Privacy Policy | DevCatalog

Sacred LLC, doing business as DevCatalog ("DevCatalog," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://devcatalog.com and related services (collectively, the "Services").

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described, please do not use our Services.

1. Information We Collect

1.1 Information You Provide Directly

Account Information

Name (or username/display name)
Email address
Password (encrypted)
Profile information (biography, avatar, social links)
Account preferences and settings

Identity Verification (Sellers)

Legal name
Date of birth
Government-issued identification (for Stripe Connect verification)
Tax identification information (for sellers meeting reporting thresholds)
Bank account or payout information (processed by Stripe)

Transaction Information

Purchase and sales history
Order details and communications
Uploaded files and deliverables
Reviews and ratings

Communications

Customer support inquiries
Responses to surveys or feedback requests
Marketing preferences

1.2 Information Collected Automatically

Usage Information (via PostHog)

Pages visited and features used
Time spent on pages
Click patterns and interactions
Search queries within the Platform
Error logs and performance data

Device Information

Device type and operating system
Browser type and version
Screen resolution
IP address
Unique device identifiers

Location Information

Approximate location derived from IP address
Time zone settings

1.3 Information from Third Parties

Authentication Provider (Clerk)

Email address
Name
Profile picture (if provided via social login)
Social login tokens (Google, Discord, etc.)

Payment Processor (Stripe)

Transaction status and history
Partial payment card information (last 4 digits, expiration, card type)
Bank account verification status
Identity verification results

2. How We Use Your Information

2.1 Providing and Improving Services

Create and manage your account
Process transactions and payments
Facilitate communication between buyers and sellers
Provide customer support
Personalize your experience
Analyze usage patterns to improve our Services
Debug and fix technical issues
Develop new features and services

2.2 Safety and Security

Detect and prevent fraud, abuse, and security threats
Verify user identities
Enforce our Terms of Service and policies
Investigate and respond to disputes
Protect the rights and safety of our users

2.3 Communications

Send transactional emails (order confirmations, notifications)
Provide customer support responses
Send marketing communications (with your consent)
Notify you of policy changes or security issues
Send reminders about incomplete orders or actions

2.4 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and government inquiries
Enforce our legal rights
Fulfill tax reporting obligations

We do not sell your personal information. We share your information only in the following circumstances:

3.1 With Other Users

Buyers can see seller profile information, ratings, and reviews
Sellers can see buyer usernames and order-related information
Order communications are shared between transaction parties

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Stripe | Payment processing, seller identity verification | Name, email, payment info, identity documents | | Clerk | User authentication and session management | Email, name, authentication tokens | | PostHog | Analytics and error tracking | Usage data, device info, IP address (anonymized) | | Loops | Transactional email delivery | Email address, name, order details | | UploadThing | File storage and delivery | Uploaded files, file metadata | | Vercel | Web hosting and infrastructure | Server logs, request data | | Convex | Backend database and real-time sync | Privacy Policy |

3.3 For Legal Reasons

We may disclose your information if required by law or if we believe disclosure is necessary to:

Comply with a legal obligation, court order, or subpoena
Protect and defend the rights or property of DevCatalog
Prevent or investigate possible wrongdoing
Protect the safety of users or the public
Protect against legal liability

3.4 Business Transfers

If DevCatalog is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Platform before your information becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. Your Privacy Rights

4.1 Rights for All Users

Regardless of your location, you have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Data Portability: Request your data in a structured, machine-readable format
Opt-Out: Unsubscribe from marketing communications at any time
Withdraw Consent: Where processing is based on consent, withdraw consent at any time

4.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know You have the right to request that we disclose:

Categories of personal information collected
Specific pieces of personal information collected
Categories of sources from which information is collected
Business or commercial purposes for collecting information
Categories of third parties with whom we share information

Right to Delete You have the right to request deletion of personal information we have collected, subject to certain exceptions (e.g., completing transactions, legal compliance, security).

Right to Correct You have the right to request correction of inaccurate personal information.

Right to Opt-Out of "Sale" or "Sharing" We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If this changes, we will provide a clear opt-out mechanism.

Right to Limit Use of Sensitive Personal Information We only use sensitive personal information for purposes permitted under CCPA/CPRA.

Right to Non-Discrimination We will not discriminate against you for exercising your privacy rights.

Authorized Agents You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

Categories of Information (12-month lookback)

Identifiers (name, email, IP address)
Commercial information (transaction history)
Internet activity (usage data)
Professional information (seller business details)
Inferences (user preferences)

Retention: See Section 6 for retention periods.

Shine the Light: California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.

4.3 Canadian Residents (PIPEDA Rights)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

Right to Access You have the right to access personal information we hold about you and be informed of how it has been used and disclosed.

Right to Challenge Accuracy You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.

Right to Withdraw Consent You may withdraw consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.

Right to Complain You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your PIPEDA rights have been violated.

Accountability Our Privacy Officer is responsible for compliance with PIPEDA. Contact details are provided in Section 12.

Identified Purposes We collect, use, and disclose personal information only for the purposes identified in this Privacy Policy.

Limiting Collection We limit collection to information that is necessary for the identified purposes.

Safeguards We protect personal information with appropriate security safeguards.

4.4 European Union (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation:

Right to Access: Obtain confirmation of processing and a copy of your data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion under certain circumstances
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing: Contract performance, legitimate interests, legal obligations, and consent.

Data Transfers: We transfer data to the US using Standard Contractual Clauses (SCCs).

Response Time: 30 days (extendable by 60 days for complex requests)

To exercise your rights, visit our Privacy Request Portal.

4.5 Brazil (LGPD)

If you are located in Brazil, the Lei Geral de Proteção de Dados provides:

Right to confirmation and access
Right to correction of incomplete or inaccurate data
Right to anonymization, blocking, or deletion
Right to data portability
Right to information about sharing
Right to revoke consent

Response Time: 15 days

4.6 Japan (APPI)

If you are located in Japan, the Act on Protection of Personal Information provides:

Right to disclosure of personal data
Right to correction, addition, or deletion
Right to cease use or delete data
Right to cease third-party provision

Response Time: 14 days

4.7 South Korea (PIPA)

If you are located in South Korea, the Personal Information Protection Act provides:

Right to access personal information
Right to correction or deletion
Right to suspend processing
Right to explanation of automated decisions

Response Time: 15 days

4.8 United Kingdom

If you are located in the UK, your rights under UK GDPR mirror those in Section 4.4 (GDPR).

Response Time: 30 days

4.9 Australia (APPs)

If you are located in Australia, the Privacy Act and Australian Privacy Principles provide:

Right to access personal information
Right to correction
Right to complain to the OAIC

Response Time: 30 days

4.10 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at:

Email: support@devcatalog.com
Web Form: https://devcatalog.com/privacy-request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

5. Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information (where applicable) and limit tracking accordingly.

For more information about GPC, visit https://globalprivacycontrol.org.

6. Data Retention

6.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

| Data Type | Retention Period | Reason | |-----------|-----------------|--------| | Account information | Account lifetime + 7 years | Legal compliance, dispute resolution | | Transaction records | 7 years after transaction | Tax, legal, and audit requirements | | Communications | 3 years | Dispute resolution, legal compliance | | Usage/analytics data | 24 months | Service improvement, aggregated analytics | | Marketing preferences | Until withdrawal of consent | Compliance with opt-out requests | | Server logs | 90 days | Security, debugging |

6.2 Deletion

When you request account deletion or when retention periods expire:

Active data is deleted or anonymized within 30 days
Backup data may persist for up to 90 days before being purged
Some information may be retained as required by law or for legitimate business purposes

6.3 Anonymization

Where possible, we anonymize data rather than delete it, allowing us to maintain aggregate statistics for analytics and service improvement without identifying individuals.

7. Security Measures

7.1 Technical Safeguards

We implement appropriate technical security measures, including:

Encryption of data in transit (TLS/HTTPS)
Encryption of sensitive data at rest
Secure authentication via Clerk with multi-factor authentication options
Regular security assessments and penetration testing
Access controls limiting employee access to personal information
Monitoring and logging of system access

7.2 Organizational Safeguards

Employee training on data protection and privacy
Data protection policies and procedures
Incident response procedures
Vendor security assessments

7.3 Your Responsibilities

Account security is a shared responsibility. You are responsible for:

Maintaining the confidentiality of your login credentials
Using strong, unique passwords
Enabling multi-factor authentication
Logging out of shared or public devices
Notifying us immediately of any unauthorized access

7.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notification will include the nature of the breach, types of data affected, and steps you can take to protect yourself.

8. Children's Privacy

8.1 Age Restrictions

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 17, you may only use our Services with parental or guardian consent.

8.2 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at support@devcatalog.com. We will promptly delete such information.

8.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). If we learn we have collected personal information from a child under 13 without verification of parental consent, we will delete that information as quickly as possible.

9. International Data Transfers

9.1 Transfer Mechanisms

Your information may be transferred to and processed in countries other than your own, including the United States where our servers are located. These countries may have different data protection laws than your jurisdiction.

When we transfer data internationally, we use appropriate safeguards:

Standard contractual clauses approved by relevant authorities
Transfers to countries with adequate data protection laws
Data processing agreements with service providers

9.2 Your Consent

By using our Services, you consent to the transfer of your information to the United States and other countries where we and our service providers operate.

For detailed information about our use of cookies and similar technologies, please see our Cookie Policy.

Summary: We use cookies for:

Essential functionality (authentication, security)
Analytics (understanding how users interact with our Services)
Preferences (remembering your settings)

You can manage cookie preferences through your browser settings.

11. Changes to This Privacy Policy

11.1 Notification of Changes

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email or prominent notice on the Platform
Provide at least 30 days' notice before material changes take effect

11.2 Review

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sacred LLC

Privacy Officer / Data Protection Contact

Email: support@devcatalog.com
General Support: support@devcatalog.com
Mailing Address: Washington, USA

Privacy Request Submission: https://devcatalog.com/privacy-request

Response Time: We aim to respond to all privacy-related inquiries within 30 business days.

13. Additional Disclosures

13.1 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Our response to DNT signals may vary. We recommend using Global Privacy Control (GPC) for a more standardized approach, which we honor.

13.2 Third-Party Links

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you visit.

13.3 Social Features

If you use social features on our Platform (e.g., sharing, social login), information may be shared with or collected by the social network. Review the privacy policies of those networks for more information.

By using DevCatalog, you acknowledge that you have read and understand this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.