Privacy Policy

Introduction

PaletteGen ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our color palette generator service. This policy is effective as of January 4, 2026, and complies with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

Information We Collect

Information You Provide

• Contact Information: Name and email address when you contact us
• Feedback: Messages, suggestions, or bug reports you submit
• Uploaded Images: Photos you upload for color extraction (processed locally, not stored on our servers)

Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on site
• Device Information: Browser type, operating system, IP address, device identifiers
• Cookies and Tracking: Essential cookies for site functionality

Information Stored Locally (Not Collected by Us)

The following data is stored locally on your device using browser localStorage and never leaves your device:

• Saved color palettes and palette history
• User preferences and settings
• Locked color selections

Important: This data is stored only in your browser's localStorage. We cannot access it, and it is not transmitted to our servers. You can delete this data at any time by clearing your browser's localStorage or using your browser's privacy settings.

We Do Not Sell Your Personal Information

Important Notice: We do not and will not sell your personal information to third parties for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising. All palette data is stored locally on your device via localStorage and never transmitted to our servers or third parties.

How We Use Your Information

• To provide and maintain our service
• To respond to your inquiries and support requests
• To improve and optimize our service based on usage patterns
• To analyze usage trends (anonymized and aggregated data only)
• To detect and prevent technical issues and abuse
• To send important updates about the service (if you've provided your email)
• To comply with legal obligations

Third-Party Services

We use the following third-party services that may collect information:

• Google Fonts: For typography. Subject to Google's privacy policy: Google Privacy Policy
• Tailwind CDN: For styling framework (CSS delivery only, no tracking)
• Material Icons: Icon font delivery via Google Fonts

Note: If we add analytics or additional third-party services in the future, we will update this privacy policy and notify users accordingly.

Global Privacy Control (GPC)

As of January 1, 2026, we honor Global Privacy Control (GPC) signals in compliance with CCPA/CPRA regulations. When we receive a GPC signal from your browser:

• We will not sell or share your personal information (though we don't currently do this anyway)
• We will respect your opt-out preference for any future tracking or analytics we may implement
• Your preference will persist across browsing sessions

To enable GPC, use a compatible browser or browser extension that supports this standard (e.g., Privacy Badger, DuckDuckGo Privacy Essentials, or browsers with built-in GPC support).

Current Status: Since we currently don't use tracking technologies that sell or share data, GPC signals are honored by default. If we implement analytics in the future, we will add visual confirmation when your GPC opt-out is processed.

Your Privacy Rights

California Residents (CCPA/CPRA Rights)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of personal information we've collected about you in the past 12 months (or longer upon request as of 2026)
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of your personal information (not applicable as we don't sell or share data)
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

EU/UK Residents (GDPR Rights)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Withdraw Consent: At any time, where we rely on consent

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: [email protected]
• Contact Form: Contact Page

We will respond to verified requests within 45 days. We may require additional information to verify your identity before processing your request.

Withdrawing Consent

Where our processing of your personal information is based on your consent, you may withdraw that consent at any time by:

• Clearing your browser's localStorage (removes all locally saved palettes and preferences)
• Disabling cookies in your browser settings
• Contacting us at [email protected]
• Using browser privacy controls or GPC-enabled browsers

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• HTTPS encryption for all data transmission
• Secure hosting infrastructure
• Regular security reviews and updates
• Access controls and authentication for any stored data
• Industry-standard encryption protocols

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

• Essential Cookies: Required for site functionality (cannot be disabled)
• Performance Cookies: Help us understand how visitors use our site (if implemented)
• Functionality Cookies: Remember your preferences

You can control cookies through your browser settings. Note that disabling essential cookies may affect site functionality. LocalStorage (used for saving palettes) is separate from cookies and persists until you manually clear it.

Children's Privacy

Our service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at [email protected] and we will take steps to delete such information.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Contact Form Submissions: Retained for 2 years or until resolved
• Usage Analytics: Aggregated data retained indefinitely; individual data deleted after 90 days (if implemented)
• LocalStorage Data: Stored on your device until you clear it; never transmitted to our servers
• Legal Compliance Data: Retained as required by law

When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EU/EEA.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top
• Providing prominent notice on our website for significant changes
• Sending email notification if you've provided your email address

We recommend reviewing this Privacy Policy periodically. Continued use of our service after changes constitutes acceptance of the updated policy.

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal information based on the following legal bases:

• Consent: When you've given us permission to process your information
• Legitimate Interests: To improve our service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Contract Performance: To provide the services you've requested