Skip to main content

Privacy Policy

Last Updated: January 2024 At CatchBack, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

Personal Information

We collect information you provide directly:
  • Account Information: Name, email address, company details
  • Contact Details: Phone number, billing address, shipping address
  • Payment Information: Credit card details, billing information (processed securely through PCI-compliant providers)
  • Communication Data: Support messages, feedback, survey responses

Return Transaction Data

  • Order Information: Order numbers, purchase dates, item details
  • Return Details: Reason for return, item condition, photos
  • Customer Communications: Messages between customers and merchants
  • Shipping Information: Tracking numbers, carrier details, delivery confirmations

Technical Information

  • Usage Data: How you interact with our platform
  • Device Information: IP address, browser type, operating system
  • Cookies and Tracking: Session data, preferences, analytics
  • API Usage: Request logs, response times, error rates

2. How We Use Your Information

Service Provision

Returns Processing

Process return requests and manage the returns workflow

Communication

Send notifications about return status and platform updates

Customer Support

Provide technical support and resolve issues

Analytics

Generate insights and improve our services
  • Comply with legal obligations and regulations
  • Prevent fraud and ensure platform security
  • Enforce our Terms of Service
  • Respond to legal requests and government inquiries

3. Information Sharing

We Do NOT Sell Your Data

CatchBack never sells, rents, or trades your personal information to third parties for marketing purposes.

When We Share Information

Service Providers
  • Payment processors (Stripe, PayPal)
  • Shipping carriers (UPS, FedEx, USPS)
  • Cloud infrastructure providers (AWS, Azure)
  • Analytics services (anonymized data only)
Legal Requirements
  • Court orders and legal processes
  • Government investigations
  • Protection of rights and safety
  • Compliance with applicable laws
Business Transfers
  • Mergers, acquisitions, or asset sales
  • Due diligence processes
  • Corporate restructuring

4. Data Security

Technical Safeguards

// Example: Data encryption in transit
const secureRequest = https.request({
  hostname: 'api.catchback.com',
  port: 443,
  path: '/returns',
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${encryptedToken}`
  }
});

Security Measures

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Multi-factor authentication and role-based access
  • Monitoring: 24/7 security monitoring and incident response
  • Auditing: Regular security audits and penetration testing

Data Breach Response

  • Immediate containment and investigation
  • Notification within 72 hours (GDPR requirement)
  • Remediation and prevention measures
  • Transparent communication with affected users

5. Your Privacy Rights

Global Rights

All users have the right to:
  • Access: Request copies of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request removal of your personal data
  • Portability: Receive your data in a machine-readable format

Region-Specific Rights

  • GDPR (EU)
  • CCPA (California)
  • PIPEDA (Canada)
  • Right to object to processing
  • Right to restrict processing
  • Right to withdraw consent
  • Right to lodge complaints with supervisory authorities

Exercising Your Rights

To exercise any privacy rights:
  1. Email: privacy@catchback.com
  2. Support Portal: Submit a privacy request
  3. Account Settings: Self-service options available
  4. Response Time: We respond within 30 days

6. Data Retention

Retention Periods

  • Account Data: Retained while account is active + 7 years
  • Transaction Data: 7 years for tax and legal compliance
  • Communication Data: 3 years for support and training purposes
  • Analytics Data: Anonymized and retained indefinitely

Deletion Process

When data is deleted:
  • Immediate removal from active systems
  • Secure deletion from backups within 90 days
  • Anonymization of any retained analytics data
  • Confirmation provided upon completion

7. Cookies and Tracking

Types of Cookies

Essential Cookies
  • Session management
  • Security features
  • Basic functionality
  • Load balancing
Analytics Cookies
  • Usage statistics
  • Performance monitoring
  • Feature effectiveness
  • User behavior patterns
// Cookie consent management
const cookieConsent = {
  essential: true,      // Required for functionality
  analytics: false,     // User choice
  marketing: false,     // User choice
  preferences: true     // User choice
};

CatchBack.updateCookieConsent(cookieConsent);

Managing Cookies

  • Browser Settings: Control cookies through browser preferences
  • Opt-Out: Use our cookie preference center
  • Third-Party: Manage third-party cookies directly with providers

8. International Data Transfers

Data Processing Locations

  • Primary: United States (AWS US-East)
  • Backup: European Union (AWS EU-West)
  • Asia-Pacific: Available for regional customers

Transfer Safeguards

  • Standard Contractual Clauses: EU-approved data transfer mechanisms
  • Adequacy Decisions: Countries with adequate protection levels
  • Binding Corporate Rules: Internal data transfer policies
  • Consent: Explicit consent where required

9. Children’s Privacy

Age Restrictions

  • CatchBack services are not intended for children under 13
  • We do not knowingly collect information from children under 13
  • If we learn of child data collection, we delete it immediately
  • Parents can contact us to request deletion of child data

10. Changes to This Policy

Update Process

  • Material changes require 30-day advance notice
  • Email notification to registered users
  • Prominent notice on our platform
  • Historical versions maintained for reference

Staying Informed

  • Subscribe to privacy policy updates
  • Check our website regularly
  • Follow our blog for privacy-related announcements

11. Contact Information

Privacy Officer

Data Protection Officer
CatchBack Technologies, Inc.
Privacy Department
1234 Technology Drive
San Francisco, CA 94105
privacy@catchback.com

Regional Contacts

Supervisory Authorities

If you’re in the EU and have concerns about our data handling:
  • Contact your local data protection authority
  • File a complaint with the Irish Data Protection Commission (our lead authority)
  • Seek resolution through other available legal channels

12. Additional Resources

Privacy Tools

Educational Resources

This Privacy Policy is effective as of the last updated date shown above. For questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer at privacy@catchback.com.
I