PRIVACY POLICY

Last updated: February 11, 2026

  1. DATA CONTROLLER

    • Name: 99global
    • Address: 60 Rue François 1er, 75008 Paris, France
    • Email: contact@catalogr.xyz

  2. DATA COLLECTED

    Identification data

    • Email: Authentication and communication
    • User ID: Technical identifier (UUID)

    Connection data

    • IP address: Security and abuse prevention
    • User-Agent: Fraud attempt detection
    • Tokens: SHA-256 hash (15 minutes)
    • Timestamps: created_at, used_at, expires_at

    Usage data

    • Access status: beta access and usage limits
    • Quotas: GTINs processed per period
    • Files: Uploaded XLSX and generated output files
    • Jobs: statuses, marketplaces, metrics, technical errors

  3. PURPOSES

    Purpose Legal basis Data
    Authentication Contract performance Email, tokens
    Service delivery Contract performance Files and jobs
    Usage enforcement Legitimate interest Usage limits and quota data
    Security Legitimate interest IP, User-Agent
    Support Legitimate interest Technical errors

  4. RETENTION

    Data Duration Reason
    EmailAccount lifetimeService access
    Active tokens15 minutesAuthentication security
    Uploaded files30 daysProcessing and re-download
    Generated outputs30 daysDownload and re-download
    Job metadata and technical logs12 monthsService monitoring and abuse prevention
    IP logs90 daysSecurity

    After account deletion: uploaded files and generated outputs may remain available for up to 30 days, then are permanently deleted.

  5. RECIPIENTS

    • Hosting provider: Digital Ocean (EU)
    • Email service: Mailgun (EU / USA)
    • Amazon SP-API: GTIN codes submitted by the user, for GTIN to ASIN resolution.

    No data resale.

  6. DATA TRANSFERS OUTSIDE THE EU

    • Some service providers may process limited technical data outside the European Union
    • Where applicable, appropriate safeguards such as Standard Contractual Clauses are used
    • Amazon SP-API requests may involve transmission of GTIN identifiers for catalog resolution

  7. YOUR RIGHTS

    • Access
    • Rectification
    • Erasure
    • Portability
    • Objection
    • Restriction

    Contact: privacy@catalogr.xyz
    Regulatory response time: up to 1 month

  8. SECURITY

    • HTTPS / TLS 1.3
    • SHA-256 hashing
    • Rate limiting
    • Firewall and intrusion protection
    • Encrypted backups

  9. COOKIES

    • Strictly necessary session cookie
    • Duration: browser session
    • Purpose: authentication

    No third-party analytics cookies.

  10. MINORS

    Service prohibited for users under 16 years old.

  11. COMPLAINT

    CNIL
    3 Place de Fontenoy
    75334 Paris Cedex 07
    https://www.cnil.fr/

  12. CONTACT

    DPO email: privacy@catalogr.xyz

Effective date: February 11, 2026