ColourMatchStart
Legal

Privacy Policy

Last updated · February 2026

Draft for review. Aligned to the Australian Privacy Principles. Please have an Australian privacy lawyer review before live trading.

1. Who we are

ColourMatch is an AI paint visualisation service operated from Australia. This Privacy Policy explains what personal information we collect, how we use it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information we collect

  • Account information — name, email, password (hashed), optional phone.
  • Uploaded photos — images you upload to render.
  • Render data — surface and colour selections, AI output metadata.
  • Payment metadata — Stripe session and status; we do not see or store your card number.
  • Technical data — IP address, browser, device, basic analytics.

3. How we use your information

  • To deliver the visualisation service (uploading photos to our AI provider for processing);
  • To authenticate you and protect your account;
  • To process payments via Stripe;
  • To respond to support enquiries;
  • To improve service quality and detect abuse;
  • To comply with legal obligations.

4. Third-party services we use

  • Google (Gemini) — receives your photo and prompt to generate the recoloured image. Subject to Google's privacy terms.
  • Stripe — processes payments. Subject to Stripe's privacy policy.
  • Emergent Object Storage — stores your photos and renders securely.
  • MongoDB — stores account and project metadata.

5. Where your data is stored

Your data may be processed in Australia, the United States, the European Union or other countries where our cloud providers operate. We require providers to apply security standards consistent with the Australian Privacy Principles.

6. How long we keep it

We keep account and project data for as long as your account is active, plus a reasonable period after closure to comply with legal obligations (typically 7 years for financial records). You may request earlier deletion of your photos and renders at any time.

7. Your rights

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Request deletion of your account and associated photos;
  • Withdraw consent for non-essential processing (e.g. analytics);
  • Make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, email privacy@colourmatch.com.au.

8. Cookies and analytics

We use a minimal set of cookies / local storage to keep you signed in. We do not sell your data. Any analytics we use is configured to anonymise IP addresses.

9. Security

Passwords are stored as bcrypt hashes. Sessions use signed JWT tokens with limited lifetime. Photos and renders are stored in encrypted object storage. We will notify affected users without undue delay in the event of an eligible data breach as required by the Notifiable Data Breaches scheme.

10. Children

ColourMatch is not directed to children under 16. If we become aware that we have collected personal information from a child without parental consent, we will delete it.

11. Changes to this policy

We may update this Privacy Policy. The “Last updated” date above will reflect the latest version. Material changes will be notified by email or in-app.

12. Contact us

For any privacy enquiries: privacy@colourmatch.com.au

Made with Emergent