Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Purple Diary application (the "Application") on web, desktop, and mobile devices. The Application is provided by Color Hub, operated by Luka Katsadze, a sole proprietor based in Tbilisi, Georgia ("we", "us", or "our"). Please read this Policy carefully. If you do not agree, please do not use the Application.

1. Data Controller

For the purposes of the EU General Data Protection Regulation (EU) 2016/679 ("EU GDPR"), the UK GDPR, and similar data protection laws, the data controller for personal data processed in connection with the Application is Luka Katsadze (Color Hub), Tbilisi, Georgia. You can contact us about this Policy or to exercise your rights at support@colorhub.online.

2. Information We Collect

2.1 Information You Provide

When you create an account or use the Application, we collect the following personal data:

  • Email address — to create your account, authenticate sign-in, and send service communications.
  • User ID — a unique identifier (e.g. Firebase Authentication UID) generated for your account.
  • Display name — if you provide one or if it is received from a third-party sign-in provider (e.g. Sign in with Apple, Google Sign-In).
  • Profile image — if you upload one or if it is received from a third-party sign-in provider.
  • Diary content you create — entries, photos, voice notes, mood logs, tags, and any other content you choose to save in the Application (see Section 3).
  • Support correspondence — the contents of any messages you send to us by email.

2.2 Information Collected Automatically

When you use the Application, we and our service providers automatically collect:

  • Internet Protocol (IP) address;
  • Device information: operating system, OS version, device model, language, time zone;
  • Usage information: pages or screens visited, features used, time and duration of visits, referring URL;
  • Crash and diagnostic data (e.g. stack traces, device state at the moment of a crash);
  • Subscription and purchase status (entitlement information, not full payment card data).

The Application does not collect precise (GPS-level) location data.

3. Diary Content and Sensitive Information

The Application is designed for personal journaling. The content you save may, at your sole choice, include information that qualifies as a "special category" of personal data under Article 9 EU/UK GDPR — such as information about your health, mental well-being, religious beliefs, political opinions, philosophical convictions, or sexual orientation.

We do not require you to record any such information. If you choose to do so, you provide your explicit consent (Article 9(2)(a) GDPR) for us to process that content solely for the purpose of operating the journaling service for you (storing, syncing, and making your content available to you across your devices). We do not analyse, monetise, share, or otherwise use the substance of your diary content for any purpose other than delivering the Application to you. You may withdraw this consent at any time by deleting the relevant content or your account.

4. How We Use Your Information & Legal Bases

We process your personal data only where we have a lawful basis to do so under Article 6 GDPR (and, for special categories, Article 9 GDPR). The table below summarises the purpose and legal basis for each processing activity.

  • To create and maintain your account — performance of a contract (Art. 6(1)(b) GDPR).
  • To store, sync, and deliver your diary content to your devices — performance of a contract; for special-category content within entries, explicit consent (Art. 9(2)(a)).
  • To process payments and manage subscriptions — performance of a contract; legal obligation (tax, accounting).
  • To provide customer support — performance of a contract; legitimate interest in responding to user requests (Art. 6(1)(f)).
  • To detect, prevent, and address fraud, abuse, or security incidents — legitimate interest in keeping the Application safe and reliable.
  • To analyse usage and improve the Application — legitimate interest, where analytics are aggregated; otherwise, your consent through our cookie/tracking banner.
  • To send service-related communications (e.g. account, security, billing, policy changes) — performance of a contract; legal obligation.
  • To send marketing communications — your consent, which you may withdraw at any time.
  • To comply with legal obligations and respond to lawful requests — legal obligation (Art. 6(1)(c)).

We do not engage in automated decision-making producing legal or similarly significant effects on you.

5. Cookies and Similar Technologies

Our website uses cookies and similar technologies (e.g. local storage, SDK identifiers). Strictly necessary technologies operate without consent; analytics and other non-essential technologies are loaded only after you give consent via our cookie banner. You can change or withdraw your consent at any time by reopening the cookie settings from the banner.

6. Third-Party Service Providers

We use trusted third parties to operate the Application. Each provider acts as our processor (or, where they determine their own purposes, as an independent controller) and is contractually bound to handle your data appropriately. The data each provider receives is limited to what is necessary for the stated purpose.

  • Google Firebase (Authentication, hosting and backend storage, Crashlytics, Analytics) — account identifiers, diary content storage, device and usage analytics, crash diagnostics.
  • Google Play Services — required platform services on Android devices.
  • RevenueCat — subscription state, purchase events, anonymous user identifier.
  • Microsoft Clarity — session analytics on the website (clicks, scrolls, page navigation). Input fields and text content are masked in our configuration so that the substance of any personal text (including diary content shown in the web app) is not transmitted to Microsoft.
  • Sentry — error and crash reporting (stack traces, limited device context).
  • Lemon Squeezy and Paddle — payment processing and merchant-of-record services for direct (web) purchases.
  • Apple App Store and Google Play — payment processing and entitlement delivery for in-app purchases. We do not receive your full payment card number from these providers.

7. International Data Transfers

We are based in Georgia. Several of the service providers listed above are established in the United States or other countries outside the European Economic Area (EEA), United Kingdom, or Switzerland. When personal data is transferred outside the EEA/UK, we rely on appropriate safeguards under Articles 44–49 GDPR, including:

  • the European Commission's adequacy decisions where they apply (including the EU–US Data Privacy Framework for certified US providers);
  • the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum;
  • additional technical and organisational measures where required by our risk assessment.

You can request a copy of the relevant safeguard documentation by contacting us at support@colorhub.online.

8. Payments and Subscriptions

The Application offers optional auto-renewing monthly and yearly subscriptions and a one-time lifetime purchase. Depending on your platform and the purchase method you choose, billing is processed by the Apple App Store or Google Play (for in-app purchases) or by Lemon Squeezy or Paddle (for direct purchases). Subscription state may be managed through RevenueCat. We do not collect or store your full payment card number; we receive only the purchase and subscription status information needed to deliver your entitlements.

Subscriptions renew automatically at the end of each billing period unless cancelled at least 24 hours before the period ends. Lifetime purchases are a single payment and do not auto-renew. Cancellations, refunds, and trial terms are governed by the policies of the respective store or payment processor.

9. Disclosure of Information

We may disclose personal data:

  • To our service providers (listed in Section 6) acting on our behalf under appropriate contracts;
  • To comply with law, including subpoenas, court orders, or other valid legal process, and to respond to lawful requests from public authorities;
  • To protect rights and safety, where we believe in good faith that disclosure is necessary to investigate fraud, prevent harm, or protect our rights, property, or the safety of our users or the public;
  • In the context of a corporate transaction, such as a merger, acquisition, asset sale, or insolvency, in which case we will require the recipient to honour the terms of this Policy;
  • With your consent, or at your direction.

We do not "sell" your personal information (as that term is defined under California law).

10. Data Retention

We retain personal data only for as long as needed for the purposes set out in this Policy:

  • Account data and diary content — for the duration of your account, plus up to 30 days after deletion to allow account recovery, after which it is permanently deleted from active systems. Encrypted backups are deleted within 90 days.
  • Purchase and subscription records — up to 7 years where required by tax and accounting laws.
  • Support correspondence — up to 3 years from the last interaction.
  • Aggregated analytics — may be retained indefinitely in anonymised form.
  • Crash and diagnostic logs — typically up to 90 days.

You can request earlier deletion at any time by emailing support@colorhub.online, subject to legal obligations to retain certain records.

11. Your Rights

11.1 Rights under EU/UK GDPR

If you are in the EEA, the UK, or Switzerland, you have the right to:

  • Access your personal data and obtain a copy (Art. 15);
  • Rectify inaccurate or incomplete data (Art. 16);
  • Erase your data ("right to be forgotten") (Art. 17);
  • Restrict processing in certain circumstances (Art. 18);
  • Receive your data in a portable, machine-readable format (Art. 20);
  • Object to processing based on legitimate interests or for direct marketing (Art. 21);
  • Withdraw consent at any time, where processing is based on consent (Art. 7(3));
  • Lodge a complaint with your local supervisory authority (Art. 77).

11.2 Rights under California law (CCPA/CPRA)

If you are a California resident, you have the right to:

  • know what personal information we have collected about you in the past 12 months, the sources, the purposes, and the categories of third parties with whom we share it;
  • request deletion of your personal information, subject to legal exceptions;
  • request correction of inaccurate personal information;
  • opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information as defined under the CCPA/CPRA);
  • limit the use and disclosure of sensitive personal information;
  • not receive discriminatory treatment for exercising any of these rights.

You may also designate an authorised agent to make a request on your behalf, subject to verification.

11.3 How to exercise your rights

To exercise any of the rights above, contact us at support@colorhub.online. We will respond within the timeframes required by applicable law (generally one month under GDPR, 45 days under CCPA, extendable where permitted). We may need to verify your identity before fulfilling a request.

12. Children's Privacy

The Application is not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13. In jurisdictions where the minimum age of digital consent under GDPR is higher than 13 (for example, 14 in Italy and Spain, 15 in France, 16 in Germany and the Netherlands), users below that age may only use the Application with the consent of a parent or legal guardian.

If we learn that we have collected personal data from a child below the applicable minimum age without verified parental consent, we will delete it as soon as reasonably possible. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at support@colorhub.online.

13. Security

We use reasonable technical and organisational measures designed to protect your information, including encryption of data in transit (TLS) and encryption of data at rest by our cloud infrastructure providers. The Application also offers a device-level lock (passcode or biometric) for additional protection on your device. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security.

14. Data Breach Notification

In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by Article 33 GDPR. Where the breach is likely to result in a high risk, we will also notify affected users without undue delay, as required by Article 34 GDPR.

15. Consumer Right to Cancel

If you are a consumer in the EU or UK and unless an exception applies, you have a statutory right to cancel a purchase within 14 days without giving any reason. The cancellation period expires 14 days after the day of the transaction. To meet the deadline, it is sufficient to send your cancellation statement before the period expires.

To cancel, please contact us by email at support@colorhub.online with a clear, unambiguous statement of your decision to cancel. In respect of subscription services, the right to cancel applies following the initial subscription and not upon each automatic renewal. For direct (web) purchases processed by Lemon Squeezy or Paddle, refunds are issued via the same payment method used for the purchase. For in-app purchases, refunds are processed by Apple or Google in accordance with their policies.

16. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. For material changes, we will provide additional notice (for example, an email or an in-app notice) and, where required by law, obtain your renewed consent before the changes take effect.

17. Your Consent

By creating an account or otherwise using the Application, you acknowledge that you have read this Privacy Policy and that we will process your personal data in accordance with the legal bases set out in Section 4. Where processing is based on your consent (for example, for marketing emails or for non-essential cookies), separate consent will be requested and may be withdrawn at any time.

18. Contact Us

For any questions or requests relating to this Privacy Policy or our processing of your personal data, including to exercise any of the rights described in Section 11, please contact us at support@colorhub.online.