Privacy Policy

1. Introduction

At Whatalo we respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, and safeguard your data.

2. Information We Collect

• Account data (name, email, password).
• Catalog and product information you upload.
• Payment data securely processed by our third-party payment processor.
• Usage data and anonymous analytics metrics.

3. Use of Information

We use this information to:

• Provide and improve our services.
• Process payments and manage subscriptions.
• Offer support and communicate relevant updates.
• Comply with legal obligations.

4. Sharing of Information

We do not sell your personal information. We only share it with:

• Payment processors and other essential service providers.
• Competent authorities when required by law.
• New owners in the event of a merger or acquisition, with prior notice.

5. Third-Party Integrations and API Access

Merchants may authorize third-party applications to access their store data via Whatalo’s public API, protected by OAuth 2.1. The merchant controls which permissions (scopes) are granted during the consent process and may revoke access at any time from Settings → Connected Apps.

Once data leaves Whatalo’s infrastructure to an authorized integration, it is governed by that third party’s privacy policy. Whatalo does not control how the third party uses, stores, or processes that data. We recommend reviewing the terms and privacy policy of any application before authorizing access.

The merchant is responsible for changes that authorized applications make to their store.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy. The applicable retention periods are:

Upon account closure, data not subject to legal retention is deleted or anonymized within a maximum of 30 days.

7. Cookies and Similar Technologies

We use cookies to improve your experience and analyze platform usage. You can manage cookies in your browser settings.

8. Data Security

We implement technical and organizational measures to protect your information:

• Encryption in transit using TLS 1.2 or higher.
• Encryption at rest with industry-standard algorithms (AES-256 or equivalent).
• Role-based access controls with the principle of least privilege.
• Strong authentication for systems processing personal data.
• Audit logs of access retained for at least 90 days.
• Continuous vulnerability management and dependency updates.
• Infrastructure hosted in data centers with standard security certifications.

No system is 100% secure. We recommend keeping your credentials confidential and enabling two-factor authentication where available.

9. Your Rights

You have the right to:

• Access your personal data.
• Rectify incorrect information.
• Request deletion of your account.
• Export your data in a portable format.

10. Changes to this Policy

We reserve the right to update this Privacy Policy. We will notify you of significant changes via email or a notice on the platform.

11. Minors

Whatalo is not intended for individuals under 18. If we discover that we have collected information from a minor without parental consent, we will delete it immediately.

12. Data Breach Notification

In the event of a security breach affecting your personal data, we will notify affected users and competent authorities within the timeframes required by applicable law (Law 172-13 in the Dominican Republic, GDPR in the European Union, state laws in the United States). The notification will include the nature of the incident, affected data, containment measures, and recommended steps.