Privacy Policy

Last updated: March 20, 2026

This Privacy Policy describes how Colir ("we", "us", "our") collects, uses, and protects information when you use our website and application at colir.space and related services (the "Service"). The Service is operated by Colir.

1. Information we collect

We may collect:

• Account information: email address, name, profile picture URL, and unique account identifier if you create an account or sign in via Google. When you use Google sign-in, we receive your Google account name, email address, and profile photo through Google's authentication API. Google's own privacy policy also applies to that data.
• Usage data: how you use the Service (e.g. features used, export counts, licence type) to operate and improve the product.
• Payment-related data: purchases and subscriptions are processed by our payment provider (Paddle.com). We do not store your full payment card details. Paddle's processing is subject to their privacy policy.
• Technical data: device and browser information, IP address, and similar data necessary for security and operation.

2. Cookies and similar technologies

The Service uses cookies and similar technologies to:

• Essential cookies: maintain your session, remember your authentication state, and enable core functionality. These are strictly necessary and cannot be disabled while using the Service.
• Functional cookies: remember your preferences and settings within the application.

We do not currently use third-party advertising or tracking cookies. If we introduce analytics or other non-essential cookies in the future, we will update this section and, where required by law, obtain your consent before placing them.

3. How we use your information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Process purchases and manage licenses (via Paddle and our systems).
• Respond to support requests and communicate with you.
• Comply with legal obligations and enforce our terms.
• Analyse usage in an aggregated, non-personally-identifying way to improve the product.

4. Legal basis (where applicable)

Where required by law (e.g. in the EEA/UK), we process personal data on the basis of: performance of a contract with you, your consent, our legitimate interests (e.g. security, product improvement), or legal obligation.

5. Data retention

We retain your data only as long as necessary to provide the Service, fulfil purchases, comply with law, or resolve disputes.

• Active accounts: account and usage data are retained while your account exists.
• After deletion: when you delete your account, we remove your primary account data. However, we may retain limited records (such as your email address, account creation date, licence type at time of deletion, and aggregate usage statistics) for up to 12 months after deletion for fraud prevention, dispute resolution, and compliance with legal obligations.
• Payment records: transaction and licence records may be retained as long as required by applicable tax and accounting law.

You may request deletion of your account and associated data by contacting us. Deletion is subject to the retention periods described above and applicable law.

6. Sharing of data

We may share data with:

• Paddle: to process payments; Paddle acts as Merchant of Record and has its own privacy policy.
• Google: authentication data is exchanged with Google when you use Google sign-in, subject to Google's privacy policy.
• Service providers: hosting, email, and other providers necessary to run the Service, under contractual safeguards.
• Authorities: when required by law or to protect our rights and safety.

We do not sell your personal data. We do not share your personal data for advertising purposes.

7. Your rights

Depending on your location, you may have the right to access, correct, delete, or port your data, object to or restrict processing, and withdraw consent. To exercise these rights or ask questions, contact us at the email below. You may also have the right to lodge a complaint with a supervisory authority.

8. Security

We use reasonable technical and organisational measures to protect your data. No system is completely secure; we do not guarantee absolute security.

9. International transfers

Data may be processed in countries outside your residence. Where we transfer data outside the EEA/UK, we use appropriate safeguards as required by applicable law (such as adequacy decisions or standard contractual clauses where available).

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will be revised. Continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact

Colir
Email: help@colir.space
X (Twitter) · Instagram