Privacy Policy

ColorCraft AI — Effective date: 18 March 2026 — Operated by Evitara

1. About This Policy

1.1 Evitara ("we", "us", "our") operates ColorCraft AI at colorcraft-ai.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service.

1.2 We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) as applicable to our users.

1.3 By using ColorCraft AI, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are and How to Contact Us

2.1 Data controller / responsible entity: Evitara (private member's association), Australia.

2.2 Privacy contact: jacques@colorcraft-ai.com

3. Information We Collect

3.1 Information you provide directly:

(a) Account registration: name, email address, password (hashed).
(b) Uploaded photos: images you upload for AI-powered coloring page generation.
(c) Payment information: billing name, email address, and transaction records. Card details are processed directly by Stripe and are not stored by us.
(d) Communications: messages you send to our support team.
(e) Parental or guardian consent details (where the user is aged 13 to 17).

3.2 Information collected automatically:

(a) Usage data: pages visited, features used, credits consumed, session duration.
(b) Device and browser information: IP address, browser type and version, operating system, device identifiers.
(c) Cookies and similar technologies: session cookies, preference cookies, and analytics identifiers.

3.3 Information from third parties:

(a) Payment confirmation and fraud signals from Stripe.
(b) Delivery status updates from Lulu for physical printed books.

4. Legal Basis for Processing (GDPR and UK GDPR)

This section applies to users in the European Economic Area and the United Kingdom.

Data category	Purpose	Legal basis
Account data	Create and manage your account	Article 6(1)(b) — performance of a contract
Uploaded photos	Generate coloring pages at your request	Article 6(1)(b) — performance of a contract
Payment data	Process credit purchases	Article 6(1)(b) — performance of a contract
Usage and analytics	Improve and secure the service	Article 6(1)(f) — legitimate interests
Marketing emails	Promotional communications	Article 6(1)(a) — consent
Children's data (ages 13–15 in EU)	Parental consent verification	Article 8 GDPR
Compliance records	Meet legal obligations	Article 6(1)(c) — legal obligation

5. Photo Upload and AI Processing

5.1 When you upload a photo, that image is transmitted to Base44 (an AI processing service, United States) solely for the purpose of generating your coloring page.

5.2 Your uploaded photos are NOT used to train, fine-tune, or improve any AI model.

5.3 We have a Data Processing Agreement (DPA) in place with Base44 that restricts their use of your photos to generation only.

5.4 Uploaded photos are automatically deleted from Base44's systems within 30 days of generation. Copies held on our infrastructure (Supabase) are deleted within 30 days of generation, or immediately upon your written request.

5.5 Generated coloring page files are retained in your account until you delete them or close your account.

5.6 If your photo contains images of other people, you are responsible for ensuring you have their consent. See Section 11 for rules about photos of minors.

6. How We Use Your Information

We use your personal information to:

(a) Create and manage your account.
(b) Process credit purchases and apply credits to your account.
(c) Generate coloring pages from your uploaded photos.
(d) Fulfil orders for physical printed books via Lulu.
(e) Provide customer support.
(f) Send transactional emails (order confirmations, generation notifications).
(g) Send marketing communications where you have consented.
(h) Detect and prevent fraud, abuse, and violations of our Terms of Service.
(i) Comply with applicable law.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

7. Sharing Your Information

7.1 We do not sell, rent, or trade your personal information to third parties.

7.2 We share your information only with:

(a) Stripe, Inc. (United States) — payment processing. PCI-DSS certified.
(b) Supabase, Inc. (United States) — cloud infrastructure and database hosting.
(c) Base44 (United States) — AI image processing. Receives your uploaded photos for generation only. Bound by DPA.
(d) Lulu Press, Inc. (United States) — print-on-demand fulfilment. Receives your name, shipping address, and book file for physical orders only.
(e) Law enforcement or regulators — where required by law or to protect safety.

8. International Data Transfers

8.1 Australia. Under APP 8, we disclose to overseas recipients: Stripe (US), Supabase (US), Base44 (US), and Lulu (US). We take reasonable steps to ensure these recipients handle personal information consistently with the APPs through contractual data processing agreements.

8.2 EU/UK users. Transfers to the United States are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission (EU transfers) and the UK International Data Transfer Agreement or addendum (UK transfers). You may request a copy of the relevant transfer mechanism by contacting us.

9. Data Retention

Data type	Retention period
Account data	Duration of account plus 2 years after closure
Uploaded photos (original)	30 days after generation, or immediately on request
Generated coloring page files	Duration of account or until you delete them
Payment and transaction records	7 years (Australian tax obligations)
Support communications	2 years from last contact
Server and access logs	90 days

10. Your Rights

10.1 Australian Privacy Act 1988. You have the right to access and request correction of the personal information we hold about you. If you are not satisfied with how we handle your personal information, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

10.2 GDPR (EU users). You have the right to: access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), object to processing (Article 21), withdraw consent at any time, and lodge a complaint with your national supervisory authority (see edpb.europa.eu).

10.3 UK GDPR (UK users). The same rights as in 10.2 apply. You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

10.4 CCPA (California users). You have the right to know what personal information we have collected, request deletion, and opt out of sale. We do not sell your personal information. We will not discriminate against you for exercising these rights. Contact jacques@colorcraft-ai.com to submit a CCPA request.

10.5 How to exercise your rights. Contact jacques@colorcraft-ai.com. We will respond within 30 days and may need to verify your identity first.

11. Children's Privacy

11.1 ColorCraft AI is not directed to children under 13 years of age.

11.2 Users aged 13 to 17 may use the service only with the consent and ongoing supervision of a parent or legal guardian.

11.3 For EU users, where applicable law sets a higher age of digital consent (up to 16), we require verifiable parental consent for users below that age.

11.4 We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created an account or uploaded photos, contact us immediately at jacques@colorcraft-ai.com and we will delete that information promptly.

11.5 If your coloring page project includes photos of a child, you confirm that you are that child's parent or legal guardian, or that you have obtained the parent or guardian's explicit consent.

12. Security

We implement TLS/HTTPS encryption for all data in transit, encryption of data at rest within Supabase, and access controls for staff and system access. No method of transmission or storage is 100% secure. Contact us immediately if you suspect unauthorised access to your account.

13. Cookies

13.1 We use session cookies (essential for login), preference cookies (to remember your settings), and analytics identifiers (to understand how the service is used).

13.2 You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or within the service. The effective date at the top of this page will reflect the latest revision.

15. Contact Us

For any privacy-related queries or to exercise your rights, contact: jacques@colorcraft-ai.com