Privacy Policy
This privacy policy explains what personal information allpaintcolours.co.uk collects when you use the site, why we collect it, how it’s used, and the rights you have over it. We aim to be specific rather than generic — if anything below is unclear, please email us at [email protected].
Who we are
allpaintcolours.co.uk is operated by Sulis Minerva LLP (“we”, “us”), a limited liability partnership registered in England & Wales. We are the data controller for the personal information described in this policy.
For privacy questions, data-subject requests, or any concern related to this policy, contact us at [email protected].
What we collect, and why
Information you actively give us
- Photo uploads to the colour-match tool. When you upload a photograph to the match tool, the image is sent to our server, processed to extract a small palette of dominant colours, and discarded immediately afterwards. We do not retain the image.
- “What’s on your walls” submissions. If you submit a colour-on-the-wall record on a colour page, we store the brand, colour name, and room you provided. We don’t link this to any personal identifier.
Information collected automatically
- Server access logs. Like virtually every web server, ours records the URL you requested, the time, the page that referred you, your browser’s user-agent string, and your IP address. Logs are rotated and discarded after roughly 30 days.
- PostHog product analytics. We use PostHog (EU instance) to understand how the site is used: which pages get viewed, which paint colours get clicked, whether features like the planner or palette are working as intended. PostHog assigns each browser an anonymous identifier stored in a cookie/localStorage so that repeat visits aren’t double-counted. We do not associate this identifier with your name, email, or any other personal information — we don’t collect those.
- Pinterest Tag. We embed a small script provided by Pinterest that lets us measure which Pinterest pins drive traffic to the site and (potentially in future) run retargeted Pinterest advertising. The Pinterest Tag sets cookies on your browser. Pinterest’s own privacy policy describes what they do with the data they receive.
- Cloudflare. Our site is served via Cloudflare’s content delivery network, which inspects incoming requests for security/performance reasons. Cloudflare’s handling of this data is described in their privacy policy.
Information stored only on your device
Two features keep state in your browser’s localStorage and never send it to us:
- Your palette (colours you’ve saved with the “+” button), and
- Your paint planner project (rooms, dimensions, colour assignments, materials list).
Clearing your browser data wipes these. Sharing a planner project via the “Share” button puts the project state into the shared URL itself; we don’t see or store it.
How we use this information
We use the information described above to:
- Provide and improve the website (e.g. fixing bugs surfaced in error reports, designing features people actually use)
- Understand which paint colours and tools attract the most interest, in aggregate
- Measure how visitors find the site (search engines, AI assistants, Pinterest, direct)
- Protect the site and its users from automated abuse
We do not sell personal information, do not run third-party advertising on the site itself, and do not send marketing emails (we don’t collect email addresses).
Legal basis (UK GDPR)
Where the UK General Data Protection Regulation requires a lawful basis for processing, we rely on:
- Legitimate interests for analytics and basic security logging — running and improving a free informational website. We’ve assessed this against your privacy interests and consider the impact minimal because we don’t identify individuals.
- Consent for any retargeting cookies we may add via the Pinterest Tag, where the law requires it. We will add a cookie consent mechanism if and when our use case clearly requires one.
- Performance of a service for handling your photo uploads to the match tool — the upload is necessary for the tool to function.
Who we share it with
The third parties listed in “Information collected automatically” (PostHog, Pinterest, Cloudflare) act as our processors or independent controllers for the data they receive. We don’t share personal information with any other third parties for marketing purposes.
International transfers
Some of the services above (notably Pinterest, parts of Cloudflare) involve transferring data outside the UK and EEA. Where this happens, we rely on UK International Data Transfer Agreements or the equivalent Standard Contractual Clauses together with each provider’s technical safeguards.
How long we keep it
- Server access logs: ~30 days
- PostHog event data: 12 months by default; we may retain anonymous aggregated metrics longer
- User submissions (“what’s on your walls”): retained indefinitely as part of the public site dataset, but they contain no personal identifiers
- Photo uploads: discarded immediately after palette extraction
Your rights
Under UK GDPR you have the right to:
- Ask what personal information we hold about you (subject access request)
- Ask us to correct or delete it
- Object to processing based on legitimate interests
- Restrict our processing of it
- Receive a portable copy
- Withdraw consent (where consent was the basis)
To exercise any of these, email [email protected]. Because we don’t collect names or email addresses, we may need additional information to identify which records (if any) relate to you — typically the rough date and IP address of your visit, both of which your browser or ISP can help you find.
You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe we’ve handled your information improperly. We’d genuinely prefer you contact us first so we can fix it.
Cookies
The site sets cookies via PostHog and Pinterest as described above. You can block or delete cookies in your browser settings; doing so won’t affect any of the site’s functionality (the planner and palette use localStorage, which is a separate mechanism). If your browser sends a Global Privacy Control or Do-Not-Track signal we will respect it where it applies.
Children
The site is not directed at children under 13. We don’t knowingly collect personal information from anyone under 13. If you believe a child has provided us with information, please contact us and we’ll delete it.
Changes to this policy
We may update this policy from time to time as the site evolves or as the law changes. The “Last updated” date at the top reflects when changes took effect. Material changes will be flagged on the homepage for at least 14 days.
Contact
Sulis Minerva LLP
Email: [email protected]