1. Who we are
Krafter App, 9 rue Guynemer, 78150 Le Chesnay, France (“Krafter App”, “we”, “our”) operates the Google Merchant Extension (“Extension”).
2. Data accessed & stored
When you link a Google Merchant Center account, Pimster receives an OAuth access and refresh token for scope https://www.googleapis.com/auth/content. Using that scope we import the non-personal product-catalog resources listed in Google’s Content API for Shopping. We do not access or store:
- customer-identifying information,
- payment data, or
- end-user behavioural data.
We store only:
- access token, refresh token,
- Merchant ID,
- scope(s) authorised,
- token expiry timestamp.
3. Purpose & legal basis
Processing is necessary for the performance of the service contract (GDPR Art. 6-1-b): enabling shoppable product listing and catalogue synchronisation inside Pimster.
4. Storage & security
- Tokens are encrypted at rest using AES-256-GCM.
- Access is service-account–only; no human reads tokens in clear text.
- Tokens rotate automatically every 90 days or upon manual revocation.
5. Retention & deletion
All Google-origin data, including cached catalogue items, is deleted within 30 days after:
- you disconnect the Extension in the Pimster dashboard, or
- you revoke access from the Google Security centre.
You may trigger immediate deletion at any time via Settings → Integrations → Google Merchant → Disconnect.
6. Your rights
You have rights of access, rectification, erasure, restriction and portability under Articles 15-20 GDPR. To exercise them email dpo@pimster.app. You may lodge a complaint withCNIL.
7. Contact details
Data Protection Officer — Krafter App
9 rue Guynemer, 78150 Le Chesnay — dpo@pimster.app