Privacy Policy

1. Who We Are

Colour Memory is a product of PR Eye Ltd, a company registered in England and Wales. The API and its associated tools are operated by Digby Oldridge trading as PR Eye Ltd, Oxfordshire, UK.

UK trademark UK00004387450 covers COLOUR MEMORY in Classes 9, 35, and 42.

Contact: hello@colourmemory.com

2. What We Collect

When you use the Colour Memory API or website, we may collect:

• API usage data — the query text sent to our endpoints, the archive queried, a timestamp, and a truncated preview of the response. This is held in an in-memory log (maximum 500 entries) that resets whenever the server restarts. It is never written to permanent storage.
• Account information — if you subscribe to a paid tier, we collect your email address and payment method via Stripe. We do not store card numbers; Stripe handles all payment data under their own privacy policy.
• API keys — we generate and store API keys in memory associated with your email address and usage tier. These reset on server restart; we are migrating to a persistent database.
• Standard server logs — IP addresses, HTTP method, path, and response code, as produced automatically by our hosting provider (Railway). These are retained according to Railway's own data retention policy.

We do not collect names, addresses, phone numbers, or any information beyond what is listed above.

3. How We Use Data

We use collected data only to:

• Operate and improve the API service
• Enforce usage tier limits and rate limits
• Diagnose errors and monitor reliability
• Process payments and issue API keys via Stripe
• Respond to support requests

We do not use your queries or usage data for advertising, profiling, or training machine learning models.

4. Third-Party Services

Colour Memory uses the following third-party services, each with their own privacy policies:

• Railway (hosting) — railway.com/legal/privacy
• Stripe (payments) — stripe.com/gb/privacy
• Anthropic / Claude (AI prose generation for colour stories) — anthropic.com/legal/privacy

We do not sell, rent, or share your data with any other third parties.

5. Data Retention

• Query logs — in-memory only; erased on every server restart (typically within days).
• API keys and account data — currently in-memory; we are migrating to a persistent store. Upon request, we will delete your key and associated email immediately.
• Payment data — held by Stripe under their retention policy. We retain only your email address and subscription tier for billing reference.
• Server infrastructure logs — retained by Railway per their default policy (typically 7–30 days).

6. Your Rights (UK GDPR)

As a UK-based operator we process data under the UK GDPR. You have the right to:

• Request access to personal data we hold about you
• Request correction or deletion of that data
• Object to or restrict processing
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, email us at hello@colourmemory.com. We will respond within 30 days.

7. Security

All API traffic is served over HTTPS. Admin endpoints are protected by secret key authentication. We do not log full API keys. Payment data is handled exclusively by Stripe and never passes through our servers in raw form.

8. Cookies

The Colour Memory API itself sets no cookies. The demo website at colourmemory.com/archive may use Netlify's default analytics. No advertising cookies are used.

9. Changes to This Policy

We may update this policy as the service evolves. Material changes will be noted at the top of this page with a revised effective date. Continued use of the API after a change constitutes acceptance of the updated policy.

10. Contact

For privacy enquiries, data deletion requests, or anything else: