Contact us at privacy@catalogy.com with any inquiry regarding this privacy policy.
At Catalogy, we recognize that the privacy and security of your information are essential to building trust with our business clients. As a digital publishing platform dedicated to helping companies design, share, and track interactive catalogs, we are committed to protecting the personal and business data entrusted to us. We implement industry-standard security measures, including strong encryption protocols, secure data transmission, and continuous monitoring of our systems, to safeguard your information from unauthorized access or disclosure. Our infrastructure and policies are designed to ensure data accuracy, maintain confidentiality, and allow only authorized use of the information we collect.
All public information associated with your account can be viewed on your company’s public profile, including your unique URL and any catalogs published publicly through Catalogy. If you do not wish for certain details, such as your company name or catalog links, to be displayed on your public profile, you have the option to adjust your workspace settings accordingly.
You are solely responsible for the information you choose to make public, as well as for the content of the catalogs you distribute. We strongly recommend that sensitive or internal materials be published privately or shared only with selected recipients, rather than made publicly available.
Whenever you update your public information in Catalogy, these changes will be automatically reflected on your profile and in any previously published materials.
In addition to displaying your public profile and catalogs on Catalogy, we also provide technologies such as API integrations and embed options that allow you to make your catalogs accessible on other websites or platforms. These features are designed to support your business distribution strategy and are not accessible to other publishers or unrelated visitors on Catalogy.
At Catalogy, user accounts are created and managed by our team. You will receive login credentials, consisting of an email address and a username, which allow you to securely access the platform. Unlike traditional sign-up processes, you do not create your own account; instead, you are invited to join a company account already established within Catalogy.
We use your email address and username to authenticate your account, maintain its security, and protect against fraud, abuse, or unauthorized access. Your email address also serves as the primary means of communication for service updates and account-related information. If your login details require modification, you can request changes through your company administrator or by contacting our support team.
When filling out our contact form, you may also be asked to provide information such as your name, surname, company name, industry, and, optionally, a telephone number. This information is used exclusively for account setup, customer support, and business communication, helping us to better understand and respond to your company’s needs.
All authentication credentials are stored securely. Passwords, where applicable, are encrypted using industry-standard non-reversible hashing algorithms to ensure that they cannot be copied or disclosed, even in the unlikely event of a security incident.
Catalogy does not provide the option to sign up through third-party accounts such as Google or Facebook. Access is restricted to authorized users who are explicitly invited to join through their company’s account.
If you contact us by email, live chat, or through the contact form, we will retain your contact details and message in order to respond appropriately and ensure continuity of support.
When subscribing to Catalogy’s services, payment is managed directly through our team. You may be asked to provide payment details in order to complete the subscription process. Catalogy does not store sensitive payment information, such as debit or credit card numbers, CVV codes on our databases or servers. Instead, all payment details are securely processed and stored by our trusted payment providers, such as Stripe which handle recurring subscription payments on our behalf.
For invoicing purposes, we may retain your billing address and, where necessary, limited details such as the card’s expiration date. This allows us to notify you if your payment method is about to expire and helps us ensure continuity of service without interruption.
If you wish to update your billing information or deactivate recurring payments, you can make this request directly to our team. Once received, your request will be securely processed through our payment providers, and recurring charges will be stopped accordingly.
In addition to the information you provide directly, either by entering it on our platform or by uploading content, Catalogy also collects and receives certain data through technology to ensure the proper operation, security, and improvement of our services. All information we collect or track is used strictly for service functionality and performance. We do not sell your data. We only share information with trusted third-party providers (as listed in this Privacy Policy under Third-Party Service Providers) when necessary to operate our services or when required by law.
A cookie is a small text file stored on your device, allowing our systems to recognize your browser and remember previous sessions. Catalogy uses cookies to deliver personalized experiences, maintain session authentication, and collect analytics on site usage. Cookies cannot spread viruses, harm your device, or access personal information such as your email address without your intervention. You can configure your browser to alert you when cookies are used and to choose whether to accept or refuse them. In addition to cookies, we may use small pieces of code such as web beacons or clear GIFs to monitor activity on our website.
We may collect approximate location information, such as country, derived from your IP address and device settings. This information helps us secure our services, prevent fraud, and in some cases personalize messages or features based on region.
To maintain service quality, Catalogy tracks how you interact with our platform, including the links you click on our website, blog, help center, emails, ads, and live chat. This data allows us to understand usage patterns, enhance user experience, and provide relevant communications.
Every time you interact with our site or platform, Catalogy may collect log data, even if you do not hold an active account. Log activity may include browser type, operating system, device information, IP address, referring pages, pages visited, search terms, chat activity, date, time, and duration of sessions. We analyze this information to ensure secure and reliable system performance, prevent abuse, and continuously improve our platform.
When you view a catalog integrated on a third-party website through an embed code or a white-labeled URL, Catalogy may receive log data about your activity, such as pages visited, session duration, and interactions with the embedded catalog. This data does not contain personally identifiable information and is reported in aggregate. It is made available directly in the publisher’s account under statistics and, for premium users, through Google Analytics integration. This information is valuable to business users, as it helps them measure engagement and optimize marketing strategies.
Metadata provides additional details about content or files you upload, such as the creation date, file type, geolocation, or technical device specifications. For example, if you upload an image or document, it may include metadata about when and where it was created. Catalogy does not alter or remove metadata from uploaded files, but you can delete or edit this information before uploading if you prefer to keep it private.
As a responsible Service, we do not use any automated decision-making or profiling.
If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), all processing activities undertaken by Catalogy regarding your personal data are carried out in accordance with applicable European laws and regulations, including the General Data Protection Regulation (GDPR). The GDPR governs how Catalogy may process your information and outlines your rights in relation to it.
Catalogy processes personal data only where a valid legal basis exists:
If you require clarification regarding the provision of personal data—whether it is legally required, contractually necessary, or essential for using Catalogy—please contact our Data Protection Officer at privacy@catalogy.com.
Catalogy is a business-to-business platform and is not intended for use by children. Our services are designed for companies and organizations that create and distribute digital catalogs for professional purposes.
In the event that educational institutions such as universities or schools choose to use Catalogy, they are fully responsible for ensuring compliance with applicable data protection laws, including the collection of necessary parental or guardian consent before allowing children to access the platform. Catalogy does not implement features or mechanisms for tracking student activity beyond what is strictly necessary to provide the service.
Catalogy does not knowingly collect personal data from children under the age of 16. If we become aware that personal information has been collected from a child without appropriate authorization, we will promptly delete such data. Educational institutions that manage student accounts are granted full control over student information and may exercise their rights by contacting us at privacy@catalogy.com. To protect children’s privacy, Catalogy will use reasonable measures to verify the identity of any institution before granting access to student data.
Catalogy does not process student data for any other purpose than providing the service, and upon termination of an educational account, all related information is permanently deleted, including data held by sub-processors.
All data collected on Catalogy is kept safe and secure. We will not make public any private information or content that you publish privately on our platform. However, we may disclose certain personal data to carefully selected and reliable third-party service providers (processors) solely for the purpose of operating and improving our services. These providers support us with activities such as data hosting, storage, database management, web analytics, payment processing, customer support tools, and platform functionality improvements.
These third parties have access to your information only to perform these tasks on our behalf, under strict contractual obligations, and in compliance with requirements equivalent to those described in this Privacy Policy. They are not permitted to use your data for their own purposes.
If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), please note that some of the personal data we collect may be transferred to and processed in countries outside the EEA. Certain providers are certified under the EU–U.S. Data Privacy Framework, while others are subject to appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission. Catalogy takes all necessary steps to ensure that such transfers comply with applicable data protection laws and that your information remains protected at all times.
We follow a principle of data minimization and share only the information strictly necessary for the functioning of our services. When you request deletion of your account, we initiate a process to remove your data from all third-party processors wherever technically possible. In some cases, it may not be feasible to individually remove specific records if the data is used in aggregate form for research, statistics, or is required for accounting and compliance purposes.
We use trusted third-party service providers from the USA, UK, EU, and other regions to help us operate, maintain, and improve the Catalogy platform. These providers act as data processors on our behalf, with access limited to the information necessary to perform their specific tasks, under strict confidentiality and security obligations.
Development – Catalogy is developed and maintained by Smartware SRL, whose employees may have controlled access to certain user data strictly for the purpose of operating, maintaining, and updating the service, providing support, and ensuring platform stability. Employee access is monitored and restricted to what is necessary.
Analytics – To better understand the use of our platform, we use analytics tools such as Google Analytics and Microsoft Clarity. These tools collect information including IP address, device type, operating system, browser, location, pages visited on our site, and user interactions such as clicks, movements, or session duration. This helps us monitor performance and improve the user experience.
Advertising – To deliver interest-based advertising and measure the effectiveness of campaigns, we may use Google Ads, Bing Ads, and Facebook Ads. These platforms collect information about site visits and interactions through cookies, tracking pixels, and tags, including via Google Tag Manager. You may opt out of targeted advertising by managing your preferences directly on Google or Facebook, though you will still see generic ads.
CRM and Email Providers – Our business email accounts are hosted through Google Workspace (G Suite). We send automated transactional emails such as registration confirmations or payment receipts via Mailgun, which processes recipient email addresses for this purpose.
Payment Processors and Reporting – Payments are securely processed by Stripe, which manages transactions and helps detect and prevent fraudulent activity. For financial reporting and subscription analytics, we use ChartMogul, which has access to order data from Stripe but does not store or process credit card details.
Server Storage and Management – All data collected by Catalogy, including user-generated content, is hosted on Amazon Web Services (AWS). AWS provides secure storage, redundancy, and backup infrastructure in compliance with international security standards.
AI-based Functionalities – For certain features, Catalogy may integrate OpenAI technology, which may process user inputs in order to provide enhanced functionality such as text generation or catalog enrichment. Any data shared with OpenAI is limited to the extent required to provide the requested functionality.
Other than the service providers listed above and except as otherwise explained in this Privacy Policy, Catalogy does not transfer personal data to unrelated third parties without your consent.
If all or part of Catalogy is sold, merged, or transferred to another entity, the personal information you have provided to us may be included as part of that transaction. In such cases, we will take all reasonable steps to ensure that your personal information continues to be protected and is processed in accordance with the principles set out in this Privacy Policy.
You will be informed in a timely manner about any such business transfer. Before the transfer takes place, you will have the opportunity to exercise your rights, including the right to limit the amount of information shared or to request the deletion of your personal data prior to its transfer to the new entity.
If all or part of Catalogy is sold, merged, or transferred to another entity, the personal information you have provided to us may be included as part of that transaction. In such cases, we will take all reasonable steps to ensure that your personal information continues to be protected and is processed in accordance with the principles set out in this Privacy Policy.
You will be informed in a timely manner about any such business transfer. Before the transfer takes place, you will have the opportunity to exercise your rights, including the right to limit the amount of information shared or to request the deletion of your personal data prior to its transfer to the new entity.
We will retain your personal data for as long as necessary to provide you with access to the Catalogy platform and to fulfill our contractual and legal obligations. However, you retain full rights under applicable data protection laws to access, update, manage, restrict, or request deletion of the personal data associated with your account.
Personal account information can be updated by contacting your company administrator or by submitting a request to our support team. You may also contact us at any time to inquire whether we process your personal data and to request access to such data. At your request, we will rectify any inaccurate personal data within 30 days, subject to reasonable verification of your identity.
We retain your personal data for as long as your company’s account remains active. If your company or administrator requests termination of an account, we will delete associated personal data from our systems and from our third-party processors within 30 days, unless retention is required by law (for example, for tax or compliance purposes). Please note that once an account is deleted, all content stored under it (including catalogs) will also be removed, and this process is irreversible. Aggregated, non-personal information (such as statistical usage reports) may be retained for business purposes, but this data does not identify individuals.
You may opt out of receiving marketing communications at any time by using the unsubscribe link included in our emails. However, we will continue to send you essential service-related communications, such as account notifications, subscription status updates, or security alerts.
You may disable cookies through your browser settings at any time. Please note that some features of Catalogy may not function properly without cookies. To opt out of Google Analytics tracking on our website, you may use the Google Analytics opt-out tool.
You may disable cookies through your browser settings at any time. Please note that some features of Catalogy may not function properly without cookies. To opt out of Google Analytics tracking on our website, you may use the Google Analytics opt-out tool.
You may request a copy of the personal data we hold about you or ask us to provide such data in a portable format. Depending on your role within your company account, we may need to verify your request with your administrator before providing access. Requests will be fulfilled within 30 days.
When companies use Catalogy to create and distribute catalogs, they may collect personal information from catalog viewers (for example, through analytics or embedded forms). In such cases, the company acts as the Data Controller and Catalogy acts as the Processor. Catalogy processes such data strictly in accordance with the company’s instructions and does not use it for its own purposes. If you are a viewer of a catalog and wish to exercise your data rights, please contact the company that shared the catalog with you. If you contact us directly, we will forward your request to the appropriate company.
Personal data, including information collected in the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), may be stored and processed by Catalogy or by our trusted affiliates, agents, and third-party service providers in other countries. By using our platform or disclosing information to us, you acknowledge that your personal data may be transferred outside your country of residence.
To ensure that personal data transferred outside the EEA is adequately protected, Catalogy relies on the European Commission’s Standard Contractual Clauses (SCCs), which are incorporated into our Data Processing Addendum. These clauses provide a lawful basis for such transfers and safeguard the rights of individuals in accordance with applicable data protection legislation.
Catalogy participates in and adheres to the principles of the EU–U.S. Data Privacy Framework (EU–U.S. DPF), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. Data Privacy Framework (Swiss–U.S. DPF) with respect to the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States.
If you have a Data Privacy Framework–related complaint, please contact us at privacy@catalogy.com. We will investigate and attempt to resolve any complaints in accordance with the principles of the Framework. If we cannot resolve your complaint directly, you may refer it to your local Data Protection Authority (DPA) as an independent dispute resolution mechanism. Under certain conditions, as described on the official Data Privacy Framework website, you may also be entitled to invoke binding arbitration when other remedies have been exhausted.
Catalogy is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In some circumstances, Catalogy may be held liable for the onward transfer of personal data from the EU, UK, or Switzerland to third parties outside these regions. If there is any conflict between the terms in this Privacy Policy and the EU–U.S. DPF Principles and/or the Swiss–U.S. DPF Principles, the Principles shall govern.
If you have questions or require assistance regarding any information contained in this Privacy Policy, please contact our Data Protection Officer at privacy@catalogy.com or write to us by mail at Catalogy, Attn: Privacy Policy Inquiry, 37310 Ruth Dr, Sterling Heights, Michigan, 48312-1977, USA.
If you are located in the European Union, you may also contact our appointed representative, SC Smartware SRL, with registered address at Saldabagiu de Munte, str. Petofi Sandor, nr. 345, Comuna Paleu, jud. Bihor, 417167, Romania, by email at privacy@catalogy.com.
Alternatively, you always have the right to raise a concern with your local supervisory authority.
This section applies only if you are a resident of California. As a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights apply even where Catalogy collects personal information in a business-to-business context, such as the details of company representatives who use our services.
This Privacy Policy describes the categories of personal information we collect, the sources from which the information is obtained, and the purposes of collection. For details, please refer to Section 1 – Data We Collect and Its Intended Use.
Catalogy does not sell your personal information within the meaning of the CCPA/CPRA. We may share your information with trusted third-party service providers strictly for the purposes described in Section 2 – Who Gets Access to Your Data and Why.
As a California resident, you have specific rights under CCPA/CPRA, including the right to request access to the personal information we collect about you, the right to request deletion of your personal information (subject to certain exceptions), and the right to request information about how we use and disclose your data. You also have the right to correct inaccurate personal information and to limit the use of sensitive personal information where applicable.
We will not discriminate against you for exercising your privacy rights. However, in order to protect your personal data, we may need to authenticate your request using the email address associated with your Catalogy account or by verifying your identity through your company administrator. You may also designate an authorized agent to make a request on your behalf, provided we receive written authorization from you.
If you have any questions regarding this Privacy Policy or if you wish to exercise your rights under the CCPA/CPRA, please contact us at privacy@catalogy.com.
We may update this Privacy Policy from time to time. If we make any significant or material changes, we will notify you by posting a notice in a prominent place on our website and/or by sending an email to the address associated with your account. We encourage you to periodically review this Policy and our website for the latest updates. By continuing to access and use our services after being notified of such changes and once they become effective, you agree to be bound by the revised Privacy Policy.
Questions or comments regarding this Privacy Policy should be sent by email to privacy@catalogy.com or by mail to Catalogy, 37310 Ruth Dr, Sterling Heights, Michigan, 48312-1977, USA.