Privacy Policy

• • Email: data@palettebuddy.com
• • DPO: data@palettebuddy.com

Your photos never leave your browser and are never stored on our servers.

• Email, username, password — authentication (contract)
• Gender, language, avatar — personalization (consent)
• Selected season, analysis history — service (contract)
• Name, billing address — invoicing (legal obligation)
• Subscription status, Stripe ID — subscription (contract)
• Subscription type (monthly / annual), renewal date — billing, renewal reminders (contract / legal obligation)
• Technical logs — security (legitimate interest)

• Active account: while active, deletion within 30 days of request.
• Inactive account: auto-deletion after 36 months.
• Invoices: 10 years (legal obligation).
• Technical logs: max 12 months.

• Supabase (DB + auth) — EU.
• Stripe Payments Europe Ltd — Ireland.
• Lovable (frontend hosting) — EU.
• PostHog Inc. (anonymous usage analytics) — United States.

No data is sold or shared for advertising purposes.

• Access, rectification, erasure, portability (export JSON in "My account"), objection.
• Withdraw consent anytime.
• Complaint to CNIL: https://www.cnil.fr/fr/plaintes

Only strictly necessary technical cookies (auth + language). No advertising cookies.

We use PostHog (PostHog Inc., United States) to measure application usage. PostHog is configured in cookieless mode (data stored in memory only, no persistent identifier) and does not require prior consent under CNIL guidelines. No directly identifying personal data is transmitted.

HTTPS/TLS encryption. Passwords hashed (bcrypt). Row-level security on database.

The Service is restricted to users 15+ (French digital consent age).

For any question: data@palettebuddy.com