Privacy Policy
Last Updated: March 20, 2026
1. Introduction
Welcome to Hue42, operated by Chaos Theory Studios LLC ("we," "us," or "our"). We are committed to protecting your privacy and handling your personal information with care and transparency.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our color palette platform and related services (collectively, the "Service"). By using Hue42, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you create an account, we collect your email address, username, and password (encrypted).
- Profile Information: Optional information such as display name, bio, avatar image, and social media links.
- Payment Information: When you subscribe to Pro or Team plans, payment details are processed securely by Stripe. We do not store your full credit card information.
- User Content: Color palettes, designs, comments, discussion posts, and other content you create or share on the platform.
- Communications: Messages you send to us, feedback, support requests, and survey responses.
2.2 Automatically Collected Information
- Usage Data: Information about how you interact with our Service, including pages visited, features used, time spent, and actions taken.
- Device Information: Browser type, operating system, device identifiers, IP address, and general location (city/country level).
- Cookies and Tracking: We use cookies, web beacons, and similar technologies to enhance your experience and analyze platform usage. See our Cookie Policy for details.
- Log Data: Server logs that include IP addresses, browser types, referring pages, and timestamps.
2.3 Information from Third Parties
- Authentication Providers: If you sign in with Google or other OAuth providers, we receive basic profile information (name, email, profile picture).
- Analytics Services: Aggregated analytics data from Google Analytics and other tools to understand usage patterns.
3. How We Use Your Information
We use the collected information for the following purposes:
- Provide the Service: Create and manage your account, enable features, process payments, and deliver the functionality you expect.
- Improve the Service: Analyze usage patterns, test new features, fix bugs, and enhance user experience.
- Communications: Send service updates, newsletters (with opt-out), security alerts, and respond to inquiries.
- Personalization: Customize content, recommendations, and features based on your preferences and activity.
- Security: Detect fraud, abuse, security incidents, and enforce our Terms of Service.
- Legal Compliance: Comply with legal obligations, resolve disputes, and protect our rights.
- Marketing: With your consent, send promotional materials about new features, special offers, and related services.
4. How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
4.1 Service Providers
We work with third-party service providers who help us operate the Service:
- Supabase: Authentication and database hosting (data stored in secure cloud infrastructure).
- Stripe: Payment processing for subscriptions (subject to Stripe's privacy policy).
- Resend: Email delivery service for transactional and marketing emails.
- Vercel/Cloud Hosting: Application hosting and content delivery.
- Analytics Tools: Google Analytics and similar services for usage analysis.
4.2 Public Information
- User profiles (username, bio, avatar) are publicly visible.
- Public palettes and designs you share can be viewed by other users.
- Comments and discussion posts are visible to other community members.
4.3 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
4.4 Business Transfers
If Chaos Theory Studios LLC is acquired or merged, your information may be transferred to the new entity. You will be notified of any such change.
5. Data Storage and Security
We implement industry-standard security measures to protect your information:
- Encrypted data transmission (HTTPS/TLS)
- Secure password hashing (bcrypt)
- Regular security audits and updates
- Access controls and authentication
- Secure cloud infrastructure with redundant backups
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Your Rights and Choices
Depending on your location, you may have the following rights:
6.1 Access and Portability
Request a copy of your personal information in a structured, machine-readable format.
6.2 Correction
Update or correct inaccurate information through your account settings or by contacting us.
6.3 Deletion
Request deletion of your account and personal data. Some information may be retained for legal or operational purposes.
6.4 Opt-Out
- Marketing emails: Unsubscribe link in every email
- Cookies: Browser settings or cookie consent tool
- Analytics: Browser extensions or opt-out tools
6.5 Object to Processing
Object to certain types of data processing, such as direct marketing.
To exercise these rights, contact us at legal@hue42.com. We will respond within 30 days.
7. GDPR Compliance (European Users)
If you are in the European Economic Area (EEA), we process your data under the following legal bases:
- Contract: To provide the Service you've signed up for
- Consent: For marketing communications and optional features
- Legitimate Interest: To improve the Service, prevent fraud, and ensure security
- Legal Obligation: To comply with applicable laws
You have the right to lodge a complaint with your local data protection authority.
8. CCPA/CPRA Compliance (California Users)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information
- Right to correct inaccurate personal information
- Right to opt-out of the sale or sharing of personal information (we do not sell or share data)
- Right to limit use and disclosure of sensitive personal information
- Right to non-discrimination for exercising CCPA/CPRA rights
To exercise these rights, contact us at legal@hue42.com. We will respond within 45 days.
Automatic Opt-Out Signals: We honor universal opt-out preference signals such as Global Privacy Control (GPC). If your browser or device sends a GPC signal, we will treat it as a valid request to opt out of the sale or sharing of personal information for that browser or device.
9. TDPSA Compliance (Texas Users)
Texas residents have additional rights under the Texas Data Privacy and Security Act (TDPSA):
- Right to confirm whether we process your personal data
- Right to access your personal data
- Right to delete personal data you provided to us
- Right to obtain a copy of your data in a portable, readily usable format
- Right to correct inaccuracies in your personal data
- Right to opt out of:
- Targeted advertising based on your personal data
- Sale of your personal data (we do not sell data)
- Profiling in furtherance of automated decisions that produce legal or similarly significant effects
To exercise these rights, contact us at legal@hue42.com. We will respond within 45 days (extendable by an additional 15 days with notice if necessary).
Universal Opt-Out Mechanism: We honor universal opt-out preference signals such as Global Privacy Control (GPC). If your browser sends a GPC signal, we will treat it as a valid request to opt out of the sale of personal data and targeted advertising.
10. Children's Privacy
Hue42 is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately, and we will delete the information.
11. International Data Transfers
Your information may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place through:
- Standard contractual clauses approved by the European Commission
- Service providers certified under applicable frameworks
- Other legally approved transfer mechanisms
12. Data Retention
We retain your information only as long as necessary to provide the Service and fulfill the purposes outlined in this policy:
- Active accounts: Data retained while your account remains active and for 90 days after last login
- Deleted accounts: Most personal data deleted within 30 days of account deletion; some data retained for legal compliance (e.g., transaction records for tax purposes: 7 years)
- Backup copies: Securely stored backups retained for up to 90 days and then permanently deleted
- Legal hold: Data related to disputes, investigations, or legal proceedings retained until resolution
- Marketing data: Email addresses for marketing purposes retained until you unsubscribe, then deleted within 30 days
- Analytics data: Aggregated, anonymized usage data may be retained indefinitely for statistical purposes
13. Third-Party Links
Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
14. Data Breach Notification
In the event of a data breach that compromises your personal information, we will notify affected users in accordance with applicable laws:
- Timing: Notification without unreasonable delay and, where feasible, within 72 hours of discovery (GDPR) or without unreasonable delay (CCPA/TDPSA)
- Method: Email notification to the address associated with your account, and prominent notice on our website
- Content: Description of the breach, categories and approximate number of affected users, types of personal data affected, likely consequences, measures taken or proposed to address the breach, and recommended actions you should take to protect yourself
- Regulatory notification: We will notify relevant data protection authorities and, where required, other regulatory bodies as mandated by applicable law
- Expanded definition: In compliance with CPRA, "breach" includes unauthorized access or acquisition of unencrypted personal information, as well as unauthorized sharing of personal information through tracking technologies or third-party platforms
If you suspect unauthorized access to your account or believe your personal information has been compromised, please:
- Immediately change your password through account settings
- Enable two-factor authentication if not already active
- Contact our security team at security@hue42.com
- Monitor your account for suspicious activity
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on this page
- Updating the "Last Updated" date
- Sending an email notification for material changes
Your continued use of Hue42 after changes become effective constitutes acceptance of the updated policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Chaos Theory Studios LLC
Email: legal@hue42.com
Support: support@hue42.com
We aim to respond to all inquiries within 48 hours.
Related Legal Documents: