Legal

Privacy Policy

Last updated: April 7, 2026

1. Who we are

Color Alchemy Pro is operated as a sole-trader professional service. For questions about this policy, contact us at privacy@coloralchemy.eu.

2. What data we collect

  • Account data — name, email address, hashed password.
  • Billing data — name, address, city, country, postal code (stored only when you provide it in account settings).
  • Order data — product(s) purchased, transaction amount, date, Stripe payment reference.
  • Technical data — IP address (in server logs, retained 30 days), browser type (session only).

3. Why we collect it

  • To authenticate your account and protect it.
  • To deliver digital products and generate download links.
  • To send order confirmation emails.
  • To issue invoices (billing data).
  • To operate the affiliate program (referral codes, commissions).

4. Legal basis (GDPR)

We process your data under the following legal bases:

  • Contract performance — processing orders, delivering products.
  • Consent — creating an account, marketing communications (opt-in only).
  • Legitimate interest — fraud prevention, system security.
  • Legal obligation — tax record keeping.

5. Cookies

We use cookies and similar storage only as described below:

  • refreshToken — HTTP-only cookie for session management (7 days).
  • cookie_consent — localStorage flag recording your consent choice.

If you click Accept on the cookie banner, we load Google Analytics 4 to measure aggregated traffic (pages viewed, approximate location, device/browser). GA may set its own cookies. You can refuse by choosing Decline non-essential or closing the banner without accepting analytics. We do not use advertising pixels such as Meta/Facebook for retargeting.

6. Data sharing

Your data is shared only with:

  • Stripe — payment processing (they receive only what's needed for the transaction; we never store full card numbers).
  • Resend — transactional email delivery (order confirmations, download links).
  • Google (Analytics) — only if you accept analytics cookies in the banner; aggregated website usage statistics. See Google's privacy policy.

We do not sell your data. Ever.

7. Data retention

  • Account data: retained while your account is active.
  • Order records: retained 7 years (legal/tax obligation).
  • Server logs: 30 days.

8. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data (available in Dashboard → Settings).
  • Erasure — request deletion of your account and personal data (subject to legal retention obligations).
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — at any time, without affecting prior lawful processing.

To exercise any right, email privacy@coloralchemy.eu. We will respond within 30 days.

9. Security

Passwords are hashed using bcrypt (cost factor 12). Data is stored on a private VPS with restricted access. All connections are encrypted via TLS. Database backups are encrypted at rest.

10. Changes to this policy

We may update this policy. Material changes will be communicated via email to registered users. The date at the top of this page always reflects the latest version.

Terms of Service →← Back to home