Legal
Privacy policy
This policy explains how we process personal data in accordance with the EU General Data Protection Regulation (GDPR). HelloColor is privacy-first: the color engine runs entirely in your browser, so your colors, presets, and settings are never sent to us.
1. Controller
Pascal Mager
Neusser Str. 497
50737, Cologne, Germany
https://www.HelloThere.de
2. Overview of processing
HelloColor performs all palette generation locally in your browser. We do not operate user accounts, and no color, preset, or design data is transmitted to our servers. The only personal data processed are the technical data necessarily involved in delivering the website (see Sections 4–6).
3. Data processed locally on your device (no transfer)
Custom presets. When you save a preset in the Preset Builder, it is stored in your browser’s localStorage. This data stays on your device, is not accessible to us, and can be deleted at any time by removing the preset in the app or clearing your browser’s site data. Because it is strictly necessary for the functionality you actively request, it is stored on the basis of Art. 6 (1)(f) GDPR (legitimate interest in providing the requested feature).
Shareable links. The generator can encode your base color, chosen preset, and settings into the page URL so a link reproduces the same palette. This information exists only within the link you choose to share and is not logged or stored by us.
4. Server log files
When you access the site, our hosting provider automatically collects and stores technical information that your browser transmits, in particular: IP address, date and time of the request, the page requested, referrer URL, browser type and version, and operating system.
Purpose & legal basis: This processing is necessary to deliver the site reliably, ensure stability, and protect against misuse. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in a secure and functional website).
Retention: Log data is stored only as long as necessary for these purposes and then deleted or anonymised.
5. Hosting (processor)
This site is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA, acting as our processor under a data processing agreement pursuant to Art. 28 GDPR. In providing hosting, Vercel processes the server connection data described in Section 4 on our behalf.
Third-country transfer: Processing may involve transfer to the USA. Such transfers are safeguarded by the EU Standard Contractual Clauses (Art. 46 (2)(c) GDPR) and, where applicable, the EU–US Data Privacy Framework.
6. Analytics
In production we use Vercel Analytics, a cookieless, privacy-friendly analytics service that measures aggregate usage (such as page views) without setting cookies and without collecting personally identifiable information or tracking you across websites.
Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in understanding and improving usage of the site in an aggregated, non-identifying manner). Because no information is stored on or read from your device beyond what is strictly necessary, no consent under § 25 (1) TDDDG is required. If you enable any cookie- or consent-requiring service, obtain consent under Art. 6 (1)(a) GDPR and § 25 (1) TDDDG first.
7. Cookies & consent
HelloColor does not set advertising or tracking cookies. It uses only browser storage that is strictly necessary for the features you request (see Section 3). Should optional, consent-based technologies be introduced, they will only be activated after you give consent, and you may withdraw that consent at any time with effect for the future.
8. Your rights as a data subject
Under the GDPR you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure / “right to be forgotten” (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent at any time (Art. 7 (3) GDPR)
To exercise any of these rights, contact us at [you@example.com]. Note that because we do not store your palettes, presets, or personal profiles on our servers, we may have no personal data of yours to provide or erase beyond transient server log data.
9. Right to object (Art. 21 GDPR)
Where we process personal data on the basis of legitimate interests (Art. 6 (1)(f) GDPR), you have the right to object at any time, on grounds relating to your particular situation, to such processing. We will then no longer process the data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
10. Right to lodge a complaint
Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
11. Data security
The site is served exclusively over encrypted TLS/HTTPS connections to protect data transmitted between your browser and the server against unauthorised access.
12. Changes to this policy
We may update this privacy policy to reflect changes to the service or legal requirements. The current version published on this page always applies. Last updated: [Month YYYY].
Note
This privacy policy is a template and does not constitute legal advice. Please have it reviewed by a qualified lawyer, complete all bracketed fields, and adjust it to your actual data processing before publishing.