Privacy Policy

Catalab (“we”, “us”, “our”) provides AI-assisted website builds, revenue automation services, and associated client management tooling via catalab.app. We are the data controller for the personal data described in this policy.

To contact us about data matters: privacy@catalab.app.

We collect the following categories of personal data:

• Account data: name, email address, role (client / team member).
• Business intake data: business name, industry, goals, revenue metrics, and other information you provide during the onboarding intake or Business Brain diagnosis. This data is used solely to scope and deliver the services you've requested.
• Project data: scope summaries, build specifications, asset files (logos, images, copy) you upload, revision history, and communications exchanged within the platform.
• Payment data: billing name, email, and payment method details. Card numbers and sensitive payment credentials are processed and stored by Stripe — we do not store them ourselves. We retain Stripe customer IDs and invoice records.
• Usage data: pages visited, features used, timestamps, and IP address, collected automatically when you use the platform.
• Communications: messages you send via the client portal or support channels.

We use your data to:

• Create and manage your account and project.
• Deliver the services described in your accepted quote — website builds, automations, support plans.
• Process payments and issue invoices via Stripe.
• Send transactional emails (quote notifications, build status updates, invoice receipts) via Resend.
• Generate and store e-signature documents for contracts.
• Provide customer support and respond to your enquiries.
• Improve and maintain the platform (anonymised usage analytics).
• Comply with legal obligations.

We do not use your personal data for advertising to third parties, sell your data, or use it for purposes unrelated to the services you've requested.

Where applicable, we rely on the following legal bases:

• Contract: to perform the services you've agreed to.
• Legitimate interests: to maintain and improve the platform, prevent fraud, and communicate about your project.
• Legal obligation: to comply with applicable law (e.g. tax, financial record-keeping).
• Consent: where we explicitly ask for consent (e.g. marketing emails, if applicable).

We share data with the following sub-processors to deliver our services:

Each provider has their own privacy and data processing policies. We recommend reviewing these directly if you have specific concerns.

We use strictly necessary cookies for session management (Supabase authentication tokens). We do not currently use tracking or advertising cookies. If this changes, we will update this policy and, where required by law, obtain your consent.

We retain your personal data for as long as your account is active or as needed to provide the services. Project data (including build artefacts and communications) is retained for a minimum of 2 years after project completion to support warranty and support obligations.

Payment records are retained for 7 years to comply with financial and tax regulations. You may request deletion of other data at any time (see Section 9).

All data is encrypted in transit (TLS) and at rest. Access to production data is restricted to authorised team members. Authentication is handled by Supabase with row-level security policies enforced at the database level.

Depending on your location, you may have rights including: access to your data, correction of inaccurate data, deletion (“right to be forgotten”), portability, restriction of processing, and objection to processing.

To exercise any of these rights, email privacy@catalab.app. We will respond within 30 days. You can also delete your account directly from your portal settings, which permanently removes your profile and project data.

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. The “last updated” date at the top of this page reflects the most recent version.

For any data protection queries: privacy@catalab.app.