Privacy Policy

Introduction

ChromaTime Studio ("we," "our," or "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect your information when you use our calendar generation service at chromatime.art.

This privacy policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

ChromaTime Studio is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us at:

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): For analytics and marketing cookies, we obtain your explicit consent before processing.
• Legitimate Interest (Article 6(1)(f)): For essential website functionality, security, and fraud prevention.
• Contract Performance (Article 6(1)(b)): To provide our calendar generation service when you make a purchase.
• Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations.

Information We Collect

Automatically Collected Information

• IP address and approximate location (for GDPR compliance and consent requirements)
• Browser type and version
• Device information (operating system, screen resolution)
• Pages visited and time spent on our site
• Referral source

Information You Provide

• Calendar designs you create (stored locally in your browser)
• Preferences and settings (stored locally)
• Payment information (processed securely by Stripe - we do not store card details)
• Email address (if you make a purchase, for order confirmation)

How We Use Your Information

We use information to:

• Provide and maintain our calendar generation service
• Process payments and deliver purchased calendars
• Analyze usage patterns to improve our service (with your consent)
• Ensure website security and prevent fraud
• Comply with legal obligations
• Send order confirmations and important service updates

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can control cookie preferences through our consent banner, which appears when you first visit our site.

You can change your cookie preferences at any time by clicking the "Manage Cookies" link in the footer of our website.

Google Analytics

We use Google Analytics 4 to understand how visitors interact with our website. Google Analytics is only activated after you provide consent for analytics cookies.

We have implemented the following privacy-enhancing measures:

• Google Analytics Consent Mode v2 - tracking only occurs after explicit consent
• IP anonymization enabled
• Data sharing with Google disabled where possible
• Advertising features disabled

For more information about how Google processes data, visit: Google Privacy Policy

Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Article 18): Request restriction of processing
• Right to Data Portability (Article 20): Receive your data in a portable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Article 7): Withdraw consent at any time via our cookie settings

To exercise any of these rights, please contact us at chromatime.art@gmail.com. We will respond within 30 days.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission:

Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include:

• HTTPS encryption for all data transmission
• Secure payment processing through Stripe (PCI DSS compliant)
• Regular security reviews and updates
• Limited access to personal data on a need-to-know basis

Data Retention

We retain information only as long as necessary for the purposes described in this policy:

• Consent records: Retained for the duration of consent plus 3 years for audit purposes
• Analytics data: 14 months (Google Analytics default)
• Purchase records: 7 years (for tax and legal compliance)
• Cookie preferences: Until you clear your browser data or change preferences

International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for Google Analytics and Stripe). We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all third-party processors
• Verification that recipients maintain adequate data protection standards

Third-Party Services

We use the following third-party services:

• Google Analytics: Website analytics (with consent)
• Stripe: Payment processing
• Vercel: Website hosting
• Railway: Backend API hosting

Each of these services has their own privacy policy and data protection measures.

Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. If we make significant changes, we may also request renewed consent for cookies.

Contact Us

If you have questions about this privacy policy, want to exercise your data protection rights, or have concerns about our data practices, please contact us: