Last updated: April 2025 · Effective: April 2025
This Privacy Policy describes how CatalogTree collects, uses, and protects information about you when you use our platform. By using CatalogTree, you agree to the collection and use of information as described in this policy.
CatalogTree ("we", "us", "our") is a product operated by CatalogTree Technologies. We provide an online storefront platform at catalogtree.co and catr.ee. Our registered contact email is privacy@catalogtree.co.
When you sign up and use CatalogTree, we collect:
Account data: Your name and email address, provided via Google Sign-In through Supabase authentication.
Store data: Your store name, slug, WhatsApp number, bio, logo image, and business information you enter in your dashboard.
Product data: Product names, descriptions, prices, images, and category information you create in your catalog.
Payment account data: Your Razorpay account ID or Stripe account ID when you connect a payment gateway. We do not store your full Razorpay or Stripe credentials — these are held by Razorpay and Stripe respectively.
Usage data: Page view counts for your storefront (stored as daily aggregates). We do not track individual visitor identities.
Device data: Standard server logs including IP address, browser type, and referring URL, retained for up to 30 days for security and debugging.
We use your data solely to provide, maintain, and improve CatalogTree. Specifically:
·To create and manage your account and store
·To display your products on your public storefront (catr.ee/yourslug or your custom domain)
·To process payments through your connected Razorpay or Stripe account
·To send transactional emails (account confirmations, payment receipts) via Resend
·To aggregate anonymous analytics for your store dashboard
·To investigate security incidents and prevent abuse
We do not sell your personal data. We share data only with the following sub-processors, each governed by their own privacy policies:
Supabase (Supabase Inc.): Database hosting and authentication. All data is stored on Supabase infrastructure.
Google OAuth: Used for Sign-In only. We receive your name and email from Google when you authenticate.
Razorpay (Razorpay Software Pvt. Ltd.): If you connect a Razorpay account, your store's payment transactions flow directly between your customers and your Razorpay account.
Stripe (Stripe, Inc.): If you connect a Stripe account, payment data flows directly between your customers and your Stripe account.
Resend (Resend Inc.): Transactional email delivery for order and billing notifications.
Vercel (Vercel Inc.): Application hosting and edge CDN.
Cloudflare (Cloudflare, Inc.): DNS verification for custom domains.
When your customers place orders through WhatsApp, order details are transmitted directly via WhatsApp and never stored on our servers.
When customers pay through your connected Razorpay or Stripe account, their payment data is handled entirely by Razorpay or Stripe respectively under their privacy policies. CatalogTree does not receive or store customer payment card details.
You are responsible for informing your customers about how their data is handled when they interact with your storefront.
We retain your account and store data for as long as your account is active. If you delete your account, we delete your store data within 30 days, except for data we are legally required to retain (e.g., billing records for 7 years as required under Indian law).
Product images are stored in Supabase Storage and are deleted when you delete the corresponding product or account.
Under the Digital Personal Data Protection Act, 2023 (India) and applicable privacy laws, you have the right to:
·**Access:** Request a copy of the personal data we hold about you
·**Correction:** Request correction of inaccurate data
·**Erasure:** Request deletion of your account and associated data
·**Portability:** Request an export of your store data in a standard format
·**Withdraw consent:** Disconnect third-party integrations (Razorpay, Stripe) at any time from your dashboard
To exercise any of these rights, email privacy@catalogtree.co. We will respond within 30 days.
We use only strictly necessary cookies:
·**Supabase session cookie:** To keep you logged in to your dashboard. No tracking or advertising cookies are used.
We do not use third-party analytics cookies, advertising pixels, or any cross-site tracking.
We implement industry-standard security measures including HTTPS everywhere, row-level security (RLS) on all database tables, and regular security reviews. However, no internet service can guarantee absolute security. If you discover a security vulnerability, please email security@catalogtree.co.
CatalogTree is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If we become aware that a child has provided us with personal data, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. Your continued use of CatalogTree after changes take effect constitutes acceptance of the updated policy.
For privacy-related queries, data requests, or complaints:
Email: privacy@catalogtree.co
Website: catalogtree.co
We aim to respond to all privacy requests within 30 days.