Privacy Notice
How we collect, use, and protect your personal data
Last updated: June 2026
1. Who we are
colour.team is operated by colour.team. When this notice refers to "we", "us", or "our", it means colour.team. You can contact us at [email protected].
2. What data we collect
We collect and process the following categories of personal data:
- Account data — your email address and password (stored as a one-way hash), collected when you register.
- Assessment responses — your answers to the questionnaire scenarios and the resulting scores. These are used solely to generate your profile.
- Payment data — we use Stripe to process payments. We store a record of the transaction amount and Stripe session ID but never see or store your card details. Stripe's privacy policy applies to payment data: stripe.com/gb/privacy.
- Usage data — standard web server logs (IP address, browser type, pages visited) retained for up to 30 days for security and debugging purposes. On public pages, we also collect aggregate page view statistics such as pages visited, referrer, browser, and approximate country. We do not run analytics on logged-in account, assessment, profile, or team dashboard pages.
3. How we use your data
We use your personal data to:
- Create and manage your account
- Generate and display your colour energy profile
- Process payments and maintain your credit balance
- Send you transactional emails (e.g. results confirmation) where applicable
- Maintain security and prevent abuse
We do not sell your data to third parties.
4. Legal basis for processing
We process your data on the following legal bases under UK GDPR:
- Contract — processing necessary to provide the service you have signed up for (account management, assessments, payments).
- Legitimate interests — security logging and fraud prevention.
5. Data sharing
We share data only with the following third-party processors, each bound by a data processing agreement:
- Stripe — payment processing (Ireland / USA)
- Anthropic — AI report generation (USA). Your assessment scores are sent to Anthropic's Claude API to generate a personalised written insights report. No other personal data (such as your name or email) is included in this request.
- Analytics provider — aggregate public page usage statistics only.
- Hosting provider — infrastructure on which the service runs (EU servers)
We do not transfer your data outside the UK/EEA except where covered by appropriate safeguards (e.g. Stripe's standard contractual clauses).
6. How long we keep your data
- Account and assessment data — retained for as long as your account is active, plus 12 months after account closure.
- Payment records — retained for 7 years to comply with financial record-keeping obligations.
- Server logs — deleted after 30 days.
7. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your account and personal data, subject to legal retention obligations.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests.
To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Cookies
We use a session cookie, which is strictly necessary to keep you logged in. Public pages also use cookieless analytics to understand aggregate site usage. We do not run analytics on logged-in product pages.
9. Security
All data is transmitted over HTTPS. Passwords are stored using a one-way hash and are never readable by us. Access to production systems is restricted to authorised personnel.
10. Changes to this notice
We may update this notice from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of the service after a material change constitutes acceptance of the updated notice.
11. Contact
Questions about this notice or your data: [email protected]