PRIVACY POLICY

Last updated: February 11, 2026

  1. DATA CONTROLLER

    • Name: 99global SASU
    • Address: 60 Rue François 1er, 75008 PARIS, France
    • Email: contact@catalogr.xyz

  2. DATA COLLECTED

    Identification data

    • Email: Authentication and communication
    • User ID: Technical identifier (UUID)

    Connection data

    • IP address: Security and abuse prevention
    • User-Agent: Fraud attempt detection
    • Tokens: SHA-256 hash (15 minutes)
    • Timestamps: created_at, used_at, expires_at

    Usage data

    • Plan: free / starter / pro
    • Quotas: rows_used per period
    • Files: Uploaded XLSX, generated CSV and JSON
    • Jobs: statuses, marketplaces, metrics, technical errors

  3. PURPOSES

    Purpose Legal basis Data
    Authentication Contract performance Email, tokens
    Service delivery Contract performance Files and jobs
    Billing Legal obligation Plan, quotas
    Security Legitimate interest IP, User-Agent
    Support Legitimate interest Technical errors

  4. RETENTION

    Data Duration Reason
    EmailAccount lifetimeService
    Active tokens15 minutesSecurity
    Files30 daysReprocessing
    Results30 daysDownload
    Metrics1 yearAnalytics
    IP logs90 daysSecurity
    Accounting data10 yearsLegal obligation

    After account deletion: retained for 30 days, then permanently deleted.

  5. RECIPIENTS

    • Hosting provider: Digital Ocean (EU)
    • Email service: Mailgun (EU / USA)
    • Amazon SP-API: GTIN codes submitted by the user, for GTIN to ASIN resolution.

    No data resale.

  6. DATA TRANSFERS OUTSIDE THE EU

    • Amazon SP-API (USA)
    • Mechanism: Standard Contractual Clauses
    • Data: GTIN codes only

  7. YOUR RIGHTS

    • Access
    • Rectification
    • Erasure
    • Portability
    • Objection
    • Restriction

    Contact: privacy@catalogr.xyz
    Response time: up to 1 month

  8. SECURITY

    • HTTPS / TLS 1.3
    • SHA-256 hashing
    • Rate limiting
    • Firewall and intrusion protection
    • Encrypted backups

  9. COOKIES

    • Strictly necessary session cookie
    • Duration: browser session
    • Purpose: authentication

    No third-party analytics cookies.

  10. MINORS

    Service prohibited for users under 16 years old.

  11. COMPLAINT

    CNIL
    3 Place de Fontenoy
    75334 Paris Cedex 07
    https://www.cnil.fr/

  12. CONTACT

    DPO email: privacy@catalogr.xyz
    Response: 48 business hours

Effective date: February 11, 2026