security
Your data is stored on servers located in the EU (Hetzner Cloud, Germany). We implement industry-standard security measures including encryption at rest and in transit (TLS 1.3), database access controls, and automated daily backups.
Access to production data is restricted to authorized personnel and protected by multi-factor authentication.
6. Third-party services
We use the following sub-processors:
- Stripe — payment processing (EU data center)
- Hetzner Cloud — server infrastructure (EU data center)
- Cloudflare — CDN, DDoS protection, DNS
- Sentry — error tracking (EU data center)
7. Data retention
We retain your account data for as long as your account is active. After account deletion, personal data is removed within 30 days. Product data (supplier feeds, normalized catalogue) is deleted immediately on account closure. Billing records are retained for 7 years as required by EU tax law.
8. Your rights (GDPR)
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to processing
- Data portability (receive your data in a machine-readable format)
- Lodge a complaint with your national data protection authority
To exercise any of these rights, email us at privacy@catalogrelay.com.
9. Cookies
The marketing site (catalogrelay.com) does not use tracking cookies or analytics. The application (app.catalogrelay.com) uses session cookies strictly necessary for authentication. No third-party advertising or analytics cookies are placed on your device.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified via email to account holders at least 30 days before they take effect. The date of the last update is shown at the top of this page.