Privacy Policy
This Privacy Policy describes how Catalgr ("we", "our", or "the Service") collects, uses, and protects your personal information.
1. Information We Collect
Account Information
- Email address
- Password (securely hashed)
- Name (optional)
Collection Data
- Album and music collection information
- Images you upload for scanning
- Notes, tags, and condition ratings you add
Usage Information
- Subscription tier and billing information
- Feature usage and scan counts
- Login activity and session data
Connected Services
- Discogs account connection details (username, OAuth tokens)
- Information retrieved from your connected Discogs account
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process your music collection scanning and organization
- Manage your subscription and billing
- Connect to your Discogs account (with your permission)
- Improve our features and user experience
- Communicate important service updates
- Enforce our terms and prevent abuse
3. Data Security
We implement industry-standard security measures to protect your information:
- Passwords are encrypted using bcrypt hashing
- OAuth tokens are encrypted at rest using AES-256 encryption
- Secure JWT authentication with httpOnly cookies
- All data transmissions use HTTPS encryption
- Regular security audits and monitoring
4. Third-Party Services and Data Sharing
What We Do Not Share
- We never sell your personal information to third parties
- We never share your collection data with other users without your permission
- We never use your data for advertising or marketing purposes outside our Service
Service Providers
We use trusted third-party service providers to help operate our Service (such as cloud hosting, payment processing, and AI-powered image recognition). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
Legal Requirements
We may disclose information if required by law, court order, or to protect the rights and safety of our users and the Service.
5. Your Rights and Choices
You have the right to:
- Access your personal information and collection data
- Export your collection data in CSV format
- Update your account information and preferences
- Delete your account and all associated data
- Disconnect third-party services like Discogs at any time
To exercise these rights, visit your account settings or contact us directly.
6. Data Retention
- Active account data is retained while your account is active
- Deleted accounts and data are permanently removed within 30 days
- Backup copies are securely deleted within 90 days
- Session data automatically expires after 30 days
7. Cookies
We use essential cookies for:
- Authentication and session management
- Security and fraud prevention
You can disable cookies in your browser, but this may limit your ability to use the Service.
8. International Users
Your information may be stored and processed in any country where we operate or where our service providers are located. By using the Service, you consent to the transfer of your information to countries outside your country of residence.
9. Children's Privacy
Our Service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email (if you have not opted out)
- Display a prominent notice on our website
- Require acceptance for significant changes affecting your rights
11. Contact Us
If you have questions about this Privacy Policy or your personal information, please visit our Contact page.