Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how Color Deficient, operating at colordeficient.me ("Site," "we," "our," or "us"), collects, uses, discloses, and protects personal information obtained from users ("you," "your," or "User") of our Site and related services ("Services"). By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by this Policy and our Terms of Service. If you do not agree with this Policy, please do not use our Site or Services.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Create an Account: Email address and encrypted password
• Place an Order: Full name, email address, and shipping address (account registration is not required for store purchases)
• Make a Payment: Payment information is processed securely through Stripe, Inc. We do not directly collect, store, or have access to your credit card or banking information. Stripe is a PCI-DSS Level 1 certified payment processor.
• Submit a Commission Request: Name, email address, phone number, project details, preferences, delivery address, and any additional information you provide
• Contact Us: Name, email address, and any information included in your correspondence

2.2 Information Automatically Collected

When you access our Site, we automatically collect certain information through server logs, including but not limited to:

• Internet Protocol (IP) address
• Device type, operating system, and browser type
• Date and time of access
• Pages viewed and features accessed

2.3 Service Identifiers

When you interact with payment features, a unique customer identifier is created and stored with our payment processor (Stripe) to facilitate transactions.

2.4 Cookies and Similar Technologies

We use a single essential HttpOnly cookie to authenticate users and maintain your login session. This cookie is strictly necessary for the operation of our Services and cannot be used by third-party scripts. We do not use third-party advertising cookies or tracking technologies for behavioral advertising purposes.

3. Legal Basis for Processing (GDPR)

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and using your personal information depends on the specific context in which we collect it:

• Performance of a Contract: Processing is necessary to fulfill our contractual obligations to you (e.g., processing orders, account management)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications)
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, network security, and improving our Services, provided such interests are not overridden by your data protection rights
• Legal Obligation: Processing is necessary to comply with applicable laws and regulations

4. How We Use Your Information

We use collected information for the following purposes:

• To create, maintain, and secure your user account
• To process and fulfill orders, including shipping and delivery
• To process payments through our third-party payment processor (Stripe)
• To send transactional communications, including order confirmations, shipping notifications, account verification emails, and password reset instructions
• To send marketing and promotional communications, only with your express consent and with the ability to opt-out at any time
• To respond to your inquiries, customer service requests, and support needs
• To detect, prevent, and address technical issues, fraud, and security vulnerabilities
• To analyze Site usage and improve our Services, user experience, and product offerings
• To comply with legal obligations, resolve disputes, and enforce our agreements

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

5.1 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Site and Services, including:

• Amazon Web Services (AWS SES): Email delivery services for transactional and marketing communications, subject to AWS's privacy policy and terms of service
• Stripe, Inc.: Payment processing services, governed by Stripe's privacy policy
• Shipping Carriers: Third-party carriers (e.g., USPS, UPS, FedEx) for order fulfillment. If you opt in during checkout, your email address may also be shared with the carrier so they can send you tracking updates directly. You can opt out of carrier tracking emails at any time by contacting us.

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5.2 Legal Requirements and Protection of Rights

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (e.g., subpoena, court order, search warrant)
• Governmental or regulatory requests
• Protection of our rights, property, or safety, or that of our users or the public
• Investigation of potential violations of our Terms of Service
• Detection, prevention, or addressing of fraud, security, or technical issues

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email and/or prominent notice on our Site of any change in ownership or use of your personal information.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Email Communications and Marketing

6.1 Transactional Emails

We send transactional emails that are necessary for the operation of our Services, including account verification, password reset instructions, order confirmations, and shipping notifications. These communications are not promotional in nature and cannot be opted out of, as they are essential to providing you with our Services.

6.2 Marketing Communications

With your express consent, we may send you marketing emails about new products, special offers, and other information we think may interest you. You may opt out of receiving marketing communications at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email
• Updating your email preferences in your account settings
• Contacting us directly at colordeficient@outlook.com

6.3 Email Compliance and Suppression

We comply with the CAN-SPAM Act, GDPR, and AWS Simple Email Service (SES) policies. We maintain email suppression lists and automatically cease sending emails to addresses that result in hard bounces or spam complaints to protect our email reputation and comply with anti-spam regulations.

7. Data Security

We implement industry-standard administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Password encryption using BCrypt hashing algorithm (one-way cryptographic function)
• Secure Socket Layer (SSL/TLS) encryption for all data transmitted between your browser and our servers
• JSON Web Token (JWT) authentication for secure session management
• Multi-Factor Authentication (MFA/TOTP) available for admin accounts
• Email verification requirements before account activation
• Regular security assessments and updates to our infrastructure
• Restricted access to personal information on a need-to-know basis

Disclaimer: While we employ commercially reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge and accept that any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

8. Your Privacy Rights

8.1 General Rights

Subject to applicable law, you may have the following rights regarding your personal information:

• Access: Request confirmation of whether we are processing your personal data and obtain a copy of such data
• Rectification: Request correction of inaccurate or incomplete personal information
• Erasure: Request deletion of your personal information, subject to certain legal exceptions
• Restriction: Request restriction of processing under certain circumstances
• Portability: Receive your personal information in a structured, commonly used, and machine-readable format
• Objection: Object to processing of your personal information based on legitimate interests
• Withdraw Consent: Withdraw previously given consent at any time (without affecting the lawfulness of processing based on consent before withdrawal)

To exercise any of these rights, please contact us at colordeficient@outlook.com. We will respond to your request within the timeframe required by applicable law, typically within 30 days. We may require verification of your identity before processing your request.

8.2 GDPR Rights (EEA, UK, Switzerland Residents)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to lodge a complaint with your local supervisory authority
• The right to withdraw consent for data processing activities based on consent
• The right not to be subject to automated decision-making, including profiling (we do not engage in automated decision-making)

For EEA residents, our representative can be contacted at colordeficient@outlook.com. You may also contact your local data protection authority.

8.3 CCPA Rights (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your CCPA rights

To submit a CCPA request, email us at colordeficient@outlook.com with the subject line "California Privacy Rights Request." We will verify your request using the email address associated with your account and respond within 45 days.

9. Cookies and Tracking

We use essential cookies to maintain your login session. We do not use advertising or third-party tracking cookies. You can disable cookies in your browser settings, but this may affect site functionality.

10. Children's Privacy

Our Services are directed exclusively to adults 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a person under 18, please contact us immediately at colordeficient@outlook.com and we will promptly delete such information.

11. Data Retention

We retain your information for as long as:

• Your account remains active
• Needed to provide services
• Required by law (e.g., tax records)
• Necessary to resolve disputes or enforce agreements

You may request account deletion at any time, subject to legal retention requirements.

12. International Data Transfers

Your information may be stored and processed in the United States (AWS US East Ohio region). By using our services, you consent to the transfer of your information to countries with different data protection laws than your jurisdiction.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Third-Party Links

Our Site may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by our Site.

15. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Our Site does not currently respond to DNT signals. We do not track users across third-party websites to provide targeted advertising.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will make every effort to respond to your inquiry promptly and address your concerns.