Privacy Policy

Provided directly. The Shopify store URL you enter, products you select, and template customizations you choose. If you contact us, the contents of your message and your email address.

Collected automatically. Standard server logs (IP address, user agent, timestamps), aggregate usage metrics, and error diagnostics needed to operate the Service.

From third parties. Product data fetched from the public Shopify storefront you query. Payment metadata from our billing provider when you subscribe to a paid plan (we never see full card numbers).

• Render PDFs, line sheets, and flipbooks you request.
• Operate, secure, and improve the Service.
• Respond to support requests and legal notices.
• Bill paid plans and prevent fraud or abuse.

We do not sell personal data. We do not use your product data or generated catalogs to train machine-learning models.

Wizard state lives in your browser's localStorage and never reaches our servers unless you explicitly generate a hosted flipbook. Hosted flipbook PDFs are stored in a public Storage bucket with unguessable URLs and are deleted automatically after 24 hours (free tier) or per your plan's retention setting. Server logs are retained for up to 30 days.

We share information only with service providers that help us operate the Service: hosting (Vercel, Fly.io), object storage (Supabase), and payment processing. These providers are contractually limited to using data on our behalf. We also disclose information when required by law or to protect rights, property, or safety.

The marketing site uses minimal first-party cookies for essential functionality. We do not use cross-site advertising cookies. If we add analytics, it will be a privacy-respecting, cookie-less tool, and we will update this policy.

Our infrastructure is operated globally. By using the Service you understand that your information may be processed in countries other than your own, including the United States and the European Union. We rely on standard contractual clauses where required.

Depending on your jurisdiction (including GDPR and CCPA), you may have the right to access, correct, delete, or export personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, email privacy@catalogkit.app. We will respond within 30 days.

We use industry-standard safeguards: TLS in transit, encrypted storage at rest, least privilege access, and short-lived credentials. No system is perfectly secure; we cannot guarantee absolute security, but we will notify affected users of any confirmed breach without undue delay.

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy. Material changes will be announced on this page with a new effective date.

Privacy questions or requests: privacy@catalogkit.app.