Privacy Policy

Last Updated: July 2025

At ColorKin, your privacy is our priority. This policy details what personal information we collect, how we use it, with whom we share it, and your rights regarding your data.

1. Who is responsible for your data?

2. What data do we collect and why?

We collect the minimum data necessary to provide our services:

  • Email Address:
    • To deliver a digital gift: If you use a QR code or a form to download extra content, we need your email to send you the download link. The legal basis for this is the fulfillment of your request (similar to a contract).
    • For our newsletter: Only if you actively check the consent box, we will use your email to send you news, new releases, and offers. The legal basis is your explicit consent.
  • Technical Data (like IP address):
    • We automatically collect your IP address for security purposes, such as limiting repetitive requests (rate limiting) and protecting our forms from abuse and bots (using Google reCAPTCHA). The legal basis is our legitimate interest in protecting the integrity of our service.

3. How long do we keep your data?

  • Data for gift delivery: We retain this data for the time necessary to fulfill its purpose and for potential security audits.
  • Newsletter data: We retain this data indefinitely as long as you do not withdraw your consent. You can unsubscribe at any time using the link at the bottom of every email.

4. Who do we share your data with?

We do not sell, rent, or transfer your personal data. We only share it with the service providers that are essential for our operations:

  • Google (Firebase and Google Cloud): For website hosting, database (Firestore), and security analysis (reCAPTCHA).
  • SendGrid: The platform we use to send you emails (both for gifts and the newsletter).

These providers act as data processors and have their own privacy policies and security measures.

5. International Data Transfers

Our service providers (Google and SendGrid) are primarily based in the United States. This means your data may be transferred outside the European Economic Area. These transfers are conducted under data protection agreements and Standard Contractual Clauses that ensure a level of security equivalent to European regulations.

6. What are your rights?

In accordance with applicable law, you have the right to:

  • Access your personal data.
  • Request the correction of inaccurate data.
  • Request the deletion of your data.
  • Object to the processing of your data.
  • Request the limitation of processing.
  • Request the portability of your data.

You can exercise these rights by sending an email to hello@colorkin.com, attaching proof of your identity if necessary.

7. Security Measures

We have implemented the necessary technical and organizational measures to ensure the security of your data and prevent its alteration, loss, or unauthorized access or processing.

8. Changes to this Privacy Policy

We reserve the right to modify this policy to adapt it to new legislation or changes in our services. Any significant changes will be published on this page.