Privacy Policy
Last updated:
1. Information We Collect
Account information: When you create an account, we collect your email address and a hashed password. We do not store plaintext passwords.
Usage data: We record which features you use, palette operations performed, and export counts for entitlement enforcement and product improvement. This data is always scoped to your account.
Technical data: We collect standard server logs including IP address, browser type, and request timestamps. These are used for security monitoring and debugging.
2. How We Use Your Data
To provide the Service: authenticating your sessions, enforcing subscription entitlements, saving your palettes, and generating exports.
To improve the product: aggregated, anonymized usage patterns help us prioritize features and identify performance issues. We do not sell individual usage data.
To communicate with you: account-related notifications, security alerts, and — only with your consent — product updates. You can unsubscribe from non-essential communications at any time.
3. Data Storage and Security
Your data is stored in encrypted databases. Passwords are hashed using industry-standard algorithms. Sessions are managed via secure, HTTP-only cookies.
We implement access controls so that your palettes, design systems, and account data are visible only to you (or your organization, if applicable). All API and MCP requests are authenticated and tenant-scoped.
4. Cookies
We use essential cookies for session management and authentication. These are strictly necessary for the Service to function.
We use analytics cookies (Google Analytics) to understand aggregate traffic patterns. You can disable analytics cookies through your browser settings without affecting Service functionality.
5. Third-Party Services
We use third-party services for payment processing, email delivery, and analytics. These providers receive only the minimum data necessary to perform their function and are bound by their own privacy policies.
We do not sell, rent, or share your personal data with third parties for their marketing purposes.
6. AI and MCP Integration
When you use PerfectPalette through AI tools (MCP), the same privacy protections apply. Palette data processed through MCP tools is subject to the same tenant scoping and access controls as the web interface.
We do not use your palette data or design assets to train AI models.
7. Data Retention
Your account data and palettes are retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
Anonymized, aggregated usage data may be retained indefinitely for product analytics.
8. Your Rights
You have the right to access, correct, or delete your personal data. You can export your palettes and design systems at any time through the Service's export features.
If you are in the European Economic Area, you have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.
9. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notice. Continued use of the Service after changes constitutes acceptance.