This Privacy Policy explains how Qatalog ("we", "us"), operated from Cyprus (EU), collects, uses and protects personal data when you use our Service. We comply with the EU General Data Protection Regulation (GDPR).
- Account information: name, email, business name and business type provided at signup.
- Catalog content: sections, items, descriptions, images and prices you publish.
- Payment data: processed entirely by Stripe; we receive only metadata (plan, status, last 4 digits). We do not store full card numbers.
- Scan & analytics data: aggregated catalog scans, page views, popular items and order counts.
- Order & enquiry data: information your customers submit when contacting you through your catalog.
- Technical data: IP address, browser, device type and basic log data for security and reliability.
- To provide and operate the Service.
- To process subscriptions and Done-For-You payments via Stripe.
- To send essential transactional emails (account, billing, password reset, order notifications).
- To analyse usage and improve Qatalog.
- To prevent fraud, abuse and security incidents.
- Contract: to deliver the Service you have signed up for.
- Legitimate interests: to keep the Service secure and to improve it.
- Legal obligation: tax, accounting and regulatory record-keeping.
- Consent: where required (e.g. optional cookies or marketing emails).
We use the following processors, each bound by their own data protection terms:
- Supabase — database, authentication and file storage.
- Stripe — payment processing.
- Lovable Cloud — hosting and serverless backend.
- Resend — transactional email delivery.
We retain account and catalog data for as long as your account is active. After deletion, data is removed within a reasonable period (typically 30 days), except where retention is required by law (e.g. invoices). Backups are rotated regularly.
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Receive your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local Data Protection Authority.
Qatalog uses strictly necessary cookies for authentication and security, and may use limited analytics cookies to understand product usage. You can control non-essential cookies through your browser settings.
Some processors may store or process data outside the EU/EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
We use industry-standard encryption in transit, access controls and managed infrastructure. No system is 100% secure; please notify us immediately of any suspected breach.
To exercise any of your rights or ask a privacy question, email malai.andreim@gmail.com. We will respond within the time required by GDPR.