ContentCatch — https://contentcatch.io
Last updated: 18 March 2026
1. Who We Are
ContentCatch (“we”, “us”, “our”) is a software-as-a-service platform.
For any questions about this Privacy Policy or how we handle your personal data, you can contact us at:
Email: support@contentcatch.io
For users in the European Economic Area (EEA) and the United Kingdom, ContentCatch acts as the data controller for the personal data described in this policy.
2. Scope
This policy applies to:
- Account holders (“Users”) — agencies, freelancers, and individuals who create a ContentCatch account
- End clients (“Clients”) — individuals who submit data via forms created by Users
- Visitors to:
Controller vs Processor
- Users are data controllers for Client data they collect via forms
- ContentCatch acts as a data processor on behalf of Users
Users are responsible for:
- Having a lawful basis to collect Client data
- Providing appropriate privacy notices to their Clients
3. What Data We Collect
3.1 Account Registration Data
| Data | Purpose |
|---|---|
| Full name | Personalise your account and communications |
| Email address | Authentication, notifications, billing |
| Password (hashed) | Account security (never stored in plain text) |
| Company name | Workspace personalisation |
3.2 Onboarding & Profile Data
We may collect:
- Company/studio name
- Team size
- Country of operation (for pricing & compliance)
- Company logo
- Date format preference
- Notification preferences
3.3 Subscription & Billing Data
Payments are processed by Stripe, Inc.
We store:
- Stripe customer ID
- Subscription plan and status
- Billing period dates
- Transaction confirmations
We do not store full payment card details.
3.4 Usage Data
Includes:
- Forms created (titles, fields, branding)
- Submission statistics
- AI credit usage (credits only, not generated text)
- Log data (IP address, browser type, timestamps)
3.5 Client Submission Data (Processor Role)
Stored on behalf of Users:
- Client name and email (if collected)
- Form responses
- Uploaded files
- Submission timestamps and status
This data belongs to the User and their Clients.
3.6 Communications Data
- Support emails
- Replies to communications
3.7 Cookies and Local Storage
| Technology | Data Stored | Purpose |
|---|---|---|
localStorage | Auth session | Keep users logged in |
localStorage | Banner preferences | UI customisation |
localStorage | Form autosave | Preserve progress |
sessionStorage | File URL cache | Improve performance |
We do not use advertising cookies.
4. How We Use Your Data
We process data under UK/EU GDPR Article 6:
| Activity | Legal Basis |
|---|---|
| Account management | Contract |
| Platform functionality | Contract |
| Payment processing | Contract |
| Transactional emails | Contract |
| Performance & security monitoring | Legitimate interests |
| Marketing emails | Consent |
| Legal compliance | Legal obligation |
5. Third-Party Services and Processors
We use the following providers:
| Provider | Role | Data Shared | Location |
|---|---|---|---|
| Infrastructure provider | Hosting & storage | All account data | EU / USA |
| Stripe, Inc. | Payments | Billing data | USA |
| Email provider | Email delivery | Name, email | USA |
| OpenAI, L.L.C. | AI processing | User input text | USA |
| Monitoring service | Error tracking | Device/log data | USA |
| Hosting/CDN | Site delivery | IP, metadata | Global |
International Transfers
Safeguards include:
- Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework
AI Processing Notice
- Client input may be sent to an external AI provider
- AI-generated text is not stored
- Only credit usage is recorded
Users must inform Clients if AI features are enabled.
6. Data Retention
| Data Type | Retention |
|---|---|
| Account data | While active + 30 days |
| Forms & submissions | Until deleted |
| Files | Deleted with associated data |
| Billing records | 7 years |
| Logs | 90 days |
| Email logs | ~30 days |
| Backups | Up to 30 days |
7. Your Rights
You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
Requests: support@contentcatch.io
Response time: within 30 days
Complaints
8. Data Security
We use:
- TLS/HTTPS encryption
- Hashed passwords
- Row Level Security (RLS)
- Signed file URLs
- Rate limiting
- Monitoring tools
Report vulnerabilities: security@contentcatch.io
9. Children’s Privacy
- Service intended for users 18+
- We do not knowingly collect data from children under 16
Contact us for removal if needed.
10. International Data Transfers
We ensure safeguards such as:
- Standard Contractual Clauses (SCCs)
- Data Privacy Framework compliance
11. Changes to This Policy
- Updates may be communicated via email or in-app
- Material changes will be notified in advance
- Continued use constitutes acceptance
12. Contact Us
ContentCatch Privacy
Email: support@contentcatch.io