Pimster Logo

Google Merchant Extension Privacy Policy

Last update: 10 July 2025

1. Who we are

Krafter App, 9 rue Guynemer, 78150 Le Chesnay, France (“Krafter App”, “we”, “our”) operates the Google Merchant Extension (“Extension”).

2. Data accessed & stored

When you link a Google Merchant Center account, Pimster receives an OAuth access and refresh token for scope https://www.googleapis.com/auth/content. Using that scope we import the non-personal product-catalog resources listed in Google’s Content API for Shopping. We do not access or store:

  • customer-identifying information,
  • payment data, or
  • end-user behavioural data.

We store only:

  • access token, refresh token,
  • Merchant ID,
  • scope(s) authorised,
  • token expiry timestamp.

Security procedures are in place to protect the confidentiality of your data.

Limited Use Compliance: The use of raw or derived user data received from Google Workspace APIs will adhere to the Google Workspace API User Data and Developer Policy , including the Limited Use requirements . We do not use, transfer, or sell user data from Google Workspace APIs to create, train, or improve foundational machine learning or artificial intelligence models beyond that specific user’s personalized model for the appropriate use case or user-facing feature.

3. Data transfer

We do not transfer or disclose your information to third parties for purposes other than the ones provided in Annex 1 of Pimster’s Privacy Policy for the purpose of providing and improving the service.

4. Purpose & legal basis

Processing is necessary for the performance of the service contract (GDPR Art. 6-1-b): enabling shoppable product listing and catalogue synchronisation inside Pimster.

5. Storage & security

  • Tokens are encrypted at rest using AES-256-GCM.
  • Access is service-account–only; no human reads tokens in clear text.
  • Tokens rotate automatically every 90 days or upon manual revocation.

6. Retention & deletion

All Google-origin data, including cached catalogue items, is deleted within 30 days after:

  • you disconnect the Extension in the Pimster dashboard, or
  • you revoke access from the Google Security centre.

You may trigger immediate deletion at any time via Settings → Integrations → Google Merchant → Disconnect.

7. Your rights

You have rights of access, rectification, erasure, restriction and portability under Articles 15-20 GDPR. To exercise them email dpo@pimster.app. You may lodge a complaint with CNIL.

8. Contact details

Data Protection Officer — Krafter App
9 rue Guynemer, 78150 Le Chesnay — dpo@pimster.app

© 2025 Pimster SAS. All rights reserved.