Privacy Policy

1. Introduction

Palettt (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our color palette generation and community platform (“Service”).

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, username, display name, profile picture
• Profile Information: Bio, website, location, social media links (optional)
• Content: Color palettes, collections, descriptions, and comments you create
• Payment Information: Payments are processed securely by our payment provider Paddle. We do not collect or store your full payment details. Your payment information is handled in accordance with Paddle’s privacy practices.
• Communications: Messages you send to us for support or feedback

2.2 Information We Collect Automatically

• Usage Data: How you interact with our Service, features used, time spent
• Device Information: Browser type, operating system, device type, screen resolution
• Log Data: IP address, access times, pages viewed, referral URLs
• Cookies/Local Storage: Session management, preferences, and analytics data

2.3 Information from Third Parties

• OAuth Providers: When you sign in with providers such as Google or GitHub
• Analytics Services: Aggregated usage statistics from analytics providers

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Service
• Create and manage your account
• Process Pro membership subscriptions and payments
• Enable social features like following users and sharing palettes
• Send important updates about your account or the Service
• Provide customer support and respond to inquiries
• Analyze usage patterns to improve user experience
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Public Information

• Public palettes and collections you create
• Your public profile information (username, bio, etc.)
• Comments and interactions on public content

4.2 Service Providers

• Paddle: Payment processing for Pro subscriptions
• Email Services: Transactional emails and notifications
• Analytics Providers: Usage analytics and performance monitoring
• Cloud/Hosting: Hosting and data storage providers (e.g., Vercel and similar infrastructure providers)

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5. Data Security

We implement appropriate security measures to protect your information:

• Encryption of data in transit and at rest (where applicable)
• Secure authentication and session management
• Regular security updates and best-practice hardening
• Access controls and principle of least privilege
• Secure payment processing through PCI-compliant providers

6. Your Rights and Choices

You have the following rights regarding your personal data:

6.1 Account Management

• Update your profile information and preferences
• Control privacy settings for your content
• Manage email notification preferences
• Delete your account and associated data

6.2 Data Rights (GDPR/CCPA)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Export your data in a machine-readable format
• Objection/Restriction: Object to or request limitation of processing

To exercise these rights, contact us at palettelab.business@gmail.com. We may need to verify your identity before processing requests.

7. Cookies and Tracking

We use cookies and similar technologies (such as local storage) to operate and improve the Service:

• Essential: Authentication, security, and core functionality
• Preferences: Remember your settings and choices
• Analytics: Understand how you use our Service
• Performance: Monitor and improve reliability

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect functionality.

For more details, please see our Cookie Policy.

8. Data Retention

We retain your information for as long as necessary to:

• Provide our Service and maintain your account
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

When you delete your account, we will delete your personal information within a reasonable timeframe (typically within 30 days and no later than 90 days), except where retention is required for legal compliance or legitimate business purposes (e.g., fraud prevention, tax/audit).

9. International Data Transfers

Your information may be processed in countries other than your own. Where we transfer data internationally, we implement appropriate safeguards (such as standard contractual clauses) and work with providers that maintain adequate data protection standards. Our hosting/infrastructure providers (e.g., Vercel) may process data in multiple regions.

10. Children's Privacy

Our Service is not intended for children under the age of 13 (or the minimum age required to consent to data processing in your country). We do not knowingly collect personal information from children below this age. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us: