1. Introduction

FeedArc ("we", "us", or "our") operates the feedarc.com website and the FeedArc product feed management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

FeedArc is operated by Digital Rocket SRL (VAT: RO36587519), registered in Romania. We are committed to protecting your privacy in accordance with the European Union General Data Protection Regulation (GDPR), Romanian data protection laws, and other applicable regulations.

2. Data Controller

The data controller responsible for your personal data is:

Digital Rocket SRL
Str. Zagazului nr. 13-19, București, România
VAT: RO36587519
Email: privacy@feedarc.com
Website: https://feedarc.com

3. Information We Collect

3.1 Account Information

When you register for an account, we collect your name, email address, and password (stored as a secure hash). If you register on behalf of a company, we also collect your company name.

3.2 Store Connection Data

When you connect an e-commerce store (Shopify, WooCommerce, PrestaShop, OpenCart, Magento, Shopware, Google Merchant Center, or Meta Commerce), we store the API credentials or OAuth tokens necessary to access your store's product data. These credentials are stored encrypted and are used solely to sync your product catalog with FeedArc.

3.3 Product Data

We import and store your product catalog data including product titles, descriptions, prices, images, availability, categories, and other product attributes. This data is used to generate and manage your product feeds.

3.4 Usage Data

We automatically collect information about how you use the Service, including pages viewed, features used, feed generation events, and sync operations. We also collect standard technical data such as your IP address, browser type, and device information.

3.5 Uploaded Files

If you upload CSV or XML files containing product data, we store and process these files to import your products into the FeedArc platform.

4. How We Use Your Information

We use the collected information for the following purposes:

Providing and maintaining the Service, including product feed generation and synchronization
Authenticating your identity and managing your account
Processing and fulfilling your requests, such as generating feeds for Google Shopping, Meta, Amazon, and other channels
Sending transactional emails (account verification, password resets, sync notifications)
Improving and optimizing the Service
Complying with legal obligations
Processing billing and payments through our payment processor (Stripe)

5. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)) — Processing necessary to provide the Service you requested
Legitimate interests (Art. 6(1)(f)) — Service improvement, security, and fraud prevention
Consent (Art. 6(1)(a)) — Marketing communications, where applicable
Legal obligation (Art. 6(1)(c)) — Tax and accounting requirements

6. Third-Party Services

We share data with the following categories of third-party service providers:

Cloud Infrastructure: Vercel (hosting), Neon/PostgreSQL (database) — for running and storing the Service
Payment Processing: Stripe — for processing subscription payments. Stripe's privacy policy applies to payment data.
E-commerce Platforms: Shopify, WooCommerce, Google, Meta, and others — only the data necessary to authenticate and sync your products
Email: Resend — for transactional email delivery
Analytics: We may use privacy-focused analytics to understand Service usage

We do not sell your personal data to third parties. We do not share your product data with other FeedArc users or competing businesses.

7. Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for services like Vercel, Stripe, and Google). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

Account data: Retained until you delete your account
Product data: Retained while your account is active; deleted within 30 days of account deletion
API credentials: Deleted immediately upon disconnecting a store or deleting your account
Audit logs: Retained for 12 months for security purposes
Billing records: Retained as required by Romanian tax law (typically 10 years)

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

Right of access — Request a copy of your personal data
Right to rectification — Request correction of inaccurate data
Right to erasure — Request deletion of your personal data
Right to restriction — Request limitation of processing
Right to data portability — Receive your data in a structured, machine-readable format
Right to object — Object to processing based on legitimate interests
Right to withdraw consent — Where processing is based on consent

To exercise any of these rights, contact us at privacy@feedarc.com. We will respond within 30 days as required by GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption in transit (TLS/HTTPS) and at rest
Secure password hashing (bcrypt)
HTTP-only secure cookies for authentication
Role-based access control
Regular security audits
Encrypted storage of API credentials

11. Cookies

We use cookies for authentication and essential Service functionality. For details, please see our Cookie Policy.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

13. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or your local data protection authority.

ANSPDCP — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Website: www.dataprotection.ro

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

For any questions about this Privacy Policy or our data practices, contact us at:

Digital Rocket SRL
Str. Zagazului nr. 13-19, București, România
Email: privacy@feedarc.com
Website: https://feedarc.com/legal