Privacy Policy

Paul Ungerer operates the website "Wada Sanzo Colors" at https://www.wada-sanzo-colors.com. I take your privacy seriously. To better protect your privacy, I provide this privacy policy notice explaining the way your personal information is collected and used.

Collection of Routine Information

This website tracks basic information about its visitors. This information includes, but is not limited to, IP addresses, browser details, timestamps and referring pages. None of this information can personally identify specific visitors to this website. The information is tracked for routine administration and maintenance purposes.

Personal Data Collection

When you create an account on our website, we collect and store the following personal data in our MongoDB database:

• Name: - provided during account creation via Google or Apple authentication
• Email address : - provided during account creation via Google or Apple authentication
• Favorite colors and combinations: - user-created color preferences and saved collections
• Account status: - indicates whether your account is on the Free tier or Pro tier (paid tier)
• Payment information: - transaction date and payment status (for order fulfillment and account access)

We do not use this data for any purpose other than providing our service, managing your account, and processing payments. We do not sell, share, or use your data for marketing, analytics tracking, or any other third-party purposes.

Data Processors

Your personal data is processed by the following third-party services:

Authenitcation Providers:

• Google - Processes your authentication data when you sign in with Google. Google acts as a data processor on our behalf. For information on how Google handles your data, please review Google's Privacy Policy.
• Apple - Processes your authentication data when you sign in with Apple. Apple acts as a data processor on our behalf. For information on how Apple handles your data, please review Apple's Privacy Policy.

Payment Processing:

• Stripe - Processes all payment transactions for paid tier access. Stripe acts as a data processor on our behalf and collects payment data including name, email, billing address, and payment method details. We store only your account status and transaction date in our systems. Stripe retains and processes actual payment method details according to Stripe's privacy policy and PCI DSS Level 1 requirements. We do not store complete credit card numbers or sensitive payment method data on our servers. For information on how Stripe handles your data, please review Stripe's Privacy Policy..

Cookies

The website only uses technical cookies. They are used to manage your login session after signing in with Google or Apple. These cookies are essential for authentication and are not used for tracking or profiling.

Website Analytics and User ID Tracking

We use Matomo Analytics to analyze how visitors use our website and improve our service. Matomo is configured without cookies for non-authenticated visitors, but we enable user ID tracking for authenticated users who have logged in via Google or Apple.

Data Collected for Non-Authenticated Visitors

For visitors who are not logged in, Matomo collects the following anonymized information:

• Page views and navigation patterns
• Device type, browser type, and operating system
• General location (country and city level)
• Referrer information
• Session duration

This data is anonymized and cannot identify you. No consent is required for this anonymized tracking.

Data Collected for Authenticated Users

When you log in via Google or Apple authentication, we track your user ID in Matomo to:

• Analyze your individual usage patterns across multiple visits
• Understand how authenticated users interact with premium features
• Improve our service based on user behavior

The User ID we track is your unique identifier from Google or Apple authentication. This User ID is pseudonymized in Matomo (replaced with a hashed identifier) to protect your privacy. However, this still constitutes personal data processing as it can be linked back to you.

Matomo Analytics as Data Processor

Matomo Analytics is hosted on our own servers (self-hosted) and is operated by Matomo under our control. Your data remains entirely under our control and is not transferred to third-party services. Matomo acts as a data processor on our behalf. For more information about Matomo's privacy practices, please review Matomo's Privacy Policy.

For user ID tracking, your data is retained for 12 months and then automatically deleted. Raw session data is retained for 90 days before aggregation and deletion.

Your Rights Regarding Analytics Data

You can request access to, correction of, or deletion of your analytics data at any time by contacting us at support@wada-sanzo-colors.com with the subject line "Analytics Data Request" or "Analytics Opt-Out Request." You may also opt out of user ID tracking while maintaining your account access.

Legal Basis for Data Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract Performance (Article 6(1)(b)) - We process your name, email, and account status to establish and maintain your account and provide access to our Service. We also track your user ID in Matomo to deliver and optimize your Free or Pro tier account experience.
• Payment Processing (Article 6(1)(b)) - We process payment information to complete your purchase and provide Pro tier access.
• Legitimate Interests (Article 6(1)(f)) - We process account data to prevent fraud, maintain security, and comply with legal obligations. We also process anonymized analytics data (for non-authenticated visitors) under our legitimate interest in understanding website usage patterns and optimizing user experience.

Data Retention

We retain personal data according to the following schedule:

• User account data (name, email, favorite colors) - Retained for as long as your account is active. Upon account deletion, user data is deleted within 30 days.
• Account status - Retained while your account is active. Deleted upon account termination.
• Matomo user ID analytics data - Retained for 12 months and then automatically deleted.
• Matomo session data (non-authenticated visitors) - Retained for 90 days before aggregation and deletion.
• Payment transaction records - Retained for 7 years to comply with VAT, accounting, and tax requirements, but retained in anonymized form. Personal identifiers are removed from payment records after 90 days.
• Payment method details - Not stored on our servers. Stripe retains payment method details according to their retention policies and PCI DSS standards.

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access - You can request a copy of the personal data we hold about you.
• Right to Correction - You can request correction of inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten) - You can request deletion of your account and personal data. Upon request, we will delete your account data within 30 days. Please note that payment transaction records necessary for legal and tax compliance will be retained for 7 years in anonymized form.
• Right to Data Portability - You can request your data in a portable format (name, email, favorite colors exported as JSON/CSV).
• Right to Object - You can object to certain types of data processing, including analytics user ID tracking.
• Right to Restrict Processing - You can request that we limit how we use your data.

For payment data subject access requests, please allow 30 days for processing.

To exercise any of these rights, contact us at support@wada-sanzo-colors.com with your request. Please include "GDPR Request" in the subject line.

Security

The security of your personal information is important to me, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While I strive to use commercially acceptable means to protect your personal information, I cannot guarantee its absolute security. We use secure connections (HTTPS/TLS) for all data transmission and store sensitive data in encrypted form.

Changes to This Privacy Policy

This Privacy Policy is effective as of November 4, 2025. It will remain in effect except concerning any changes in its provisions in the future, which will be in effect immediately after being posted on this page. I reserve the right to update or change my Privacy Policy at any time and you should check this Privacy Policy periodically. Significant changes will be communicated via email to registered users.

Contact Information

For any questions or concerns regarding the privacy policy, please send me an email at support@wada-sanzo-colors.com.