Coloring It

Privacy Policy

Effective Date: January 2025

This Privacy Policy describes how Coloring It collects, uses, and protects your information when you use our AI-powered coloring page generation service.

1. Information We Collect

1.1 Account Information

What we collect:

  • Email address (required for account creation)
  • Display name (optional)
  • Profile preferences and settings
  • Account creation and last login dates

Why we collect it:

  • To provide and maintain your account
  • To communicate important service updates
  • To provide customer support
  • To prevent fraud and abuse

1.2 Payment and Billing Information

What we collect directly:

  • Billing email address
  • Subscription tier and status
  • Token purchase history and balance
  • General billing preferences

What Stripe collects on our behalf:

  • Credit card information (tokenized)
  • Billing address
  • Payment method details
  • Transaction history and receipts

Important: We never store full credit card numbers. All payment processing is handled securely by Stripe, our PCI-compliant payment processor.

2. How We Use Your Information

2.1 Service Provision

  • Account Management: Maintain your account and preferences
  • AI Processing: Generate coloring pages from your uploaded images
  • Billing: Process payments, manage subscriptions, and handle refunds
  • Communication: Send service updates, receipts, and support responses

2.2 Service Improvement

  • AI Enhancement: Improve our coloring page generation algorithms
  • Feature Development: Develop new features based on usage patterns
  • Performance Optimization: Monitor and improve service speed and reliability
  • Quality Assurance: Test new features and fix bugs

2.3 Security and Compliance

  • Fraud Prevention: Monitor for suspicious activity and prevent abuse
  • Legal Compliance: Meet regulatory requirements and respond to legal requests
  • Security Monitoring: Protect against unauthorized access and data breaches
  • Rate Limiting: Enforce usage limits and prevent service abuse

3. Payment Data Protection

3.1 Stripe Partnership

We partner with Stripe, a PCI DSS Level 1 certified payment processor, to handle all payment information. This means:

  • No Card Storage: We never store your full credit card information
  • Tokenization: Payment methods are tokenized for security
  • Encryption: All payment data is encrypted in transit and at rest
  • Compliance: Stripe maintains the highest level of payment security certification

3.2 What We Store vs. What Stripe Stores

We store:

  • Stripe customer ID (encrypted identifier)
  • Subscription status and tier
  • Token balance and transaction history
  • Billing preferences
  • Invoice and receipt information

Stripe stores:

  • Complete payment method details
  • Full transaction records
  • Billing addresses
  • Cardholder information

4. Data Security

4.1 Technical Safeguards

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Backup Security: Encrypted backups with geographic redundancy

4.2 Administrative Safeguards

  • Staff Training: Regular security training for all employees
  • Background Checks: Security clearance for personnel with data access
  • Incident Response: Established procedures for security incidents
  • Compliance: Regular audits and compliance reviews

5. Your Privacy Rights

5.1 Access and Control

You have the right to:

  • Access: View all personal information we have about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Export your data in machine-readable format
  • Objection: Object to certain processing activities

5.2 Account Controls

In your account settings, you can:

  • Update personal information and preferences
  • Manage payment methods and billing information
  • Download your data and transaction history
  • Delete your account and associated data

5.3 Exercising Your Rights

To exercise your privacy rights:

  • Email: privacy@coloringit.com
  • Account Settings: Most rights can be exercised directly in your account
  • Response Time: We respond to requests within 30 days
  • Verification: We may need to verify your identity for security

6. Data Retention

Account Data

  • Active accounts: Retained while active
  • Inactive accounts: Deleted after 3 years
  • Deletion requests: Processed within 30 days

Payment Data

  • Transaction records: 7 years (legal requirement)
  • Payment methods: Deleted when removed
  • Billing history: Available during retention period

Usage Data

  • Analytics: Anonymized data retained longer
  • Logs: Technical logs retained for 90 days
  • Content: Per user preferences

7. International Data Protection

7.1 GDPR (European Users)

  • Legal Basis: Legitimate interest, contract performance, and consent
  • Data Protection Officer: Available for GDPR-related inquiries
  • Supervisory Authority: Right to file complaints with local data protection authority

7.2 CCPA (California Users)

  • Categories of Information: Detailed in sections above
  • Sale of Information: We do not sell personal information
  • Right to Know: Detailed information about data collection and use

8. Contact Information

Privacy Inquiries

Email: privacy@coloringit.com

Response time: 30 days maximum

General Support

Email: support@coloringit.com

Billing: billing@coloringit.com

Summary for Quick Reference

Key Points:

  • Payment Security: All payments secured by Stripe
  • Data Minimization: We collect only what's necessary
  • User Control: Access, correct, or delete your data
  • No Selling: We never sell your personal information
  • Security: Bank-level encryption and security
  • Compliance: GDPR, CCPA, and privacy law compliance

Questions? Contact us at privacy@coloringit.com

Last updated: January 2025

This policy may be updated periodically. We will notify users of material changes.