Catalog Intake Privacy Policy

Last updated: May 19, 2026

Catalog Intake helps Shopify merchants convert vendor files, product sheets, packing slips, images, and other product source material into review-ready Shopify products. This policy explains what information the app processes, how it is used, how long it is retained, and how merchants can contact us about privacy requests.

Information We Collect From Shopify

After a merchant installs the app, Catalog Intake uses Shopify APIs only for the access scopes needed to provide the service. Depending on the merchant's workflow, we may process shop domain and shop metadata, Shopify app authentication and session data, product and variant details, product identifiers, product images and Shopify Files metadata, inventory quantities, inventory locations, and the product, variant, or sales channel publication identifiers created or used by the app.

Information Merchants Provide

Merchants may upload CSV files, Excel .xlsx files, PDFs, images, packing slips, invoices, order sheets, product sheets, and similar product source material. We process the files, file names, extracted product details, store profile rules, cleanup settings, intake review decisions, usage records, billing status, and support messages needed to operate the app. If a merchant includes personal information in an uploaded file or support request, we process that information only to provide the requested service or support.

Customer Information

Catalog Intake is not designed to collect or store Shopify customer records, order data, payment data, or customer browsing data. The app does not place storefront cookies, track shoppers across stores, or use customer information for advertising or marketing profiles. If a merchant uploads a document that contains customer information, we treat it as merchant-provided content and use it only to process that upload or respond to a support request.

How We Use Information

We use the information described above to authenticate the app, process uploaded files, extract and normalize product data, group variants, suggest cleanup rules, match Shopify Files images, create Shopify draft or active products, publish approved active products to merchant-selected sales channels, update inventory when merchants approve it, measure usage limits, provide billing and account administration, prevent abuse, troubleshoot errors, and respond to merchant support and privacy requests. We do not sell merchant or customer data.

Service Providers

We share information with service providers only as needed to run Catalog Intake. These providers may include Shopify for app installation, authentication, product, inventory, file, and app billing workflows; hosting and database providers for app infrastructure; and AI/document-processing providers used to extract product details from merchant uploads. These providers are authorized to process information for the app service, not for their own advertising purposes.

Retention And Deletion

Shop-scoped intake batches, extracted product rows, review state, store settings, store profile data, usage records, billing status, and app session data are retained while needed to provide the app, comply with legal obligations, resolve disputes, and maintain security. When a merchant uninstalls the app, Catalog Intake deletes app session, billing, and usage records associated with that shop. Shop-scoped catalog data is deleted when Shopify sends the required shop redaction webhook or when a verified merchant requests deletion, unless we are legally required to retain limited records.

Privacy Rights And Shopify Webhooks

Merchants and individuals may request access, correction, deletion, or restriction of personal information by contacting us. Catalog Intake subscribes to Shopify's required privacy compliance webhooks for customer data requests, customer redaction, and shop redaction. Because the app is not designed to store customer records, customer data requests normally confirm that no customer record is stored by the app. Shop redaction requests delete shop-scoped app data as described above.

International Processing

Catalog Intake is operated from the United States. Merchant information may be stored or processed in the United States or other countries where our service providers operate. When information is transferred across borders, we rely on appropriate contractual, technical, and organizational safeguards.

Security

We use HTTPS/TLS in production, Shopify OAuth authentication, access controls, and operational safeguards intended to protect information processed by the app. No method of transmission or storage is completely secure, so merchants should avoid uploading customer, payment, or other sensitive personal information that is not needed for product catalog intake.

Contact

Questions, privacy requests, support requests, or requests for a physical mailing address can be sent to support@catalogintake.com.