Colourblind Painter Pro ("we", "us", or "our") is operated by Brady Ruoss, a sole proprietor based in British Columbia, Canada. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in connection with the Colourblind Painter Pro platform (the "Service").

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). These laws require us to obtain your consent for the collection, use, and disclosure of your personal information, except where the law permits otherwise.

2. Information We Collect

Account information

When you register, we collect your first name, last name or company name, and email address. We store a hashed (one-way encrypted) version of your password — we cannot read your original password.

Payment information

Payments are processed by Stripe. We do not store your full card number, CVV, or expiry date. We retain only your Stripe customer ID and subscription ID to manage your billing relationship.

Usage data

We collect information about how you use the Service, including tool usage counts, feature interactions, and session timestamps. This helps us improve the Service and enforce subscription limits.

Uploaded content

Photos and files you upload for AI processing are stored temporarily in secure cloud storage. They are used solely to generate results for you and are not shared with third parties or used for AI model training.

Technical data

We may collect your IP address, browser type, operating system, and referring URL for security, fraud prevention, and service improvement purposes.

3. How We Use Your Information

We use your personal information to:

Create and manage your account
Deliver the features and tools of the Service
Process subscription payments and send billing receipts
Send transactional emails (password resets, account notices)
Respond to support requests
Monitor and enforce subscription usage limits
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations
Improve and develop the Service (using aggregated, de-identified data)

We do not sell your personal information to third parties. We do not use your personal information for targeted advertising.

4. Legal Basis and Consent

Under PIPEDA and PIPA, we rely on your consent as the primary legal basis for processing your personal information. By creating an account and using the Service, you consent to the collection and use described in this Policy. You may withdraw consent at any time by deleting your account, subject to any legal obligations that require us to retain certain records.

5. Disclosure of Your Information

We share your personal information only in the following circumstances:

Service providers: We share data with Stripe (payment processing), Resend (transactional email), and our cloud hosting provider. These providers are contractually bound to protect your data and may not use it for their own purposes.
Legal requirements: We may disclose your information if required by law, court order, or government authority.
Business transfers: If the business is sold or transferred, your information may be transferred as part of that transaction. You will be notified in advance.

We do not transfer your personal information outside Canada except to the service providers listed above, which may process data in the United States. Where data is transferred internationally, we ensure appropriate contractual protections are in place.

6. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required by law to retain it (e.g., financial records for tax purposes, which we retain for 7 years as required by the Income Tax Act).

Uploaded photos and AI-processed files are deleted from our servers within 90 days of upload unless you have saved them as part of a project.

7. Data Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls on our servers. No method of transmission over the internet is 100% secure. In the event of a data breach that poses a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA.

8. Cookies and Session Storage

We use a single secure, HTTP-only session cookie to keep you logged in. We also use localStorage to remember UI preferences such as dismissed onboarding prompts. No third-party advertising cookies are used.

9. Your Rights Under PIPEDA and PIPA

You have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Withdrawal of consent: Withdraw consent to the processing of your personal information (subject to legal obligations)
Deletion: Request deletion of your account and personal information
Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the BC Information and Privacy Commissioner

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated Policy on this page with a new effective date. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact and Privacy Officer

If you have questions or concerns about this Privacy Policy or our data practices, please contact our Privacy Officer:

Brady Ruoss

Colourblind Painter Pro

British Columbia, Canada

Email: [email protected]

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or call 1-800-282-1376.