Legal

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.

Last updated: March 2026

1. Introduction

This Privacy Policy describes how NovaStack ("we", "us", "our") collects, uses, and protects your personal information when you use the Microsoft Bing Shopping Feed application ("the App"), available on the Wix App Market, and when you visit our website at bingfeed.novastack.co.

By installing the App or using our website, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App or our services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Who We Are

NovaStack is the company responsible for developing and operating the Bing Shopping Feed application. For any privacy-related questions, please use the contact form available on our website.

Our servers and data infrastructure are hosted on Infomaniak, a Swiss-based hosting provider with data centers in Switzerland and France (European Union).

3. Data We Collect

3.1 Wix Store Data

When you install the App and grant permissions, we access the following data from your Wix store:

  • Your store identifier and site information (site ID, locale, currency)
  • Product catalog data: titles, descriptions, prices, images, inventory, variants, SKUs, GTINs, and custom fields
  • Product collection memberships
  • Store locale and currency settings

We do NOT access customer data, orders, financial transactions, or payment information from your Wix store.

3.2 Microsoft Account Data

When you connect your Microsoft Advertising account via OAuth 2.0, we store:

  • OAuth access tokens and refresh tokens (encrypted at rest)
  • Your Microsoft Advertising account ID and Merchant Center catalog identifiers
  • Your selected campaign and catalog configuration

We do NOT store your Microsoft account password. Tokens are encrypted using AES-256 and can be revoked at any time from your Microsoft account settings or from the App dashboard.

3.3 Technical and Usage Data

When you use the App or visit our website, we may collect:

  • IP address (used for security, rate limiting, and spam prevention)
  • Browser type and version (for compatibility)
  • Pages visited and features used within the App dashboard
  • Sync logs: timestamps, product counts, success/error rates
  • Error logs for debugging and service improvement

3.4 Contact Form Data

When you submit a message through our contact form, we collect:

  • Your name
  • Your email address (used solely to reply to your inquiry)
  • The subject and content of your message

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Providing the service: Syncing your Wix product catalog to Microsoft Merchant Center on your behalf
  • Authentication: Maintaining your connection to Wix and Microsoft Advertising APIs using secure tokens
  • Sync management: Scheduling and executing product synchronization jobs based on your plan
  • Error handling: Detecting and reporting product sync errors so you can take corrective action
  • Service improvement: Analyzing aggregate, anonymized usage patterns to improve the App's reliability and features
  • Customer support: Responding to your messages and resolving technical issues
  • Legal compliance: Complying with applicable laws and regulations

We do not sell your data to third parties. We do not use your product data for advertising or any purpose other than providing the sync service.

5. Data Storage and Security

Your data is stored on servers operated by Infomaniak Network SA, hosted in Switzerland and France. Infomaniak is ISO 27001 certified and complies with GDPR requirements for European data residency.

We implement the following security measures:

  • All data transmitted between your browser, our servers, and third-party APIs is encrypted via TLS 1.3
  • OAuth tokens and sensitive credentials are encrypted at rest using AES-256
  • Database access is restricted to application services with the minimum necessary permissions
  • Application servers are regularly patched and updated
  • Access logs are monitored for unauthorized access attempts

Despite these measures, no system is 100% secure. If we become aware of a security breach affecting your data, we will notify you as required by law.

6. Data Retention

We retain your data for the following periods:

  • Active account data (product records, sync configuration): retained for as long as the App is installed on your Wix site
  • Sync logs: retained for 90 days, then automatically purged
  • Microsoft OAuth tokens: deleted immediately when you disconnect your Microsoft account or uninstall the App
  • Contact form messages: retained for 12 months after resolution
  • Technical logs: retained for 30 days for debugging purposes

When you uninstall the App from your Wix site, all your data is scheduled for deletion within 30 days.

7. Third-Party Services

To provide our service, we share limited data with the following third-party providers:

7.1 Wix

We interact with Wix APIs to read your product catalog and receive webhook notifications. Your use of Wix is governed by Wix's Privacy Policy.

7.2 Microsoft

We send your product data to Microsoft Merchant Center via the Microsoft Content API v9.1. Your product data, once submitted, is governed by Microsoft's Privacy Statement.

7.3 SendGrid (Transactional Email)

We use SendGrid by Twilio to send transactional emails (e.g., sync error notifications, contact form replies). SendGrid processes your email address for the purpose of delivering these messages only. See SendGrid's Privacy Policy.

7.4 Infomaniak (Hosting)

Our application and database run on servers operated by Infomaniak Network SA in Switzerland/France. See Infomaniak's Privacy Policy.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data. Note that uninstalling the App will trigger automatic data deletion within 30 days.
  • Right to restriction of processing: You may request that we limit how we process your data.
  • Right to data portability: You may request a machine-readable copy of your data.
  • Right to object: You may object to processing based on legitimate interests.

To exercise any of these rights, please contact us using the form on our Contact page. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

Our website uses only essential session cookies necessary for secure form submissions (CSRF protection) and maintaining your authenticated session within the App dashboard.

We do not use:

  • Tracking or analytics cookies
  • Third-party advertising cookies
  • Social media tracking pixels

Because we only use strictly necessary cookies, no cookie consent banner is required under GDPR.

10. Children's Privacy

Our App is designed for businesses and merchants. We do not knowingly collect personal data from individuals under 16 years of age. If you believe a minor has provided us with personal data, please contact us immediately so we can delete it.

11. International Data Transfers

Your data is primarily stored and processed in the European Union (France) by Infomaniak. When we transmit product data to Microsoft's API, this data may be processed in the United States. Microsoft participates in the EU-U.S. Data Privacy Framework, providing appropriate safeguards for such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of the App after changes are published constitutes your acceptance of the revised policy.

13. Contact

For privacy-related questions, data access requests, or concerns, please use the contact form on our Contact page. We do not publish direct email addresses to prevent spam, but we respond to all legitimate inquiries within 2 business days.