Privacy Policy

1. Introduction

Indigo Labs Ltd ("we", "our", or "us") operates the Needlework cross-stitch pattern generation platform ("the Service"). We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Data Controller

Indigo Labs Ltd is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@indigo-labs.co.uk

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Email address
• Display name (if provided)
• Profile picture (if you sign in via a third-party provider such as Google)
• Authentication credentials (managed securely by Firebase Authentication)

3.2 Pattern and Usage Data

When you use our Service, we collect:

• Patterns you create and save
• Images you upload for pattern generation
• Your thread stock preferences
• Application settings and preferences

3.3 Payment Information (When Applicable)

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full payment card details on our servers. Stripe may collect:

• Payment card details (stored securely by Stripe)
• Billing address
• Transaction history

Please refer to Stripe's Privacy Policy for more information on how they handle your payment data.

3.4 Technical Data

We automatically collect certain technical information:

• IP address
• Browser type and version
• Device type and operating system
• Time zone and location (country level)
• Usage patterns and feature interactions

4. How We Use Your Information

We use your personal data to:

• Provide and maintain the Service
• Create and manage your account
• Store and display your saved patterns
• Process payments and manage subscriptions
• Send service-related communications (e.g., account verification, password resets)
• Improve and develop new features
• Ensure the security and integrity of our Service
• Comply with legal obligations

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contract: Processing necessary to provide the Service you have requested
• Legitimate interests: To improve our Service, ensure security, and prevent fraud
• Consent: Where you have given explicit consent for specific processing activities
• Legal obligation: To comply with applicable laws and regulations

6. Data Storage and Security

Your data is stored securely using industry-standard cloud infrastructure provided by Google Cloud Platform. We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit (TLS/SSL)
• Encryption at rest
• Regular security assessments
• Access controls and authentication

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure.

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal purposes.

8. Third-Party Services

We use the following third-party services to operate the Service:

• Google Firebase: Authentication and user management
• Google Cloud Platform: Hosting, storage, and database services
• Stripe: Payment processing (for paid subscriptions)

These providers have their own privacy policies governing how they handle your data. We encourage you to review their policies.

9. International Data Transfers

Your data may be processed in countries outside the UK, including within the European Economic Area (EEA) and the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Your Rights

Under UK data protection law, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@indigo-labs.co.uk.

11. Cookies

We use essential cookies to maintain your session and provide core functionality. These cookies are necessary for the Service to function and cannot be disabled.

We may also use analytics cookies to understand how visitors interact with our Service. You can manage your cookie preferences through your browser settings.

12. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@indigo-labs.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: https://ico.org.uk/make-a-complaint/

15. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact:

Indigo Labs Ltd
Email: privacy@indigo-labs.co.uk
Website: https://indigo-labs.co.uk