Effective Date: January 15, 2026

Introduction

ChromaChecker Corporation ("ChromaChecker," "We," "Us," or "Our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

ChromaChecker is a B2B color management platform designed for organizations in the printing and color reproduction industry. We process primarily technical measurement data, with minimal personal data collection necessary for service delivery.

1. What Data Does ChromaChecker Collect?

1.1 Technical/Measurement Data

The primary data we collect describes technological processes:

• Spectral measurement data
• Optical, physical, and chemical parameters
• Device calibration data
• Production quality metrics

This data is not personal data and relates to machines, devices, and processes.

1.2 Personal Data

We collect personal data in the following categories:

Main User (Account Owner): First name, last name, business email, business phone, company address - for contract execution, account management, support

Staff/Operators (Optional): Nickname or name, email, login credentials - for access control, notifications, accountability

Billing Information: Payment details, billing address - for payment processing

Usage Data: IP address, browser type, access times, pages viewed - for security, analytics, service improvement

Cookies: Session identifiers, preferences - for functionality, analytics (see Cookie Policy)

1.3 Data We Do NOT Collect

• Social Security or national ID numbers
• Biometric data
• Health information
• Data from children under 16
• Sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, etc.)

2. How Is My Data Collected?

We collect personal data through:

• Direct from you: Registration forms, account settings, support requests
• Automated collection: Cookies, server logs, usage analytics
• From your organization: When Main User adds staff members
• Third parties: Payment processors (for transaction verification only)

3. Why Is My Data Collected? (Legal Basis)

Under GDPR, we process personal data based on the following legal grounds:

• Providing the Service - Contract performance (Art. 6(1)(b))
• Account management - Contract performance (Art. 6(1)(b))
• Billing and payments - Contract performance (Art. 6(1)(b))
• Customer support - Legitimate interest (Art. 6(1)(f))
• Security and fraud prevention - Legitimate interest (Art. 6(1)(f))
• Legal compliance - Legal obligation (Art. 6(1)(c))
• Service improvements - Legitimate interest (Art. 6(1)(f))
• Marketing communications - Consent (Art. 6(1)(a))
• Analytics (cookies) - Consent (Art. 6(1)(a))

You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Who Processes My Data?

4.1 Data Controller

ChromaChecker Corporation
4324 Sanddollar Court
New Port Richey, FL 34652, USA
Phone: 651.717.0590
Email: privacy@chromachecker.com

4.2 Data Processors (Sub-processors)

We use the following categories of service providers:

• Cloud hosting (OVH) - Data storage and processing - USA, Canada, France, Poland
• Payment processors - Transaction processing - USA, EU
• Analytics (Google Analytics) - Usage analytics - USA
• Email services - Transactional emails - USA

We maintain Data Processing Agreements with all sub-processors requiring them to protect your data in accordance with this policy and applicable law.

Current sub-processor list available upon request: privacy@chromachecker.com

5. How Long Is My Data Stored?

• Active account data: Duration of service agreement
• Inactive account data: 180 days after last login, then deleted
• Billing records: 7 years (legal requirement)
• Support tickets: 3 years after resolution
• Server logs: 90 days
• Backup data: 60 days (rolling)

5.1 Inactive Account Process:

1. After 166 days of inactivity: Warning email sent
2. After 180 days: Account and all data permanently deleted
3. Data removed from backups within 60 days

You may delete your account and data at any time through Account Management.

6. How Is My Data Protected?

6.1 Technical Measures

• Encryption in transit: TLS 1.2+ for all connections
• Encryption at rest: AES-256 for stored data
• Access controls: Role-based access, multi-factor authentication available
• Network security: Firewalls, intrusion detection, DDoS protection
• Data isolation: Multi-tenant architecture with logical separation

6.2 Organizational Measures

• Employee background checks and confidentiality agreements
• Regular security training
• Access limited to personnel who need it
• Incident response procedures
• Regular security assessments

6.3 Infrastructure

Our servers are hosted in certified data centers (OVH) with:

• ISO 27001 certification
• SOC 2 compliance
• Physical security controls
• Redundant power and cooling
• 24/7 monitoring

7. What Are My Rights?

Depending on your location, you have the following rights:

• Access: Obtain a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure ("Right to be Forgotten"): Delete your data
• Restriction: Limit processing of your data
• Portability: Receive data in machine-readable format
• Object: Object to processing based on legitimate interest
• Withdraw Consent: Revoke previously given consent
• Non-Discrimination: Equal service regardless of privacy choices
• Opt-Out of Sale: Prevent sale of personal data

We do not sell your personal data.

7.1 How to Exercise Your Rights

Self-Service:

1. Log in to ChromaChecker
2. Go to "Manage Account"
3. Edit, export, or delete your data

Contact Us:

• Email: privacy@chromachecker.com
• Phone: 651.717.0590

Response Time:

• GDPR requests: Within 30 days
• CCPA requests: Within 45 days

We may request verification of your identity before processing requests.

8. Does ChromaChecker Transfer My Data?

8.1 International Transfers

Your data may be transferred to and processed in:

• United States (primary)
• Canada
• European Union (France, Poland)

8.2 Transfer Safeguards

For transfers outside the EEA/UK, we use:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all recipients
• Supplementary measures where required

8.3 Adequacy Decisions

We rely on adequacy decisions where available (e.g., EU-US Data Privacy Framework for certified recipients).

9. Accountability Inspector (Staff Management)

9.1 Purpose

ChromaChecker offers an optional Staff Management feature allowing organizations to assign roles and permissions to employees.

9.2 Data Collected

• Nickname or name (real name not required)
• Email address (business email recommended)
• Login credentials
• Role/permissions

9.3 Responsibilities

Organization (Main User): Data Controller for employee data; responsible for legal basis, employee notification, and compliance with local labor laws

ChromaChecker: Data Processor; processes data only as instructed by the organization

9.4 Recommendations

• Use job titles instead of real names where possible
• Use business email addresses only
• Regularly audit and remove inactive staff
• Inform employees about data processing per local law

9.5 Employee Rights

Staff members can:

• View and correct their own data via the Operator app
• Request deletion through their organization's Main User

10. AI Assistant (Peter)

10.1 Overview

ChromaChecker provides an AI-powered assistant ("Peter") to help users navigate the platform, answer questions, and optimize workflows.

10.2 Data Accessed by Peter

Peter has access to aggregated, statistical account data to provide contextual assistance:

• Usage statistics (number of measurements, frequency)
• Module usage (which Inspectors are active)
• Instrument inventory (types and count of devices)
• Feature utilization (~40 quantitative parameters)

10.3 Data NOT Accessed by Peter

Peter does not have access to:

• Individual measurement values or spectral data
• Color specifications or formulas
• Project content or customer files
• Personal data (names, emails, contact information)
• Billing or payment information
• Passwords or authentication credentials

10.4 AI Service Providers

Peter is powered by third-party AI services:

• Google (Gemini) - Current - Query processing only
• Anthropic (Claude) - Planned - Query processing only

These providers:

• Process user queries in real-time
• Do not retain conversation data for model training (per our agreements)
• Are bound by Data Processing Agreements
• Are listed in our sub-processor registry

10.5 Purpose Limitation

AI-processed data is used solely to:

• Answer questions about ChromaChecker features and workflows
• Provide contextual help based on account usage patterns
• Suggest relevant features and optimization opportunities
• Assist with troubleshooting

10.6 No Automated Decision-Making

ChromaChecker does not use AI to:

• Make decisions affecting user account status or access
• Determine pricing or service levels
• Profile users for marketing purposes
• Make any decisions with legal or significant effects

Peter is an assistance tool only. All account decisions remain under human control.

10.7 Opting Out

Users may choose not to use the AI assistant. The assistant is an optional feature and not required for platform functionality.

11. Cookies and Tracking

We use cookies and similar technologies. See our Cookie Policy for details.

Summary:

• Essential cookies: Required for service function (no consent needed)
• Analytics cookies: Google Analytics (consent required)
• Preference cookies: Remember your settings (consent required)

12. Children's Privacy

ChromaChecker is a B2B service not directed at children. We do not knowingly collect data from anyone under 16 years of age. If we learn we have collected such data, we will delete it promptly.

13. Do Not Track

Some browsers transmit Do Not Track (DNT) signals. ChromaChecker does not respond to DNT signals. The use of cookies and similar technologies is governed exclusively by explicit user consent provided through the cookie consent banner and preference tools described in the Cookie Policy.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Categories and specific pieces of personal data collected
• Right to Delete: Request deletion of personal data
• Right to Correct: Request correction of inaccurate data
• Right to Opt-Out: Opt out of sale/sharing of personal data
• Right to Limit: Limit use of sensitive personal data
• Non-Discrimination: Equal service regardless of privacy choices

We do not sell or share personal data for cross-context behavioral advertising.

To exercise rights: privacy@chromachecker.com or 1-800-917-4568

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Email to the address on file
• Prominent notice on our website
• In-app notification

Changes take effect 30 days after posting unless otherwise stated.

16. Contact Us

Data Protection Inquiries:
ChromaChecker Corporation
Attn: Privacy Team
4324 Sanddollar Court
New Port Richey, FL 34652, USA

Email: privacy@chromachecker.com
Phone: 651.717.0590
North America Toll-Free: 1-800-917-4568
Europe: +48.607.628.995

EU Representative (GDPR Art. 27):
Appointed. Contact details available upon request at privacy@chromachecker.com.

UK Representative (UK GDPR):
Appointed. Contact details available upon request at privacy@chromachecker.com.

17. Supervisory Authority

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. A list is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

© 2026 ChromaChecker Corporation. All rights reserved.