Privacy Policy

Effective Date: January 8, 2026
Version: 1.0

1. Who We Are

Colorburst is operated by topmind GmbH, Ziehrerstraße 24, 9020 Klagenfurt, Austria (Commercial Register: FN 498725x, VAT ID: ATU73652558).

Privacy contact: hi@colorburst.app

2. Data We Collect

Account data: Name, email address, password (hashed), OAuth provider info if you use social login.

Usage data: Templates you create, prompts, generation history, preferences.

Technical data: IP address, browser type, session tokens, device information.

Payment data: If we introduce paid features, payment processing will be handled by a third-party processor. We only store transaction IDs and subscription status.

Prompts and generations: The text prompts you submit and the coloring pages generated from them. We store these linked to your account in our database and in Langfuse (our AI monitoring tool, EU-hosted) for quality improvement and debugging.

3. Why We Process Your Data

• Contract (Art. 6.1.b): To provide the service, manage your account, generate templates.
• Consent (Art. 6.1.a): Marketing emails (you can withdraw anytime).
• Legitimate interest (Art. 6.1.f): Analytics, security, fraud prevention, service improvement.
• Legal obligation (Art. 6.1.c): Tax records, compliance requirements.

4. Where Your Data Is Stored

Our infrastructure is hosted in the EU on Hetzner (Germany). We keep your data within the EEA where possible, but some processing may involve transfers outside the EEA as described below.

Third-party services we use:

• AI providers: Your prompts are sent to Google Gemini for image generation. Your prompts may be transferred outside the EEA under Standard Contractual Clauses (SCCs). See Google's Privacy Policy for their data handling practices.
• Sentry: Error monitoring (EU data hosting).
• PostHog: Product analytics (EU data hosting).
• Langfuse: AI quality monitoring (EU data hosting).

All processors are contractually bound to GDPR standards via Data Processing Agreements. For any transfers outside the EEA, we rely on SCCs or adequacy decisions.

5. How Long We Keep Your Data

• Account data: Until you delete your account, plus 30 days for backups.
• Templates: Until you delete them or close your account.
• Analytics data: Up to 2 years.
• Legal records: 7 years (Austrian tax law).

6. Your Rights

Under GDPR, you have the right to:

• Access (Art. 15): Get a copy of your data.
• Rectification (Art. 16): Correct inaccurate data.
• Erasure (Art. 17): Delete your account and data.
• Restriction (Art. 18): Limit how we process your data in certain circumstances.
• Portability (Art. 20): Export your data in machine-readable format.
• Object (Art. 21): Object to processing based on legitimate interest.
• Withdraw consent (Art. 7.3): Withdraw marketing consent anytime.

To exercise these rights, email hi@colorburst.app . We respond within one month.

7. Cookies

Essential cookies: Required for authentication, security, and core functionality. These are strictly necessary and do not require consent.

Analytics cookies: We use PostHog (EU-hosted) to understand how people use Colorburst — which features are popular, where users get stuck, and how we can improve. These cookies are only set if you give consent via our cookie banner.

If you decline cookies or have Do Not Track enabled in your browser, we will not set analytics cookies or collect usage data linked to you.

You can change your cookie preferences at any time via the cookie settings link in the footer.

8. Do Not Track

We respect the Do Not Track (DNT) browser setting. If DNT is enabled, we treat it as declining analytics cookies — no tracking cookies will be set and no personal usage data will be collected.

9. Security

We protect your data with encryption (TLS in transit, encryption at rest), secure password hashing, access controls, and regular security monitoring. In case of a data breach, we will notify the supervisory authority within 72 hours as required by GDPR, and notify affected users without undue delay where the breach is likely to result in high risk to your rights.

10. Children

You must meet the minimum age for digital consent in your country to use Colorburst without parental consent. In Austria, this is 14 years old. Other EU member states set this between 13 and 16. If you are below this age, you need parental consent.

11. Changes

We may update this policy. For material changes, we will notify you via email at least 30 days before they take effect.

12. Complaints

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with a supervisory authority in the EU member state of your residence, workplace, or where the alleged infringement occurred.

Our lead supervisory authority is the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
www.dsb.gv.at

We encourage you to contact us first at hi@colorburst.app so we can resolve your concerns.

13. Contact

topmind GmbH
Ziehrerstraße 24, 9020 Klagenfurt, Austria
Email: hi@colorburst.app

See our Terms of Service for the full legal agreement.