CatalogCompass

Privacy Policy

Last updated: March 27, 2026

This Privacy Policy explains how Nubes Lunae ("we", "us"), operating CatalogCompass, collects, uses, and protects your personal data. We are committed to GDPR compliance and transparency in data processing.

1. Data Controller

Nubes Lunae, registered in the Netherlands, is the data controller for your personal account data. For product catalog data you enter into CatalogCompass, we act as a data processor on your behalf (you are the controller). Contact: [email protected].

2. Data We Collect

We collect and process the following personal data:

  • Account data: your name, email address, and hashed password, necessary to provide the Service (legal basis: contract performance, Art. 6(1)(b) GDPR).
  • Session data: IP address and user agent, for security and authentication purposes (legal basis: legitimate interest, Art. 6(1)(f) GDPR). Retained for the session duration plus 90 days.
  • Billing data: Stripe customer ID and subscription ID. We do not store credit card numbers or payment details. All payment processing is handled by Stripe (legal basis: contract performance, Art. 6(1)(b) GDPR).
  • Audit logs: user ID, action performed, and timestamp for data integrity purposes (legal basis: legitimate interest, Art. 6(1)(f) GDPR). Retained for 90 days.
  • Product data: product information, images, and catalog data you enter into the Service. This is your business data and is processed on your behalf.

3. Data Processors and Sub-processors

We use the following service providers to deliver CatalogCompass:

  • Microsoft Azure (West Europe, Netherlands) -- application hosting and database. All data is stored in the EU.
  • Cloudflare R2 (EU) -- image storage and content delivery.
  • Stripe (EU/US) -- payment processing. Stripe may process billing data in the US under EU Standard Contractual Clauses.
  • Resend -- transactional email delivery (account verification, password resets).
  • Sentry -- error monitoring to maintain service quality. May process anonymized error data.

4. International Data Transfers

Your data is primarily stored in the EU (Azure West Europe, Netherlands). Stripe may process some billing data in the US under EU Standard Contractual Clauses. When you choose to sync product data to non-EU marketplaces (e.g., Amazon US, Faire), this transfer is initiated by you as the data controller.

5. Data Retention

Account data is retained for the duration of your account plus 30 days after deletion. Audit logs are retained for 90 days. Billing records are retained for 7 years as required by Dutch tax law. Product data is retained for the duration of your subscription plus a 90-day export window after cancellation.

6. Your Rights

Under the GDPR, you have the right to: access your personal data, rectify inaccurate data, request erasure of your data, export your data in a portable format, restrict processing, and object to processing. To exercise these rights, contact us at [email protected]. We will respond within 30 days.

7. Children's Data

CatalogCompass is a B2B service for businesses. We do not knowingly collect data from persons under 16 years of age.

8. Cookies

We use only strictly necessary and functional cookies. See our Cookie Policy for details. Cookie Policy

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days in advance.

10. Contact

For privacy-related questions or data subject requests, contact us at [email protected].

Terms of Service: /terms | Cookie Policy: /cookies