Privacy Policy

Effective Date: May 19th, 2025

Welcome to Palette (“Palette,” “we,” “our,” or “us”). We care deeply about your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, and protect your information when you use our website, platform, mobile app, and related services (collectively, the “Service”).

This policy is designed to meet the privacy requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA).

1. Information We Collect

1.1 Information You Provide

You may provide us with:

• Full name
• Email address
• Password
• Business name and details
• Product inventory, sales history, event participation
• Billing/payment information (handled via secure third-party processor)

1.2 Information We Collect Automatically

When you access Palette, we may collect:

• Device and browser information
• IP address
• Usage data (e.g., clicks, navigation, feature usage)
• Cookies and similar tracking technologies

1.3 Information from Third Parties

When you authorize integrations (e.g., Square, Google Calendar), we collect:

• Sales transactions and catalog data
• Calendar and event information
• OAuth tokens and metadata

2. Legal Bases for Processing (GDPR)

We only process your personal data where we have a lawful basis to do so:

• Consent – e.g., marketing communications
• Contractual necessity – e.g., to deliver core features
• Legal obligation – e.g., for tax compliance
• Legitimate interest – e.g., analytics to improve services

You may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

3. How We Use Your Information

We use your information to:

• Provide, operate, and improve Palette
• Authenticate your identity
• Sync with integrated services
• Track inventory, sales, and business metrics
• Send service-related and promotional emails (with opt-out)
• Conduct research and usage analysis
• Comply with legal obligations

4. Sharing Your Information

We do not sell your personal data.

We may share information with:

• Service providers (e.g., cloud hosting, analytics, customer support tools)
• Integration partners (e.g., Square, Google, Stripe)
• Legal authorities if required by law or to protect our rights

All vendors are bound by data processing agreements to maintain security and confidentiality.

5. Your Rights

Under GDPR (EU/UK Users)

You have the right to:

• Access a copy of your personal data
• Correct inaccurate data
• Delete your data (“Right to be forgotten”)
• Restrict or object to processing
• Data portability (receive your data in machine-readable form)
• Withdraw consent

To exercise any GDPR rights, email us at hello@mypalette.com with the subject line: “GDPR Request”.

Under CCPA/CPRA (California Residents)

You have the right to:

• Know what personal information we collect and use
• Request deletion of your personal data
• Opt-out of the sale or sharing of personal data (we don’t sell)
• Non-discrimination for exercising your rights
• Correct inaccurate personal data
• Limit use of sensitive personal information

To submit a verified CCPA request, contact us at hello@mypalette.com with the subject line: “CCPA Request”.

We will verify your request using account credentials and may require additional verification for sensitive requests.

6. Data Retention

We retain data:

• As long as your account is active
• As required by law (e.g., financial and tax records)
• To resolve disputes and enforce agreements

When you request deletion, we securely remove your data unless retention is required by law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Authentication
• Session management
• Analytics and performance
• Marketing (only with consent in GDPR jurisdictions)

You may manage cookies through your browser settings or via our cookie banner if applicable.

8. Security

We implement industry-standard measures to protect your data, including:

• Encryption (TLS, at-rest)
• Firewall and intrusion detection
• Role-based access
• Periodic audits and access controls

While we strive for 100% security, no method is fully foolproof. Please use strong passwords and avoid sharing credentials.

9. International Data Transfers

If you are located outside the United States, note that your data may be processed in the U.S. or other countries. Where required by GDPR, we use Standard Contractual Clauses or other safeguards for lawful transfers.

10. Children’s Privacy

Palette is not intended for children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from minors. If we learn we’ve collected data from a child, we will delete it immediately.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notice. Your continued use of the Service constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us:

Palette Privacy Team
📧 hello@mypalette.com

If you are in the EU/UK, you also have the right to lodge a complaint with your local Data Protection Authority.