Privacy Policy

1. Introduction

Welcome to Batch ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our B2B wholesale e-commerce platform service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, company name (if using Google OAuth)
• Product Information: Product images, descriptions, pricing data, and catalog information you upload
• Client Information: Wholesale client contact information, order history, and account details
• Order Data: Order details, quantities, pricing, and transaction information
• Payment Information: Processed securely through Stripe (we do not store your full credit card details)

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the platform
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies for authentication (via NextAuth)

2.3 Third-Party Services

• Google OAuth: If you sign in with Google, we receive your email and profile information
• Stripe: Payment processing and transaction data

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Provide wholesale e-commerce platform services, process orders, and manage client accounts
• Account Management: Authenticate users, manage subscriptions, and maintain session security
• Payment Processing: Process subscription payments through Stripe
• Order Management: Process and manage wholesale orders, track order history, and facilitate order fulfillment
• Communication: Send authentication emails, service-related notifications, and order confirmations
• Improvement: Analyze usage patterns to improve our service and platform features
• Legal Compliance: Comply with applicable laws and regulations

4. Data Storage and Security

4.1 Storage Locations

• Product Data: Product images, descriptions, and catalog information stored securely in cloud storage
• User Data: Account information, client data, and order history stored in secure databases with encrypted connections
• Payment Data: Processed and stored by Stripe (PCI DSS compliant)

4.2 Security Measures

• HTTPS/TLS encryption for all data transmission
• HMAC signature authentication for backend API requests
• Secure session management with httpOnly cookies
• Regular security updates and vulnerability patching
• Access controls and authentication required for all user data

4.3 Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time.

5. Third-Party Services

We use the following third-party services that may collect your information:

5.1 Google Services

• Google OAuth: For authentication (Google Privacy Policy)

5.2 Stripe

Payment processing is handled by Stripe. We do not store your full credit card information. (Stripe Privacy Policy)

5.3 Email Service

We use SMTP services (e.g., Gmail) to send authentication emails and service notifications.

6. Cookies and Tracking

We use the following cookies:

• Session Cookies: Required for authentication (via NextAuth)
• Functional Cookies: Remember your preferences and settings

We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect functionality.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data
• Withdrawal: Withdraw consent for data processing

To exercise these rights, please contact us at the email address provided below.

8. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law within 72 hours of becoming aware of the breach.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: