ChromaChecker Corporation ("ChromaChecker," "We," "Us," or "Our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
ChromaChecker is a B2B color management platform designed for organizations in the printing and color reproduction industry. We process primarily technical measurement data, with minimal personal data collection necessary for service delivery.
1. What Data Does ChromaChecker Collect?
1.1 Technical/Measurement Data
The primary data we collect describes technological processes: spectral measurement data; optical, physical, and chemical parameters; device calibration data; production quality metrics. This data is not personal data and relates to machines, devices, and processes.
1.2 Personal Data
We collect personal data in the following categories:
Main User (Account Owner): First name, last name, business email, business phone, company address — for contract execution, account management, support.
Staff/Operators (Optional): Nickname or name, email, login credentials — for access control, notifications, accountability.
Billing Information: Payment details, billing address — for payment processing.
Usage Data: IP address, browser type, access times, pages viewed — for security, analytics, service improvement.
Cookies: Session identifiers, preferences — for functionality, analytics (see Cookie Policy).
1.3 Data We Do NOT Collect
- Social Security or national ID numbers
- Biometric data
- Health information
- Data from children under 16
- Sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, etc.)
2. How Is My Data Collected?
We collect personal data through: direct from you (registration forms, account settings, support requests); automated collection (cookies, server logs, usage analytics); from your organization (when Main User adds staff members); third parties (payment processors, for transaction verification only).
3. Why Is My Data Collected? (Legal Basis)
Under GDPR, we process personal data based on the following legal grounds:
- Providing the Service — Contract performance (Art. 6(1)(b))
- Account management — Contract performance (Art. 6(1)(b))
- Billing and payments — Contract performance (Art. 6(1)(b))
- Customer support — Legitimate interest (Art. 6(1)(f))
- Security and fraud prevention — Legitimate interest (Art. 6(1)(f))
- Legal compliance — Legal obligation (Art. 6(1)(c))
- Service improvements — Legitimate interest (Art. 6(1)(f))
- Marketing communications — Consent (Art. 6(1)(a))
- Analytics (cookies) — Consent (Art. 6(1)(a))
You may withdraw consent at any time without affecting the lawfulness of prior processing.
4. Who Processes My Data?
4.1 Data Controller
ChromaChecker Corporation, 4324 Sanddollar Court, New Port Richey, FL 34652, USA. Phone: 651.717.0590. Email: privacy@chromachecker.com.
4.2 Data Processors (Sub-processors)
We use the following categories of service providers:
| Provider | Purpose | Locations |
|---|---|---|
| Cloud hosting (OVH) | Data storage and processing | USA, Canada, France, Poland |
| Payment processors | Transaction processing | USA, EU |
| Analytics (Google Analytics) | Usage analytics | USA |
| Email services | Transactional emails | USA |
We maintain Data Processing Agreements with all sub-processors. Current sub-processor list available upon request: privacy@chromachecker.com.
5. How Long Is My Data Stored?
- Active account data: Duration of service agreement
- Inactive account data: 180 days after last login, then deleted
- Billing records: 7 years (legal requirement)
- Support tickets: 3 years after resolution
- Server logs: 90 days
- Backup data: 60 days (rolling)
After 166 days of inactivity: warning email sent. After 180 days: account and all data permanently deleted. Data removed from backups within 60 days.
6. How Is My Data Protected?
6.1 Technical Measures
- Encryption in transit: TLS 1.2+ for all connections
- Encryption at rest: AES-256 for stored data
- Access controls: Role-based access, multi-factor authentication available
- Network security: Firewalls, intrusion detection, DDoS protection
- Data isolation: Multi-tenant architecture with logical separation
6.2 Organizational Measures
Employee background checks and confidentiality agreements; regular security training; access limited to personnel who need it; incident response procedures; regular security assessments.
6.3 Infrastructure
Our servers are hosted in certified data centers (OVH) with: ISO 27001 certification; SOC 2 compliance; physical security controls; redundant power and cooling; 24/7 monitoring.
7. What Are My Rights?
Depending on your location, you have the following rights:
- Access: Obtain a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure ("Right to be Forgotten"): Delete your data
- Restriction: Limit processing of your data
- Portability: Receive data in machine-readable format
- Object: Object to processing based on legitimate interest
- Withdraw Consent: Revoke previously given consent
- Non-Discrimination: Equal service regardless of privacy choices
- Opt-Out of Sale: Prevent sale of personal data
We do not sell your personal data.
To exercise rights: log in → "Manage Account" → edit/export/delete; or email privacy@chromachecker.com; or call 651.717.0590. GDPR requests: within 30 days. CCPA requests: within 45 days.
8. Does ChromaChecker Transfer My Data?
8.1 International Transfers
Your data may be transferred to and processed in: United States (primary); Canada; European Union (France, Poland).
8.2 Transfer Safeguards
For transfers outside the EEA/UK, we use Standard Contractual Clauses (SCCs) approved by the European Commission; Data Processing Agreements with all recipients; supplementary measures where required.
8.3 Adequacy Decisions
We rely on adequacy decisions where available (e.g., EU-US Data Privacy Framework for certified recipients).
9. Accountability Inspector (Staff Management)
9.1 Purpose
ChromaChecker offers an optional Staff Management feature allowing organizations to assign roles and permissions to employees.
9.2 Data Collected
Nickname or name (real name not required); email address (business email recommended); login credentials; role/permissions.
9.3 Responsibilities
Organization (Main User): Data Controller for employee data; responsible for legal basis, employee notification, and compliance with local labor laws. ChromaChecker: Data Processor; processes data only as instructed by the organization.
9.4 Recommendations
- Use job titles instead of real names where possible
- Use business email addresses only
- Regularly audit and remove inactive staff
- Inform employees about data processing per local law
10. AI Assistant (Peter)
10.1 Overview
ChromaChecker provides an AI-powered assistant ("Peter") to help users navigate the platform, answer questions, and optimize workflows.
10.2 Data Accessed by Peter
Peter has access to aggregated, statistical account data to provide contextual assistance: usage statistics; module usage; instrument inventory; feature utilization (~40 quantitative parameters).
10.3 Data NOT Accessed by Peter
Individual measurement values or spectral data; color specifications or formulas; project content or customer files; personal data (names, emails, contact information); billing or payment information; passwords or authentication credentials.
10.4 AI Service Providers
Peter is powered by: Google (Gemini) — current; Anthropic (Claude) — planned. These providers process user queries in real-time, do not retain conversation data for model training (per our agreements), and are bound by Data Processing Agreements.
10.5 Purpose Limitation
AI-processed data is used solely to answer questions, provide contextual help, suggest relevant features, and assist with troubleshooting.
10.6 No Automated Decision-Making
ChromaChecker does not use AI to make decisions affecting user account status, pricing, or any decisions with legal or significant effects. Peter is an assistance tool only.
11. Cookies and Tracking
We use cookies and similar technologies. See our Cookie Policy for details. Essential cookies: required for service function (no consent needed). Analytics cookies: Google Analytics (consent required). Preference cookies: remember your settings (consent required).
12. Children's Privacy
ChromaChecker is a B2B service not directed at children. We do not knowingly collect data from anyone under 16 years of age.
13. Do Not Track
ChromaChecker does not respond to DNT signals. Cookie use is governed by explicit user consent provided through the cookie consent banner.
14. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights: Right to Know; Right to Delete; Right to Correct; Right to Opt-Out; Right to Limit; Non-Discrimination. We do not sell or share personal data for cross-context behavioral advertising. Contact: privacy@chromachecker.com or 1-800-917-4568.
15. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email, prominent notice on our website, or in-app notification. Changes take effect 30 days after posting.
16. Contact Us
ChromaChecker Corporation, Attn: Privacy Team, 4324 Sanddollar Court, New Port Richey, FL 34652, USA.
Email: privacy@chromachecker.com | Phone: 651.717.0590 | North America Toll-Free: 1-800-917-4568 | Europe: +48.607.628.995
EU Representative (GDPR Art. 27): Appointed. Contact details available upon request at privacy@chromachecker.com.
UK Representative (UK GDPR): Appointed. Contact details available upon request at privacy@chromachecker.com.
17. Supervisory Authority
If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. List: https://edpb.europa.eu/about-edpb/about-edpb/members_en
© 2026 ChromaChecker Corporation. All rights reserved.
