Catalog Recall Monitor
CPSC-first recall monitoring
Data handling

How sample files are handled.

The workflow is intentionally narrow: redacted product rows in, source-backed recall review queue out. It is not upload-anything storage, not legal certification, and not a place for customer data.

Data scope CSV template
0 customer rows needed CPSC-first sources Manual review before delivery
01 You redact

Product rows only.

Send a small sample with product titles, brands, categories, SKUs, model numbers, UPCs, and public product URLs when available.

02 Preflight

Preflight checks the file.

Files containing obvious customer, payment, credential, or private financial data are blocked before recall matching. The formal privacy policy and pilot terms are published at /privacy.

03 Delete

Unneeded inputs are removed.

Concierge sample files are treated as temporary inputs for validation, not long-term customer records.

Review flow

Five boring controls before a report goes out.

01 / REDACT

You cut the file down.

Only product fields go into the test. No customers, orders, payment data, costs, margins, passwords, API keys, or full database exports.

02 / PREFLIGHT

The file gets screened.

Obvious sensitive fields or structurally useless files are stopped before they enter the CPSC matching step.

03 / SCAN

CPSC matching runs.

Rows are normalized and compared against official CPSC recall records. The output is suppress, manual review, or no visible match.

04 / REVIEW

A human pass happens.

The report is checked before delivery so obvious formatting issues, bad matches, and unsafe wording can be caught.

05 / EVIDENCE

You get source links.

Buyer-ready outputs can include HTML, PDF, and CSV report files with official source links and plain-English reasons for each flagged row.

06 / BOUNDARY

No safety claims.

Reports say whether a visible match was found in scanned official sources at the report time. They do not say a product is safe.

Stored during review

Only what the report needs.

The process stores the redacted sample file, normalized product rows used for matching, generated report files, source links, and brief notes needed to decide whether the workflow has real buyer pull.

Stored during review

limited
  • The redacted product sample you intentionally send
  • Normalized rows used for recall matching
  • Generated report files and official source links
  • Brief notes needed to decide whether the workflow is useful

Should not be sent

blocked
  • Customer names, emails, phone numbers, or addresses
  • Order history, transaction IDs, payment data, or returns records
  • Passwords, API keys, credentials, contracts, wholesale costs, or margins
  • Full databases or unredacted exports from production systems