Privacy Policy

Last updated: 13/08/2025

This Privacy Policy describes how Enchantry Studio Ltd ("we", "us", or "our") collects, uses, and shares your personal information when you use the Colouring Pages website and services (the "Service").

Data Controller:
Enchantry Studio Ltd
71-75 Shelton Street, Covent Garden
London, United Kingdom, WC2H 9JQ

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Service, we collect:

  • Account Information: Email address, name (if provided)
  • Authentication Data: Login credentials and session information
  • User Content: Text prompts, uploaded images, generation preferences
  • Payment Information: Processed securely by third-party payment providers
  • Communication Data: Support inquiries, feedback

1.2 Information Collected Automatically

When you access our Service, we automatically collect:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, generation history
  • Log Data: IP address, access times, referring URLs
  • Cookies and Similar Technologies: Session cookies, authentication tokens
  • Analytics Data: Interaction patterns and feature usage

1.3 Information from Third Parties

We may receive information from:

  • Authentication Providers: Basic profile information when you sign in with third-party services
  • Payment Processors: Transaction confirmations (no card details stored)

2. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To provide the Service you've requested
  • Legitimate Interests: To improve our Service, prevent fraud, ensure security
  • Consent: For marketing communications (where applicable)
  • Legal Obligations: To comply with applicable laws and regulations

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions
  • Authenticate users and maintain account security
  • Generate and deliver AI-created content
  • Track credits usage and account balance
  • Send service-related communications (magic links, receipts)
  • Respond to support requests
  • Monitor for fraud, abuse, and security threats
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations

4. Data Storage and Security

4.1 Storage Location

Your data is stored on secure cloud servers in data centers that comply with industry standards for security and reliability. Regular backups are performed to prevent data loss.

4.2 Security Measures

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest
  • Secure authentication methods
  • Protection against common web vulnerabilities
  • Rate limiting to prevent abuse
  • Security headers and best practices
  • Activity logging and suspicious behavior detection
  • Privacy-preserving storage of sensitive information

4.3 Data Retention

We retain your personal data only as long as necessary to provide the Service and fulfill the purposes outlined in this policy. When you request account deletion, we remove your personal information while maintaining necessary records for legal and security purposes.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

5.1 Service Providers

  • Email Services: For sending account-related communications
  • Authentication Services: For secure login functionality
  • Analytics Services: For understanding service usage
  • AI Services: For image generation and processing
  • Payment Processors: For subscription and payment handling
  • Cloud Infrastructure: For hosting and data storage

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or if necessary to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

6. Cookies and Tracking Technologies

6.1 Essential Cookies

We use essential cookies for:

  • Authentication and session management
  • CSRF protection tokens
  • User preferences and settings

6.2 Analytics

We use privacy-focused analytics services to understand how our Service is used. Analytics data is processed in compliance with GDPR and respects user privacy preferences. You can opt out by enabling "Do Not Track" in your browser settings.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

7.1 Access and Portability

You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.

7.2 Rectification

You can update your account information at any time through your account settings or by contacting us.

7.3 Erasure ("Right to be Forgotten")

You can request deletion of your account and personal data. We will honor such requests unless we have a legal obligation to retain certain information.

7.4 Restriction of Processing

You can request that we limit the processing of your personal data under certain circumstances.

7.5 Object to Processing

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

7.6 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing. Our AI-generated content is always initiated by user request and is not used for automated decision-making about you.

To exercise any of these rights, please contact us.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Ensuring third parties are GDPR-compliant or Privacy Shield certified
  • Processing data only with providers that maintain adequate security standards

9. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant supervisory authorities within 72 hours
  • Notify affected users without undue delay
  • Document the breach and actions taken
  • Take immediate steps to mitigate harm

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Enchantry Studio Ltd
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In the UK, this is:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

14. AI Services and Content Generation

When you use our AI-powered features to generate content:

  • Your prompts and inputs are sent to third-party AI service providers
  • No personal identifying information is included beyond what you explicitly provide in your prompts
  • Generated content is processed according to the AI providers' terms and privacy policies
  • We do not use your prompts or generated content to train AI models

Please be mindful of any personal information you include in your prompts, as this will be processed by our AI service providers.

15. Consent and Withdrawal

By using our Service, you consent to the collection and use of information as described in this Privacy Policy. You may withdraw consent at any time by:

  • Deleting your account
  • Disabling cookies in your browser
  • Opting out of marketing communications
  • Contacting us to exercise your rights