Supa Colors
Supa ColorsStudio
← Back to Home

Privacy Policy

Last updated: January 31, 2026

1. Introduction

This Privacy Policy describes how Supa Colors Studio ("we", "our", or "us") collects, uses, and protects your personal information when you use our service. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and applicable Italian data protection laws.

2. Data Controller

The data controller responsible for processing your personal data is:

For any questions regarding this Privacy Policy or to exercise your rights, please contact us at hello@supacolors.studio.

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, username, and password when you create an account
  • Profile Information: Optional profile information you choose to provide
  • Content: Color systems, palettes, and other content you create using our service
  • Payment Information: Processed securely through LemonSqueezy (we do not store payment card details)
  • Communication: Messages you send to us via email or through our service

3.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our service (pages visited, features used)
  • Device Information: Browser type, device type, operating system, IP address
  • Cookies: See our Cookie Policy for detailed information

4. How We Use Your Information

We use your personal information for the following purposes:

  • To provide, maintain, and improve our service
  • To process your account registration and manage your account
  • To process payments and manage subscriptions
  • To communicate with you about your account, service updates, and support requests
  • To analyze usage patterns and improve user experience (with your consent for analytics cookies)
  • To ensure security and prevent fraud
  • To comply with legal obligations

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide the service you requested and fulfill our contractual obligations
  • Consent: For analytics cookies and optional features (you can withdraw consent at any time)
  • Legitimate Interest: To improve our service, ensure security, and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Sub-processors

We share your data with trusted third-party service providers who help us operate our service:

Sub-processors:

  • Vercel Inc. (United States) - Hosting and infrastructure. Vercel is certified under the EU-US Data Privacy Framework.
  • Supabase Inc. (United States) - Database and authentication services. Supabase is GDPR compliant and certified under the EU-US Data Privacy Framework.
  • LemonSqueezy (United States) - Payment processing. LemonSqueezy is PCI-DSS compliant and processes payments securely.
  • Resend (United States) - Email delivery service for transactional emails.
  • Datafast - Privacy-focused website analytics. Datafast is cookieless and collects only anonymous, aggregated data (loaded only with your consent).
  • GitHub (United States) - OAuth authentication for Git Sync feature (if used).

All sub-processors are bound by data processing agreements and appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable.

We do not sell your personal information to third parties. We may disclose your information if required by law or to protect our rights and the safety of our users.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework certification for US-based processors
  • Other appropriate safeguards as required by GDPR

8. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, please contact us at hello@supacolors.studio. We will respond to your request within one month.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure authentication and access controls
  • Regular security assessments
  • Secure hosting infrastructure

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe your rights have been violated.