Privacy Policy
Last updated: 14 January 2026
1. Introduction
Indigo Labs Ltd ("we", "our", or "us") operates the Needlework cross-stitch pattern generation platform ("the Service"). We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
2. Data Controller
Indigo Labs Ltd is the data controller responsible for your personal data.
If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@indigo-labs.co.uk
3. Information We Collect
3.1 Account Information
When you create an account, we collect:
- Email address
- Display name (if provided)
- Profile picture (if you sign in via a third-party provider such as Google)
- Authentication credentials (managed securely by Firebase Authentication)
3.2 Pattern and Usage Data
When you use our Service, we collect:
- Patterns you create and save
- Images you upload for pattern generation
- Your thread stock preferences
- Application settings and preferences
3.3 Payment Information (When Applicable)
If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full payment card details on our servers. Stripe may collect:
- Payment card details (stored securely by Stripe)
- Billing address
- Transaction history
Please refer to Stripe's Privacy Policy for more information on how they handle your payment data.
3.4 Technical Data
We automatically collect certain technical information:
- IP address
- Browser type and version
- Device type and operating system
- Time zone and location (country level)
- Usage patterns and feature interactions
4. How We Use Your Information
We use your personal data to:
- Provide and maintain the Service
- Create and manage your account
- Store and display your saved patterns
- Process payments and manage subscriptions
- Send service-related communications (e.g., account verification, password resets)
- Improve and develop new features
- Ensure the security and integrity of our Service
- Comply with legal obligations
5. Legal Basis for Processing
We process your personal data on the following legal grounds:
- Contract: Processing necessary to provide the Service you have requested
- Legitimate interests: To improve our Service, ensure security, and prevent fraud
- Consent: Where you have given explicit consent for specific processing activities
- Legal obligation: To comply with applicable laws and regulations
6. Data Storage and Security
Your data is stored securely using industry-standard cloud infrastructure provided by Google Cloud Platform. We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/SSL)
- Encryption at rest
- Regular security assessments
- Access controls and authentication
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure.
7. Data Retention
We retain your personal data for as long as necessary to:
- Provide the Service to you
- Comply with legal obligations
- Resolve disputes and enforce our agreements
When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal purposes.
8. Third-Party Services
We use the following third-party services to operate the Service:
- Google Firebase: Authentication and user management
- Google Cloud Platform: Hosting, storage, and database services
- Stripe: Payment processing (for paid subscriptions)
These providers have their own privacy policies governing how they handle your data. We encourage you to review their policies.
9. International Data Transfers
Your data may be processed in countries outside the UK, including within the European Economic Area (EEA) and the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
10. Your Rights
Under UK data protection law, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact us at privacy@indigo-labs.co.uk.
11. Cookies
We use essential cookies to maintain your session and provide core functionality. These cookies are necessary for the Service to function and cannot be disabled.
We may also use analytics cookies to understand how visitors interact with our Service. You can manage your cookie preferences through your browser settings.
12. Children's Privacy
Our Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.
14. Complaints
If you have concerns about how we handle your personal data, please contact us first at privacy@indigo-labs.co.uk.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: https://ico.org.uk/make-a-complaint/
15. Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact:
Indigo Labs Ltd
Email: privacy@indigo-labs.co.uk
Website: https://indigo-labs.co.uk