Legal

Privacy Policy

How Achromatic collects, uses and protects personal data when you browse the website, contact support, purchase or activate a license.

Last updated

Who is responsible for your data

Achromatic operates this website and determines how the personal data described in this policy is used. For privacy questions or requests, contact us at contact@achromatic.dev.

Information we collect

We collect information in the following situations:

  • Website and security data. Our hosting and security providers may process your IP address, browser and device details, request path, referring page, timestamps, approximate region, response status and diagnostic information.
  • Contact requests. When you contact us, we collect your email address, message and any information you choose to include. Purchase support requests may also include your checkout email and GitHub username.
  • Purchase information. Stripe collects and processes your name, email address, billing information and payment details. We receive purchase records such as the amount, currency, payment status, customer identifier, payment intent, checkout session, invoice information and GitHub username. Stripe handles complete payment card details directly. We do not store your full card number. We may retain payment event data and related customer, license, invitation and fulfillment records needed to verify transactions and provide access.
  • License and repository access information. We process license, invoice, payment or checkout identifiers, your GitHub username, redemption details and related customer information when we verify a purchase or activate access. We also keep fulfillment and repository invitation records.
  • Affiliate attribution. When you arrive through a valid affiliate link, Tolt may create a referral identifier in a first-party cookie named tolt_referral. We may pass the identifier to Stripe so a purchase can be attributed to the referring affiliate.

How we use information

We use personal data to:

  • Operate, secure and troubleshoot the website
  • Respond to support and purchase questions
  • Process, document and fulfill purchases
  • Send confirmations, access instructions and repository invites
  • Verify licenses and prevent duplicate or fraudulent redemptions
  • Attribute affiliate commissions
  • Maintain accounting, tax and contractual records
  • Enforce our terms and license
  • Comply with legal obligations and lawful requests

Where applicable, we process data because it is necessary to perform a contract with you, take steps at your request before a contract, meet legal obligations or pursue legitimate interests such as securing the website, supporting customers and preventing fraud. Where applicable law requires consent, consent is the relevant basis.

Service providers and disclosures

We use the following providers to operate and fulfill the service:

  • Vercel for website hosting, delivery and runtime logs
  • Stripe for checkout, payments, invoices and fraud prevention
  • Cloudflare Turnstile for contact-form abuse prevention
  • Resend for delivering contact-form messages
  • Microsoft Outlook for receiving and managing support correspondence
  • GitHub for private repository invitations and access management
  • Tolt for affiliate attribution and commission calculation
  • Database and email infrastructure providers for purchase, license and fulfillment records and transactional messages

We may also disclose information to professional advisers, authorities or other parties when reasonably necessary to comply with law, protect rights, investigate fraud or complete a business reorganization. We do not sell personal data for money or use it for cross-context behavioral advertising.

Cookies and similar technology

The website uses technical security mechanisms needed to operate the contact form. Cloudflare Turnstile evaluates browser and network signals to distinguish people from bots.

Tolt may use the tolt_referral cookie when a valid affiliate referral is present. Its duration depends on our affiliate configuration. You can block or delete it through your browser, but doing so may prevent the referring affiliate from receiving credit.

When you follow links to Stripe or GitHub, those services may use their own cookies under their respective privacy policies.

Retention

We retain contact messages for as long as needed to answer the request and handle reasonable follow-up.

We retain purchase, license, invitation and fulfillment records for the life of the license and afterwards where reasonably necessary to verify access, maintain accounting or tax records, prevent fraud, resolve disputes or enforce agreements.

Service providers retain data under their own policies, our account settings and applicable legal obligations. When data is no longer required, we delete or anonymize it where reasonably possible. Removal from backups and provider systems may take additional time.

Security

We use reasonable technical and organizational measures designed to protect personal data, including encrypted transport, restricted service credentials, payment signature verification and access controls. No internet transmission or storage system can be guaranteed to be completely secure.

International transfers

Some providers process data in the United States or other countries outside your place of residence. Where required, transfers are protected through applicable safeguards such as adequacy decisions, recognized transfer frameworks, standard contractual clauses or equivalent contractual protections.

Your rights

Depending on where you live, you may have the right to request access to your personal data, receive a copy, correct inaccurate data, request deletion, restrict or object to processing, request portability or withdraw consent.

These rights may be limited where retention is necessary to complete a contract, maintain proof of a license, comply with law or establish or defend legal claims. We may ask you to verify your identity before completing a request.

Send requests to contact@achromatic.dev. You may also complain to the data protection authority responsible for your location. Cloudflare Turnstile makes automated security assessments to prevent abuse. We do not use personal data for automated decisions that produce legal or similarly significant effects.

Children

The website and products are intended for professional and business use. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy as our website, products or service providers change. The date at the top shows when it was last revised.

Questions

Contact us at contact@achromatic.dev.