Privacy Policy

Paul Ungerer operates the website "Wada Sanzo Colors" at https://www.wada-sanzo-colors.com. I take your privacy seriously. To better protect your privacy, I provide this privacy policy notice explaining the way your personal information is collected and used.

Collection of Routine Information

This website tracks basic information about its visitors through Matomo Analytics, a self-hosted analytics solution. This information includes, but is not limited to, IP addresses, browser details, timestamps and referring pages. For non-authenticated visitors, none of this information can personally identify specific visitors to this website. The information is tracked for routine administration and maintenance purposes.

Personal Data Collection

When you create an account on our website, we collect and store the following personal data in our MongoDB Atlas database:

• Name: - provided during account creation via Google or Apple Sign-In authentication
• Email address: - provided during account creation via Google or Apple Sign-In authentication
• Favorite colors and combinations: - user-created color preferences and saved collections
• Account status: - indicates whether your account is on the Free tier or Pro tier (paid tier)
• Payment information: - transaction date and payment status (for order fulfillment and account access)

We do not use this data for any purpose other than providing our service, managing your account, and processing payments. We do not sell, share, or use your data for marketing, analytics tracking, or any other third-party purposes.

Data Processors and Third-Party Services

Your personal data is processed by the following third-party services:

Authentication Providers:

• Google Sign-In - Processes your authentication data when you sign in with Google. Google acts as a data processor on our behalf. For information on how Google handles your data, please review Google's Privacy Policy.
• Apple Sign-In - Processes your authentication data when you sign in with Apple. Apple acts as a data processor on our behalf. For information on how Apple handles your data, please review Apple's Privacy Policy.

Payment Processing:

• Stripe - Processes all payment transactions for paid tier access. Stripe acts as a data processor on our behalf and collects payment data including name, email, billing address, and payment method details. We store only your account status and transaction date in our systems. Stripe retains and processes actual payment method details according to Stripe's privacy policy and PCI DSS Level 1 requirements. We do not store complete credit card numbers or sensitive payment method data on our servers. For information on how Stripe handles your data, please review Stripe's Privacy Policy.

Database and Data Storage:

• MongoDB Atlas - Hosts our user database containing your name, email, account status, and favorite colors. MongoDB Atlas acts as a data processor on our behalf and implements enterprise-grade security measures. Your data is stored in EU-compliant servers to ensure GDPR compliance.

Analytics:

• Matomo Analytics - A self-hosted analytics solution that collects anonymized information about how visitors use our website. For authenticated users who have logged in via Google or Apple Sign-In, we use Matomo's user ID tracking feature in a privacy-preserving manner. See the "Website Analytics and User ID Tracking" section below for complete details.

Cookies

The website only uses technical cookies. They are used to manage your login session after signing in with Google or Apple Sign-In. These cookies are essential for authentication and are not used for tracking or profiling. Analytics cookies are not used for authenticated users, as specified in our Matomo configuration.

Website Analytics and User ID Tracking

We use Matomo Analytics, a self-hosted analytics platform, to analyze how visitors use our website and improve our service. Matomo is configured without analytics cookies for non-authenticated visitors, but we enable user ID tracking for authenticated users who have logged in via Google or Apple Sign-In.

Data Collected for Non-Authenticated Visitors

For visitors who are not logged in, Matomo collects the following anonymized information without cookies:

• Page views and navigation patterns
• Device type, browser type, and operating system
• General location (country and city level)
• Referrer information
• Session duration

This data is anonymized and cannot identify you. No consent is required for this anonymized tracking.

Data Collected for Authenticated Users

When you log in via Google or Apple Sign-In authentication, we track your user ID in Matomo to:

• Analyze your individual usage patterns across multiple visits
• Understand how authenticated users interact with premium features
• Improve our service based on user behavior

The User ID we track is your unique identifier from Google or Apple authentication. This User ID is pseudonymized in Matomo (replaced with a hashed identifier) to protect your privacy. However, this still constitutes personal data processing as it can be linked back to you.

Self-Hosted Matomo Analytics

Matomo Analytics is hosted on our own servers (self-hosted) and operates under our direct control. Your analytics data remains entirely under our control and is not transferred to Matomo or any other third-party services. Matomo acts as a data processor on our behalf under our instructions. For more information about Matomo's privacy practices, please review Matomo's Privacy Policy.

For user ID tracking, your data is retained for 12 months and then automatically deleted. Raw session data is retained for 90 days before aggregation and deletion.

Your Rights Regarding Analytics Data

You can request access to, correction of, or deletion of your analytics data at any time by contacting us at [support@wada-sanzo-colors.com](mailto:support@wada-sanzo-colors.com) with the subject line "Analytics Data Request" or "Analytics Opt-Out Request." You may also opt out of user ID tracking while maintaining your account access.

Legal Basis for Data Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract Performance (Article 6(1)(b)) - We process your name, email, and account status to establish and maintain your account and provide access to our Service. We also track your user ID in Matomo to deliver and optimize your Free or Pro tier account experience.
• Payment Processing (Article 6(1)(b)) - We process payment information through Stripe to complete your purchase and provide Pro tier access.
• Legitimate Interests (Article 6(1)(f)) - We process account data to prevent fraud, maintain security, and comply with legal obligations. We also process anonymized analytics data (for non-authenticated visitors) under our legitimate interest in understanding website usage patterns and optimizing user experience.

Data Retention

We retain personal data according to the following schedule:

• User account data (name, email, favorite colors) stored in MongoDB Atlas - Retained for as long as your account is active. Upon account deletion, user data is deleted within 30 days.
• Account status (stored in MongoDB Atlas) - Retained while your account is active. Deleted upon account termination.
• Matomo user ID analytics data - Retained for 12 months and then automatically deleted.
• Matomo session data (non-authenticated visitors) - Retained for 90 days before aggregation and deletion.
• Payment transaction records (stored securely through Stripe) - Retained for 7 years to comply with VAT, accounting, and tax requirements, but retained in anonymized form. Personal identifiers are removed from payment records after 90 days.
• Payment method details - Not stored on our MongoDB Atlas servers or in our systems. Stripe retains payment method details according to their retention policies and PCI DSS standards.

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access - You can request a copy of the personal data we hold about you in our systems, including data stored in MongoDB Atlas and Matomo.
• Right to Correction - You can request correction of inaccurate or incomplete data stored in our systems.
• Right to Erasure (Right to be Forgotten) - You can request deletion of your account and personal data. Upon request, we will delete your account data (stored in MongoDB Atlas) within 30 days. Please note that payment transaction records necessary for legal and tax compliance will be retained for 7 years in anonymized form.
• Right to Data Portability - You can request your data in a portable format (name, email, favorite colors exported as JSON/CSV) from our MongoDB Atlas database.
• Right to Object - You can object to certain types of data processing, including analytics user ID tracking in Matomo.
• Right to Restrict Processing - You can request that we limit how we use your data.

For payment data subject access requests, please allow 30 days for processing.

To exercise any of these rights, contact us at [support@wada-sanzo-colors.com](mailto:support@wada-sanzo-colors.com) with your request. Please include "GDPR Request" in the subject line.

Security

The security of your personal information is important to me, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While I strive to use commercially acceptable means to protect your personal information, I cannot guarantee its absolute security. We use secure connections (HTTPS/TLS) for all data transmission and store sensitive data in encrypted form. Our MongoDB Atlas database includes enterprise-grade security, encryption at rest, and network isolation. Stripe handles payment data according to PCI DSS Level 1 standards.

Changes to This Privacy Policy

This Privacy Policy is effective as of November 15, 2025. It will remain in effect except concerning any changes in its provisions in the future, which will be in effect immediately after being posted on this page. I reserve the right to update or change my Privacy Policy at any time and you should check this Privacy Policy periodically. Significant changes will be communicated via email to registered users.

Contact Information

For any questions or concerns regarding the privacy policy, please send me an email at [support@wada-sanzo-colors.com](mailto:support@wada-sanzo-colors.com).