At AdVision eCommerce Inc., we understand that merchants depend on reliable and secure systems to operate their businesses. This page describes the security practices we use to help protect CatalogPilot, merchant accounts, and the data processed within the Service.

This Security Practices page is informational only and does not create contractual obligations, warranties, or guarantees. It complements our Privacy Policy and Terms & Conditions.

1. Security Principles

We follow a framework built around four core pillars:

1. Confidentiality – preventing unauthorized access
   
2. Integrity – maintaining accuracy and reliability
   
3. Availability – ensuring systems operate as intended
   
4. Accountability – maintaining auditable controls and responsible governance
   

2. Data Security

2.1 Encryption in Transit

Data transmitted between your browser, APIs, and our servers is protected with industry-standard encryption (HTTPS/TLS).

2.2 Encryption at Rest

Where supported by our hosting infrastructure, stored data may also be encrypted at rest.

2.3 Data Isolation

Each merchant’s environment is logically separated to prevent unauthorized access across accounts.

2.4 Access Restrictions

Only authorized personnel with a legitimate operational requirement are granted access to production systems.

Access requires:

• unique credentials
  
• role-based permissions
  
• authentication layers
  
• audit logging
  

3. Infrastructure Security

3.1 Hosting & Cloud Providers

We use reputable, industry-standard hosting providers for infrastructure. These providers maintain:

• physical datacenter security
  
• environmental controls
  
• redundant power and networking
  
• certification frameworks such as SOC 2, ISO 27001 (provider-specific)

3.2 Network Protections

Network policies may include:

• firewalls
  
• IP restrictions
  
• rate limiting
  
• DDoS mitigation (provider-dependent)
  

3.3 Monitoring & Logging

We use monitoring tools to track key aspects of system health, including:

• uptime
  
• load
  
• ingestion processes
  
• API requests
  
• unusual patterns
  

Logging helps with debugging, performance analysis, and security investigations.

4. Application Security

4.1 Secure Development Practices

Our development workflows incorporate:

• code reviews
  
• environment separation
  
• CI/CD pipelines
  
• dependency scanning
  
• vulnerability patching
  
• version control
  

4.2 Password & Account Security

Users are responsible for safeguarding login credentials.

We encourage:

• strong passwords
  
• unique account logins
  
• administrator permission control within merchant accounts
  

4.3 Session Management

Session timeouts and authentication rules help reduce risks associated with unauthorized access.

5. Third-Party Integrations & Api Security

5.1 Integration Controls

CatalogPilot integrates with platforms such as:

• Lightspeed
  
• Shopify
  
• WooCommerce
  
• BigCommerce
  
• Ecwid
  
• Google Merchant Center
  
• Other APIs and marketplaces
  

We authenticate via API keys or platform-specific authorization methods.

5.2 Dependency Awareness

Because third-party platforms control their API availability, changes, and performance, we cannot guarantee:

• uptime
  
• correctness of returned data
  
• compatibility
  
• stability of integrations
  

5.3 Restricted Access

Merchant API credentials are stored securely and only used to perform tasks required to deliver the Service.

6. Data Backups & Continuity

6.1 Regular Backups

We maintain regular backups of key system components where appropriate.

Backups help mitigate the risk of accidental data loss.

6.2 Recovery & Incident Handling

In the event of:

• service interruption
  
• infrastructure failure
  
• catastrophic hosting event
  

We may restore data from backups as reasonably possible.

However, we do not guarantee recovery times or data restoration, and merchants should maintain independent backups of critical data.

7. Incident Response

7.1 Detection & Investigation

We investigate potential security events and take steps to reduce risks.

7.2 Communication

If a data breach affects personal information, we will notify the Merchant in accordance with applicable laws.

7.3 Remediation

Post-incident steps may include:

• patching vulnerabilities
  
• modifying configurations
  
• infrastructure updates
  

8. Employee Access & Training

We restrict production-level access to select personnel trained in:

• operational security
  
• data handling
  
• privacy controls
  
• system maintenance
  

Employees must adhere to internal confidentiality and usage policies.

9. Merchant Responsibilities

Merchants are responsible for:

• ensuring catalog accuracy
  
• securing their own systems, devices, and networks
  
• maintaining backup copies of their data
  
• controlling internal user access
  
• reviewing AI-generated metadata before publishing
  
• complying with third-party platform policies
  

The security of your environment affects the security of your data.

10. Limitations

While we apply industry-standard practices, no system is completely secure.

We cannot guarantee:

• uninterrupted service
  
• absolute protection
  
• compatibility with all platforms
  
• immunity from attacks
  
• loss prevention in all scenarios
  
  

Our Terms & Conditions govern all limitations of liability.

11. Contact

If you believe you have discovered a security issue or vulnerability, please notify us at:

info@advision-ecommerce.com

This Service Availability Statement (“Statement”) describes how CatalogPilot (“Service”) operated by AdVision eCommerce Inc. (“AdVision,” “we,” “us,” “our”) generally manages availability, maintenance, and updates.

This Statement is informational only and does not constitute a service-level agreement (SLA), warranty, or guarantee of uptime.

1. General Availability

CatalogPilot is designed to operate continuously, 24 hours a day, 7 days a week, except during planned or unplanned maintenance events.

While we strive to ensure high availability, we do not guarantee any specific uptime percentage.

2. Planned Maintenance

We may perform maintenance activities to:

• upgrade infrastructure
  
• improve performance
  
• deploy new features
  
• resolve known issues
  
• apply security patches
  
• update integrations
  

Planned maintenance may be performed:

• with or without notice
  
• during non-peak hours (when feasible)
  
• outside of your local timezone
  

During maintenance, the Service may be temporarily unavailable or experience reduced performance.

3. Unplanned Downtime

Unplanned downtime may occur due to:

• hosting provider issues
  
• network failures
  
• third-party API outages
  
• data center conditions
  
• software defects
  
• external attacks
  
• emergency patching
  
  

We respond to unplanned downtime as quickly as reasonably possible, but make no guarantee of response time or resolution time.

4. Dependencies On Third-Party Platforms

The Service relies on integrations with third-party platforms, including but not limited to:

• Shopify
  
• Lightspeed
  
• WooCommerce
  
• BigCommerce
  
• Ecwid
  
• Google Merchant Center
  
• Cloud infrastructure providers
  
• CDN providers
  
• Payment processors
  

We are not responsible for:

• failures or outages of these services
  
• API limitations
  
• rate limits
  
• platform policy changes
  
• deprecations or breaking updates
  
• data being unavailable from these platforms
  

Any such issues may impact Service availability or functionality.

5. Performance Considerations

Service performance may vary based on:

• data volume
  
• catalog size
  
• processing capacity
  
• concurrent load
  
• usage spikes
  
• network conditions
  

We optimize for reliability but do not guarantee minimum performance metrics.

6. Support Availability

Support channels operate during the hours listed on our website or documentation.

Response times are influenced by:

• issue severity
  
• staff availability
  
• timezone differences
  
• volume of requests
  

Support response times are not guaranteed.

7. Updates & Deployments

We regularly release updates that may include:

• improvements
  
• new features
  
• fixes
  
• backend changes
  
• infrastructure modifications
  

These updates may:

• occur without notice
  
• require temporary downtime
  
• modify or remove features
  

Your continued use of the Service constitutes acceptance of these updates.

8. Data Access During Outages

During outages or maintenance events:

• you may lose temporary access to your CatalogPilot dashboard
  
• ingestion, enrichment, and syncing may pause temporarily
  
• queued processes may resume once availability returns
  
  

We do not guarantee access to:

• historical logs
  
• real-time metrics
  
• processing queues
  
• pending tasks
  

during unavailability events.

9. Business Continuity

We maintain operational procedures designed to promote continuity and recovery, including:

• redundant hosting components (where applicable)
  
• routine backups
  
• monitoring tools
  incident response workflows
  

However, we do not guarantee continuity, disaster recovery times, RTO/RPO metrics, or failover availability.

10. No SLA Or Warranty

This Statement does not constitute:

• a warranty
  
• a service-level agreement
  
• an uptime guarantee
  
• a promise of uninterrupted service
  

Availability is provided “as-is” and “as-available” in accordance with the Terms & Conditions.

11. Changes To This Statement

We may update this Statement at any time.

Updates are effective upon posting.

Continued use of the Service constitutes acceptance.

Effective Date: January 1st. 2026

Parties:

This Data Processing Addendum (“Addendum”) forms part of the Terms & Conditions (“Agreement”) between:

AdVision eCommerce Inc., a Delaware corporation (“Processor”, “AdVision”, “we”, “us”, “our”),

and

Merchant (“Controller”, “you”, “your”).

This Addendum governs the processing of personal data relating to individuals located in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), or jurisdictions with similar data-protection requirements.

1. Definitions

Terms used but not defined in this Addendum have the meaning set out in the Agreement.

1.1 “Controller” means the Merchant, determining the purposes and means of processing Personal Data.

1.2 “Processor” means AdVision, processing Personal Data on behalf of the Controller.

1.3 “Personal Data” means any information relating to an identified or identifiable natural person.

1.4 “Sub-processor” means any third party engaged by AdVision to process Personal Data.

1.5 “Applicable Data Protection Laws” includes GDPR, UK GDPR, ePrivacy laws, CCPA/CPRA (to the extent applicable).

1.6 “Services” means CatalogPilot and related applications, hosting, APIs, metadata generation, and integrations.

2. Subject Matter, Duration & Nature Of Processing

2.1 Subject Matter: The Processor will process Personal Data solely to provide the Services.

2.2 Duration: For the duration of the Merchant’s subscription and for the retention period defined in the Privacy Policy.

2.3 Nature & Purpose:

• Catalog ingestion
  
• Metadata generation
  
• Product enrichment
  
• API sync
  
• Hosting
  
• Logging, analytics, AI workflows
  
• Support services
  

2.4 Type of Personal Data:

• Customer names, emails, phone numbers
  
• Shipping and billing data
  
• Catalog content (if it contains personal information)
  
• Analytics/usage logs
  

2.5 Categories of Data Subjects:

• Merchant’s customers
  
• Merchant’s staff
  
• End-users of the Merchant’s website
  
• Merchant account holders
  

3. Merchant Responsibilities (Controller Obligations)

Controller agrees that it:

3.1 Has a lawful basis for all Personal Data processed.

3.2 Has provided appropriate privacy notices to Data Subjects.

3.3 Will not instruct the Processor to process data in violation of law.

3.4 Is solely responsible for determining if the Services meet its legal obligations.

3.5 Is responsible for accuracy, quality, and legality of all Personal Data.

4. Processor Obligations

AdVision shall:

4.1 Process Personal Data only on documented instructions from Controller.

4.2 Maintain appropriate technical and organizational security measures.

4.3 Ensure staff with access are bound by confidentiality.

4.4 Assist with GDPR rights (access, rectification, deletion, portability).

4.5 Notify Controller of data breaches without undue delay.

4.6 Maintain logs and records to demonstrate compliance.

5. Sub-Processors

5.1 Controller authorizes AdVision to use Sub-processors necessary for providing the Service.

5.2 AdVision will ensure equivalent data-protection obligations are in place.

5.3 A current list may include:

• Hosting providers
  
• AI processing engines
  
• Database/infrastructure providers
  
• Monitoring tools
  
• Payment processors
  
• Email/SMS services
  

5.4 AdVision may update this list; continued use constitutes approval.

6. International Transfers

6.1 AdVision may transfer Personal Data internationally for service provision.

6.2 Transfers to the US or other countries rely on:

• Standard Contractual Clauses (SCCs)
  
• Processor agreements
  
• Equivalent safeguards
  

7. Data Security

AdVision will implement security measures including:

• Encryption in transit
  
• Access controls
  
• Role-based permissions
  
• Secure hosting
  
• Audit logging
  
• Incident response procedures
  

(More details in the “Security Practices” page linked from the Privacy Policy.)

8. Data Breach Notification

If AdVision becomes aware of a breach affecting Personal Data, AdVision will:

8.1 Notify the Merchant without undue delay.

8.2 Provide relevant details.

8.3 Assist in required notifications to authorities or individuals.

9. Data Subject Rights

AdVision will assist the Merchant with responding to:

• Access requests
  
• Deletion requests
  
• Rectification requests
  
• Objections and restrictions
  
• Portability requests
  

AdVision will not respond directly to Data Subjects unless required by law.

10. Return Or Deletion Of Data

Upon termination:

10.1 Merchant Data remains accessible for 30 days.

10.2 After 30 days, Personal Data may be deleted.

10.3 Anonymized data may be retained indefinitely.

11. Audit Rights

11.1 Controller may request information to verify compliance.

11.2 On-site audits are only permitted if required by law and with 60 days’ notice.

11.3 Merchant pays any audit-related costs.

12. Liability

Liability is governed by the Agreement.

Nothing in this Addendum expands AdVision’s liability beyond the Agreement’s limits.

13. Conflict Of Terms

If this Addendum conflicts with the Agreement, this Addendum controls solely for data-processing matters.

This Cookie Policy explains how AdVision eCommerce Inc. (“AdVision,” “we,” “us,” “our”) uses cookies and similar tracking technologies in connection with CatalogPilot and any websites or web-based interfaces we operate (“Sites”).

This Cookie Policy should be read together with our Privacy Policy, which describes how we handle personal information.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website or use a web application. Cookies allow us to:

• improve user experience
  
• understand how visitors use our Sites
  
• secure your account
  
• remember preferences
  
• analyze performance
  

Cookies may be set by us (“first-party cookies”) or by third parties (“third-party cookies”).

2. Types Of Cookies We Use

2.1 Strictly Necessary Cookies

These cookies are essential for the Sites and Service to function.

They enable:

• login and authentication
  
• session management
  
• security protections
  
• basic navigation
  

These cookies cannot be disabled.

2.2 Functional Cookies

These support features such as:

• saving user preferences
  
• remembering interface selections
  
• customizing the dashboard experience
  

You may disable these, but parts of the Service may not function properly.

2.3 Analytics & Performance Cookies

These cookies help us understand:

• which features are used
  
• how users interact with the Sites
  
• technical performance
  
• error rates and load times
  

This may include tools such as:

• first-party analytics
  
• hosting provider analytics
  
• anonymized performance metrics
  

We do not use analytics cookies to track individuals across websites.

2.4 Third-Party Cookies

Certain third-party services used by AdVision may place cookies, including:

• payment processors (e.g., Stripe)
  
• hosting/CDN providers
  
• operational monitoring tools
  
• customer support widgets (if enabled)
  

Third-party cookies are governed by the respective providers’ policies.

3. Do We Use Cookies For Advertising?

No.

We do not use:

• advertising cookies
  
• retargeting cookies
  
• cross-site tracking cookies
  
• behavioral advertising cookies
  

CatalogPilot is a B2B service and does not rely on advertising technologies.

4. How Long Do Cookies Last?

Cookies may be:

• Session cookies: deleted when your browser closes
  
• Persistent cookies: remain for a defined period or until deleted manually
  

We use a mixture based on functional need.

5. Cookie Management & Your Choices

You may control or delete cookies through:

• your browser settings
  
• privacy tools or built-in browser controls
  
• clearing site data
  
• disabling cookies entirely
  

If you block necessary cookies, the Service may not function correctly.

6. Similar Technologies

We may also use:

• local storage
  
• session storage
  
• API tokens
  
• pixel tags
  
• server-generated identifiers
  

These are used for authentication, performance, and functionality.

7. Changes To This Cookie Policy

We may update this Cookie Policy periodically.

Changes are effective upon posting.

Your continued use constitutes acceptance.

8. Contact

For questions about this Cookie Policy, contact:

info@advision-ecommerce.com

This Acceptable Use Policy (“AUP”) governs how Merchants and their Authorized Users (“you,” “your”) may access and use CatalogPilot, all related applications, APIs, metadata engines, services, and integrations (collectively, the “Service”) operated by AdVision eCommerce Inc. (“AdVision,” “we,” “us,” “our”).

By using the Service, you agree to comply with this AUP.

Violations may result in suspension or termination of your account without notice.

1. General Principle

The Service must only be used for lawful, legitimate business purposes.

You may not use it in any way that:

• violates laws;
  
• harms individuals or businesses;
  
• compromises security;
  
• disrupts service integrity;
  
• abuses the platform;
  
• misuses AI output or metadata.
  

AdVision reserves the right to determine, at its sole discretion, whether conduct violates this AUP.

2. Prohibited Content

You may NOT upload, process, transmit, or generate through the Service:

2.1 Illegal or harmful content:

• illegal goods or services
  
• controlled substances not lawfully permitted
  
• content that violates export control regulations
  
• malware, ransomware, spyware
  
• violent or graphic images inappropriate for commerce
  
• hateful, discriminatory, or extremist materials
  

2.2 Infringing materials:

• copyright-infringing text or images
  
• stolen product images
  
• pirated digital goods
  
• counterfeit products
  
• trademark violations
  

2.3 Fraudulent or misleading content:

• deceptive product listings
  
• false advertising
  
• manipulated metadata meant to game search engines
  
• fake testimonials or reviews
  

2.4 Sensitive personal data:

Unless legally required and explicitly permitted, you may NOT submit:

• government IDs
  
• credit card data
  
• medical information
  
• biometric data
  
• authentication secrets
  
• minors’ personal data
  

3. Prohibited Conduct

You may NOT, in connection with the Service:

3.1 Interfere with integrity or security

• attempt to bypass security controls
  
• attempt to gain unauthorized access
  
• probe, scan, or test systems without written consent
  
• introduce malware or harmful code
  
  

3.2 Abuse APIs or system resources

• excessive or automated scraping
  
• attempting DDoS or stress testing
  
• overwhelming the system with unrealistic loads
  
• using automated tools to artificially inflate processing volumes
  
  

3.3 Reverse engineering or copying

• reverse engineer, decompile, or disassemble the Service
  
• replicate UI, metadata logic, or AI models
  
• train competitive models using our outputs
  
• attempt to build competing services using our intellectual property
  
  

3.4 Platform policy evasion

You may not use CatalogPilot to:

• circumvent restrictions imposed by Shopify, Lightspeed, WooCommerce, Ecwid, Google, or any other platform
  
• exploit API limitations
  
• republish restricted or banned content
  
• intentionally mislead algorithms
  

4. Misuse Of AI Output

You may NOT use AI-generated metadata, descriptions, insights, or recommendations for:

• unlawful claims or false representations
  
• dangerous or harmful products
  
• SEO manipulation contrary to platform rules
  
• automated mass-generation of prohibited content
  
• deceptive practices
  

You are responsible for reviewing all AI-generated content before publishing.

5. Unauthorized Use Of Accounts

You may NOT:

• share login credentials with unauthorized individuals
  
• resell, sublicense, or transfer your account
  
• access the Service on behalf of others without written permission
  
• impersonate another person or entity
  

6. Spam & Unsolicited Activity

You may NOT use the Service for:

• unsolicited email campaigns
  
• mass-messaging
  
• spam metadata generation
  
• AI-created “keyword stuffing”
  
• black-hat SEO activities
  
• scraping other merchants’ stores
  

7. Third-Party Platform Compliance

Your use of the Service must comply with all terms, policies, and rules of the platforms you integrate with, including:

• Shopify
  
• Lightspeed
  
• WooCommerce
  
• BigCommerce
  
• Ecwid
  
• Google Merchant Center
  
• Social commerce channels
  
• Marketplace APIs
  

We are not responsible for any penalties, suspensions, or account actions resulting from your choices or publications.

8. Enforcement & Consequences

If we determine that you violated this AUP:

8.1 We may take any of the following actions:

• immediate account suspension
  
• restricted access to certain features
  
• permanent termination
  
• deletion of specific data
  
• refusal to onboard or reinstate
  
• legal referral if required by law
  

8.2 No refunds

Violations resulting in suspension or termination do not qualify for refunds.

9. Reporting Violations

To report abuse or violations of this AUP:

info@advision-ecommerce.com

10. Changes To This Policy

We may update this AUP at any time. The updated version becomes effective upon posting.

Continued use constitutes acceptance.