GDPR and CCPA Compliance Statement

Last updated: March 2026

CatalogIQ is committed to protecting the privacy and rights of merchants and their customers. This statement outlines how the App aligns with the requirements of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Data We Process

CatalogIQ processes only the information required to provide catalog management features within your Shopify store. This includes:

  • Shop domain and store metadata
  • Product and variant information
  • Metafields and definitions
  • Operational logs related to bulk edits, sync jobs, and visibility updates

CatalogIQ does not collect or store customer-level personal data unless explicitly required by a feature you enable.

Legal Basis for Processing (GDPR)

Under GDPR, CatalogIQ processes data based on:

  • Contractual necessity to provide the App's core functionality
  • Legitimate interest to maintain security, performance, and reliability
  • Consent when required for optional features

Merchant Rights Under GDPR

Merchants located in the EU/EEA have the right to:

  • Access the data CatalogIQ stores about their shop
  • Request correction or deletion of stored information
  • Withdraw consent for optional features
  • Request a copy of their data in a portable format

Requests can be submitted by contacting us at support@catalogiq.app.

Consumer Rights Under CCPA

CatalogIQ does not sell or share personal information for advertising or marketing. For merchants subject to CCPA, the App supports:

  • Right to Know transparency about what data is processed
  • Right to Delete removal of stored shop data upon request
  • Right to Non-Discrimination no penalties for exercising rights

Data Storage and Security

CatalogIQ uses Amazon Web Services (AWS) for secure hosting and storage. Protections include:

  • Encrypted access tokens (AWS KMS)
  • Secure storage in DynamoDB
  • HTTPS for all communication
  • IAM least-privilege access controls

Data Retention and Deletion

Data is retained only as long as necessary to operate the App. When you uninstall CatalogIQ:

  • Shopify revokes our API access immediately
  • Stored shop data and cached catalog information are removed within a reasonable timeframe

International Transfers

CatalogIQ may process data in the United States or other AWS regions. All transfers comply with applicable data protection laws.

Contact

For GDPR or CCPA inquiries, contact us at:
support@catalogiq.app