Privacy Policy
This Privacy Policy explains how W4D ("we") collects, uses, and protects your personal data when you use Colour Matcher. We're the data controller. You can contact us at hello@colourmatcher.com.
What we collect
- Account data: name, email address, password (stored hashed), the IP address you signed up from.
- Usage data: palettes, gradients, boards, images you upload, settings, and which features you use.
- Technical data: session cookies, browser type, IP address (logged for security), error logs.
- Payment data: if you subscribe, payment is processed by Paddle (our merchant of record). We never see or store your card details — only a customer token from Paddle.
How we use it
- To provide and operate the Service (lawful basis: contract).
- To send transactional email (account verification, password resets, billing): legitimate interest and contract.
- To improve the Service and develop new features, including training AI models on your content (lawful basis: legitimate interest, balanced against your rights — see the licence in our Terms).
- To prevent abuse and secure the Service (legitimate interest).
- To comply with legal obligations.
Who we share it with
- Fasthosts — UK hosting provider (data stored in the UK/EU).
- Google (Gemini API) — for AI features. Content sent to Gemini is processed under Google's commercial AI terms, which prohibit training Google's general models on your data.
- Paddle — for billing if you subscribe. Paddle is the merchant of record and receives the data needed to process your payment.
- Email recipients you choose — when you share a board, the recipient sees your name and email.
We don't sell your personal data to anyone, ever.
How long we keep it
Account data is retained while your account is active. If you delete your account, we delete personal data within 30 days, except where we're legally required to keep records (e.g. tax invoices for 6 years). Backups containing your data are typically purged within 90 days.
Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Request a portable export of your data.
- Object to processing based on legitimate interests.
- Withdraw consent (where consent is the lawful basis).
- Lodge a complaint with the Information Commissioner's Office (ico.org.uk).
To exercise any of these, email hello@colourmatcher.com.
Cookies
We use only essential session cookies needed to keep you signed in. We don't use tracking, advertising, or analytics cookies. If we add analytics later, we'll update this policy and ask for consent first.
International transfers
Data sent to Google's Gemini API may be processed on Google servers outside the UK/EU. These transfers are protected by Standard Contractual Clauses and Google's Data Processing Addendum.
Children
The Service is not intended for users under 18. We don't knowingly collect data from children.
Changes to this policy
We'll notify you of material changes by email and update the version date at the top of this page.
Contact
Questions, requests, or complaints? hello@colourmatcher.com. Or contact the ICO at ico.org.uk.