Skip to main content

ColorMate.io Privacy Policy

Your privacy matters to us. This policy explains how ColorMate.io collects, uses, and protects your personal information.

What We Collect

We collect minimal data needed to provide our color tools: email for accounts, usage patterns for improving our service, and payment information processed securely through Stripe.

How We Protect Your Data

We use industry-standard encryption and security measures. Your data is stored securely and never sold to third parties.

Your Rights

You can access, update, or delete your data at any time through your account settings.

ColorMate.io

Privacy Policy

Last updated: 24/02/2026

What Information We Collect

Essential Service Data

We collect only the minimal data needed for ColorMate.io to work properly - like your usage patterns for palette generation and color matching.

Authentication Data

When you create an account, we store your email address and an encrypted version of your password. Don't worry - we use industry-standard encryption to keep your login safe!

Security & Safety

To keep ColorMate.io secure for everyone, we monitor:

  • Login attempts (to protect your account)
  • Usage patterns (to prevent abuse)
  • System activities (for security monitoring)
  • Basic session info (to prevent fraud)

Cookies & Local Storage

We use essential cookies for the site to work and optional ones (with your permission) for analytics. Your preferences are saved locally in your browser.

Color Vault Submissions

If you submit art supply data via Color Vault, we collect the color information you provide (hex values, names, brand details) along with your user ID for review purposes. Approved submissions become part of our public database. Your personal information is not publicly associated with submissions.

How We Use Your Information

Making ColorMate.io Work For You

  • Provide our amazing color-matching and palette tools
  • Keep you logged in securely
  • Help with support and answer your questions
  • Make the website better and more user-friendly

Keeping Everyone Safe

  • Prevent spam and abuse (nobody likes that!)
  • Detect suspicious activity to protect your account
  • Follow legal requirements and our Terms of Service
  • Investigate security issues if they happen

Who We Work With

Database & Authentication Services

Third-party cloud database and authentication provider (AWS-hosted)

Stripe

Secure payment processing

Analytics

Only if you consent

Art Retailers

Affiliate links only

We don't share your personal data with affiliate partners - those are just links to help you find art supplies!

Your Rights Under GDPR

As a user in the European Union, you have the following rights:

  • Right to Access: Request a copy of your personal data, including authentication and security data
  • Right to Rectification: Correct inaccurate personal data in your account
  • Right to Erasure: Request deletion of your personal data (subject to security and legal retention requirements)
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for optional data processing

Security Data Limitations: Certain security-related data (such as audit logs and security monitoring data) may be retained longer than other personal data for legitimate security interests, legal compliance, and fraud prevention purposes.

Legal Basis: We process security data under the legal basis of legitimate interests (service security and fraud prevention) and legal obligation (compliance with security regulations).

Children's Privacy & UK Age Verification

UK Online Safety Act Compliance: We implement age verification measures for UK users to ensure child safety online.

Age Verification: Users are required to verify they are 13 or older. Users under 13 require parental consent before accessing our services.

Parental Consent: For users under 13, we require verifiable parental consent before any data collection or service access. Parents can withdraw consent at any time.

Data Collection from Minors: We do not knowingly collect personal data from children under 13 without parental consent. If we become aware of such collection, we will delete the information promptly.

Age-Appropriate Features: Our platform is designed to be safe and educational for all ages, with enhanced protections for younger users.

Data Security

We implement comprehensive security measures including:

  • Encrypted password storage (industry-standard hashing, never plain text)
  • Secure authentication and session management
  • Database encryption, access controls, and monitoring
  • Server-side rate limiting to prevent abuse
  • Audit logging of all security-relevant activities
  • Strict admin access controls and privilege management
  • Security policies, assessments, and staff training

Security Incident Response: We maintain procedures to detect, respond to, and recover from security incidents. Users will be notified of significant breaches as required by law.

Limitations: While we implement robust measures, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security but continuously work to maintain the highest standards.

Data Retention

Security Logs: Retained for up to 2 years to support incident investigation, compliance, and security.

Authentication Data: Retained while your account is active, plus a reasonable period afterward.

Legal Requirements: Some data may be retained longer if required by law or to protect our rights.

Data Minimization: We regularly review and delete data no longer necessary for service, security, or legal purposes.

🍪 Cookies

Essential Cookies: Required for core functionality (always active)

Security Cookies: Session management and security monitoring (always active)

Analytics Cookies: Optional, requires consent

Marketing Cookies: Optional, requires consent

Manage preferences via our cookie banner, Cookie Settings, or browser settings.

🌍 International Data Transfers

Some data may be processed outside the UK/EU (for example, by Supabase or Stripe). Where this occurs, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) are in place to protect your rights.

📞 Contact Information

ColorMate.io is operated by Studio Bee.

For privacy or security-related questions or to exercise your rights, contact us:

📧 hello@colormate.io

💬 Use the feedback widget (bottom-right corner of any page)

You may also contact the ICO (UK regulator) at https://ico.org.uk.

We respond to data requests within one month as required under UK GDPR.

🔄 Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted here with a revised "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.