ContactSign inSign up
Contact
Sign in

Privacy and Cookies Notice

Chroma Software, Inc.®

Updated: March 11, 2025

Chroma Software, Inc., a business corporation (herein “Chromatic”, “we”, “us” or “our”), based in the United States and headquartered at 548 Market St. #26384 San Francisco, CA 94104, is committed to protecting and respecting your privacy and personal information (herein, “personal information” refers to any information that identifies you or is about you as an individual). This Privacy Notice describes how we collect, use and share personal information through your (herein, “you” or “your” refers to the person accessing our products and services) interaction with our website: https://www.chromatic.com/, (herein, “Website”).

Please read this Privacy Notice carefully so you can make an informed decision about your use of our Website.

Contents

1. Scope of This Privacy Notice

This Privacy Notice applies to anyone who interacts with us through our Website, which manages our product and service offerings. This Privacy Notice provides details about the personal information we collect about you, how we use it, and how we protect and safeguard your personal information. This Privacy Notice also provides information about your rights as an individual, in relation to the personal information that we collect from you.

2. How We Collect Personal Information

We may collect personal information about you from various interactions on our Website. These interactions may include creating an account, placing an order, utilizing the comments feature, or utilizing the chat bot. Other interactions may include signing up for our newsletter or other marketing materials, and through your contact and interaction with us on social media, blogs, surveys, and/or product feedback communications.

We may also collect certain online identifiers, which may be considered personal information, through your use of our Website. This information includes online activity information and technical information about your usage activities, to the extent that such information constitutes personal information. We may also set cookies on your web browser or use other tracking technologies when you interact with websites, applications, or advertisements in our network. This allows us to collect certain websites’ usage data and online identifiers which, under certain privacy regulations, may be considered personal information. However, in many cases such data may be aggregated or anonymized, and may only ever be used to attempt to identify you as an individual where we have a legal basis to do so (for example in the case of an investigation into fraudulent transactions). For more information, refer to our “Cookies Notice” in section 12 below.

3. Categories of Personal Information We Collect

We may collect, and may have collected in the past, any of the following categories of personal information from you:

  • Contact information, such as, email address, and phone numbers;

  • Personal Identifiers, such as your name, alias, and other unique personal identifiers;

  • Financial details, such as details about your credit or payment card or payment account, including details of account numbers, payment details, or billing addresses;

  • Account Information, such as your username, and consent and preferences (e.g., to receive newsletters);

  • Credentials, such as passwords, password hints, and similar security information used for authentication and account access;

  • Commercial information, such as purchase history;

  • Geolocation data, such as physical location or movements;

  • We may collect information about interaction with, and responses to, our marketing communications;

  • Any personal information you send to us in emails, attachments, and other communications that you send us or otherwise contribute.

Data and online identifiers we collect through our Website (e.g., through cookies and other tracking technologies) may include IP addresses, preferences, web pages visited prior to coming to our Website, information about browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs, language, and other regional settings), and information about how you interact with our Website (such as pages visited, timestamps, clicks, scrolling, browsing times, and load times). For more information refer to our “Cookies Notice” in section 12 below.

4. How We Use Personal Information

Your personal information may be used by us, our employees and service providers, and disclosed to third-parties for the following purposes:

  • Communicate with you, including by responding to questions or communications you send to us (e.g., as a response to communications you have sent via online webforms or email), and other relevant service or product-related announcements;

  • Perform our services, including personalizing Website user experience (e.g., delivering relevant content and product offerings), order fulfilment and fulfilling transactions, maintaining accounts and contracts, providing customer service, informing and updating our investors, monitoring disputes, or verifying information;

  • Notify you about changes to our products and services;

  • Manage our affiliate, distributor, and customer relationships, including to enforce or apply the agreements concerning you (including any applicable agreements between you and us);

  • Perform marketing, including providing relevant details and informational updates related to our products and services, or advertising our products and services online. This could include “remarketing” or “retargeting”, whereby users of our Website may be marketed to on other third-party websites through use of Marketing Cookies – see “Cookies Policy” section 12 below for further information. In addition to third-party cookies, remarketing may also involve our use of personal information (such as name and email address) collected from you in prior interactions, which may then be used to provide you with relevant updates, marketing, or other information related to your prior interactions with our products and services;

  • Administer promotions such as offering product discounts, giveaways, or other incentives;

  • To improve the Services, including undertaking monitoring, market research, trend analysis, and customer satisfaction survey activities to verify, maintain, or improving the quality and types of products and services being provided, including on our Website, or to handle and respond to complaints or questions, analyzing your interactions with our products and services, or acting on feedback you provide through surveys, product feedback, emails, etc.;

  • Audit our transactions and interactions, for purposes where we have legal grounds to do so, such as security or for regulatory compliance;

  • Detect, remediate, and, if applicable, prosecute any physical security or information security-related or criminal incidents, including protecting against any illegal activity such as fraud to ensure the security and integrity of our services;

  • Enforce our legal rights and comply with legal or regulatory obligations including in connection with court orders, complaints, or performance of identity verification to respond to certain requests for information, or to establish, make, or defend against legal claims;

  • Act in the public interest, in line with any laws that apply;

  • Evaluate job applications and business proposals (e.g., agreements or requests proposed by affiliates and distributors, or prospective affiliates and distributors);

  • Post customer product comments on our Website that may contain personal information, such as name. By submitting express written consent, your comment regarding your experience with our products/services could be potentially posted on our Website. If you wish to delete your comment, please contact us at privacy@chromatic.com and be sure to include your name, comment location, and contact information.

Our Website may also contain links to and marketing from the websites of third-parties. We have no control over the content or operation of these websites, nor do we control the confidentiality or privacy practices of the website operators. Consequently, any personal information you submit through such website is governed by the privacy policies of the website in question. It is therefore your responsibility to find out about the third-party policies in order to protect your personal information when visiting these third-party websites.

7. Collection of Personal Information From Minors

Our Website is not designed or intended to attract children under 13 years of age, and we do not knowingly collect information from minors. By using our Website, you hereby represent that you are at least the age of legal majority in your place of residence. If you believe that we have inadvertently collected personal information from a child under 13 years of age, please contact us at privacy@chromatic.com.

8. Sharing and Sale of Your Personal Information

We may disclose your personal information to service providers and other third-parties. In the past, we may have disclosed to such third-parties any of the categories of personal information outlined in the above section 3, “Categories of Personal Information We Collect”, wherever we have legal basis for such sharing. However, we endeavor to share only the minimum relevant personal information that is required to fulfill the business purpose for sharing such personal information.

We may disclose, and may have already disclosed, personal information to the following categories of third-parties:

  • Our service providers - Our business partners, suppliers and sub-contractors who help us provide our Website, products and services. This includes, for example, our e-commerce platform providers, analytics providers, marketing and advertising service providers, website development and troubleshooting service providers. Our service providers may include, but are not limited to:

    • Intercom. Intercom assists us in providing a unified customer communications platform for customer interaction and experience management. For more information about Intercom’s privacy practices, visit https://www.intercom.com/legal/privacy.
    • Stripe. Stripe assists us in processing your payments. For more information about Stripe’s privacy practices, visit https://stripe.com/privacy.
    • Google Analytics/Ads. Google helps us better understand your use of our Website and services. Google Analytics collects information such as how often users visit our Website, what pages are visited, and what other sites may have been used prior to visiting. Google uses the data collected to track and examine website usage, to prepare reports on its activities and share them with other Google services, and to contextualize and personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to our Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can also opt-out of and manage your preferences for Google’s use of personalized advertising and related cookies by visiting Google’s Ad Settings, and Google Analytics also offers an opt-out mechanism for the web available here.
    • HubSpot. HubSpot is an analytics provider that utilizes cookie and usage data collected to track and examine the use of the Site and the Services, analyze demographic information, and to prepare reports on user activities and share them with other HubSpot services. HubSpot may use the data collected to contextualize and personalize the ads of its own advertising network. You can find out more information about HubSpot and the data it collects at https://legal.hubspot.com/privacy-policy.

  • Our professional advisers - Including accountants, lawyers and other professional advisers that assist us in carrying out our business activities;

  • Government authorities and third-parties involved in legal or regulatory action - External agencies and organizations (including the police and the relevant local authority) for the purpose of complying with applicable legal and regulatory obligations.

We may also disclose your personal information to other third-parties, for example:

  • In the event that we sell or buy any business or assets, or restructure our business or assets, we may disclose your personal information to the prospective affiliate, seller or buyer of such business or assets;

  • If we are under a duty to disclose or share your personal information in order to comply with any legal obligation.

9. Protection of Personal Information

We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

10. How Long We Keep Your Personal Information

We will retain your personal information for as long as is necessary for the purposes for which it was collected, or longer if required by applicable law. Those periods are also based on the requirements of applicable data protection laws, applicable legal and regulatory requirements and periods relating to the commencement of legal actions.

11. Where We Transfer Your Personal Information

We are headquartered in the United States and we will process your personal information in the United States. Your personal information will be transferred and stored in the United States. If we transfer personal information outside the European Economic Area (EEA), Asia, or Australia, we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection laws. For further information as to the safeguards we implement please contact privacy@chromatic.com.

12. Cookies Notice

This Cookies Notice applies when using our Website.

Cookie Overview and How They are Used on Our Website Our Website uses cookies to distinguish you from other users of our Website. Cookies are pieces of information stored directly on the device you are using by your browser. Cookies allow us to recognize your device and allows our Website to remember certain information about you (such as marketing preferences or account information), and to perform analytics and other functions in relation to your, and others’, use of our Website. This helps us to provide you with a good, secure, and personalized experience when you browse our Website and allows us to improve our Website over time.

Cookies set by us on our Website, named “first-party” cookies, are used to help evaluate and enable performance and secure functionality of our Website. These may enable us to collect or remember certain usage data and data about your device. This may include data on website pages visited prior, during and after visiting our Website, clicks or interactions made with the pages on our Website, consents and preferences, time spent on our pages and date/timestamps of visits and interactions, device identifiers such as IP address or operating system type, and browser type.

We also use “third-party” cookies, which are cookies from a website domain other than our Website. These are used for our Website’s analytics, site functionality, security, and marketing efforts by sharing usage and device-related data with relevant third-parties.

We, and third-parties performing services on our behalf, may use cookies for security purposes (for example, in helping prevent fraud), to facilitate navigation, to display information more effectively, and to personalize your experience while using our services. In addition, we may use the information to gather statistical information about the usage of our services in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites.

Web Beacon Overview and How They are Used on Our Website

The pages of our Website contain images (called a “single-pixel gif” or “web beacons”) that allow our third-party service providers and us to count page views or to collect other anonymous data. In general, any electronic image viewed as part of a web page, including an ad banner, can act as a web beacon. Web beacons are typically very small, usually 1 by 1 pixel in size, but their presence can be easily seen with your browser’s inspection tools. Web beacons are small in order to minimize both their display and their loading time. Our web beacons may collect, gather, monitor or share personal information about our online service visitors for web tracking purposes; they also may be used to compile anonymous, aggregated statistics about the usage of our online services.

For tracking purposes, we use web beacons on our Website along with other technical methods. We also employ third-party services (e.g., Twitter) that collect data remotely through the use of web beacons. This service then returns the completely anonymous data to us as site traffic reports.

Types of Cookies on Our Website

We use the following types of cookies for the following purposes:

Strictly Necessary Cookies: These cookies are essential for you to browse our Website and use its intended functionality, including accessing secure areas of our Website. These cookies cannot be opted-in or out of.

Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us to know which pages are the most and least popular and see how visitors move around our Website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Functional Cookies: These cookies enable the Websites to provide enhanced functionality. They may be set by us or by third-party service providers whose services we have added to our pages (for example, embedding videos on webpages).

Marketing Cookies: These cookies may be set on our Website by our advertising and marketing service providers. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They are based on uniquely identifying your browser and internet device. This recognition is used to serve relevant adverts, links, or other information about our products and services to users visiting other websites after having previously visited our Website or interacted with our products and services. If you consent to these cookies, you may experience targeted advertising.

13. Your Privacy Rights

You have several choices regarding the use of your personal information on the Site and our Services. Depending on the jurisdiction you reside in, you may have certain additional rights in relation to the personal information we have collected about you, which are detailed in jurisdiction-specific sections of this Privacy Policy below.

Email Communications. We may periodically send you free newsletters and e-mails that directly promote the use of our Site or Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information below). Despite your indicated e-mail preferences, we may send you Service-related communications, including notices of any updates to our Privacy Policy or terms of service/terms of use.

Cookies. If you decide at any time that you no longer wish to accept cookies from our Site for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Services. If you have any questions about how to disable or modify cookies, visit https://www.allaboutcookies.org/.

14. Notice to European Users

The information provided in this “Notice to European Users” section applies only to individuals in Europe.  

Personal information.  References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller.  We are the controller of your personal information covered by this Privacy Policy for the purposes of European data protection legislation, except to the extent that we process your personal information on behalf of our customer, including personal information that we process on behalf of our Clients, in which case our customer is the controller of your personal information, and we are the processor.

Legal bases for processing.  We use your personal information only as permitted by law.  Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing PurposeLegal basis
To operate the servicesProcessing is necessary to perform the contract governing our provision of the services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.
To communicate with you Notify you of changes to our products/services To manage affiliate, distributor and customer relationships To market, or advertise our products/services For administer promotions To improve the services To provide security For compliance, fraud prevention and safety To act in the public interest For employment purposes To post customer product commentsThese activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted to by law).
To comply with law To audit our transactions and interactionsProcessing is necessary to comply with our legal obligations.
With your consentProcessing is based on your consent. Where we rely on your consent you have the right to withdraw it at any time in the manner indicated when you consent or in the services.

Use for new purposes.  We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information.  We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services, or otherwise to us.

If you provide us with any sensitive personal information when you use the services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy.  If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through the services.

Automated Decision-Making and Profiling.  We do not use automated decision-making and/or profiling in regard to your personal information in connection with the services. 

Retention.  We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.  If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Your rights.  

European data protection laws give you certain rights regarding your personal information.  If you are located within the European Economic Area, the United Kingdom or Switzerland, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information. 
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to a third party of your choice.
  • Restrict. Restrict processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as a legal basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to privacy@chromatic.com or our postal address provided below.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator here.

Cross-Border Data Transfer.

If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:

  • Pursuant to the recipient’s compliance with standard contractual clauses or Binding Corporate Rules;
  • Pursuant to the consent of the individual to whom the personal information pertains; or
  • As otherwise permitted by applicable European requirements.

You may contact us at privacy@chromatic.com or via our contact information below if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.

EU Representative

DP-Dock has been appointed as our representative in the European Union for data protection matters, pursuant to Article 27 of the GDPR. If you are in the European Economic Area, DP-Dock can be contacted in addition to privacy@chromatic.com, only on matters related to the processing of personal data. To make such an inquiry, please contact DP-Dock at:

EU: DP-Dock GmbH, Attn: Chroma Software, Inc., Ballindamm 39, 20095 Hamburg, Germany

UK: DP Data Protection Services UK Ltd., Attn: Chroma Software, Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

website: www.dp-dock.com  email: chromatic@gdpr-rep.com

15. Notice to Canadian Users

The information provided in this “Notice to Canadian Users” section applies only to individuals in Canada.  Individuals located in Canada have certain rights pursuant to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable substantially similar provincial legislation (“Canadian data protection legislation”).  

Personal information.  References to “personal information” in this Privacy Policy are equivalent to “personal information” governed by Canadian data protection legislation.

Consent.  By using the services and providing personal information to us, you are consenting to the collection, use and disclosure of your personal information as described in this Notice.  If you do not consent to the processing of your personal information in accordance with this Notice, please do not access or continue to use the services or otherwise provide any personal information to us.

Your rights.

You have certain rights with respect to your personal information under Canadian data protection legislation.  Subject to certain exceptions and limitations, and depending upon the province where you reside, such rights may include:

  • To withdraw consent.  The right to withdraw your consent to the collection, use or disclosure of your personal information.

  • To be informed.  The right to be informed of the existence, use, and disclosure of your personal information, and to be provided with an account of the use that has been made or is being made of this information as well as the third parties to which it has been disclosed (including a list of organizations to which your information may have disclosed).

  • To correct.  The right to challenge the accuracy and completeness of your personal information, and have it amended, updated or rectified as appropriate.

  • To challenge.  The right to challenge our compliance with the applicable Canadian data protection legislation.

  • To be forgotten.  The right to restrict the dissemination of your personal information in certain circumstances if such dissemination contravenes a law or court order, or otherwise causes serious injury to your reputation or privacy.

  • Data portability.  The right to receive computerized personal information in a structured, commonly-used and technological format, or to have such personal information transferred directly to any person or body authorized by law to collect such personal information.  

Automated Decision-Making.  We do not use automated decision-making in regard to your personal information in connection with the services. 

Complaints.  The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) advises individuals to file an objection or challenge with the relevant company before lodging a formal complaint with a regulatory authority. If you are dissatisfied with our response to an objection or inquiry, or you if wish to file a complaint with a regulatory authority first, you may file a complaint with the Office of the Privacy Commissioner of Canada. Depending upon the province where you live, you may also (or instead) have the right to file a complaint with the applicable provincial privacy commissioner/regulator.

16. Notice to Australian Users

The information provided in this “Notice to Australian Users” section applies only to individuals in Australia.  We take reasonable steps to make sure that third party recipients located outside Australia handle your personal information in a secure manner consistent with Australian privacy principles and in accordance with this Privacy Notice. However, we cannot always ensure that such third party recipients will comply with Australian privacy law in relation to your personal information. As such, where a foreign third party recipient does not handle your personal information in compliance with Australian privacy law, we will not be accountable to you and you will not be able to seek redress under Australian privacy law for such non-compliance. By providing us with your personal information, you consent to us disclosing your personal information to recipients outside Australia on this basis.

If you have any questions, concerns or complaints in relation to our handling of your personal information, you can contact us at: privacy@chromatic.com. If you are unhappy with, or have further questions concerning, our handling of your question, concern, or complaint, you may contact the Office of the Australian Information Commissioner (telephone +61 1300 363 992 or email enquiries@oaic.gov.au).

17. Do Not Track Signals and Third-Party Tracking

Certain mechanisms may allow you to send web browser signals, known as “Do Not Track” (“DNT”) signals, indicating your choice to disable tracking on our Website. We do not respond to browser DNT signals at this time. We may not be aware of or be able to respond to every such mechanism.

Third-parties, other than our service providers (such as our Website’s analytics provider), do not have authorization from us to track which website you visited prior to and after visiting our Website. That said, we cannot control third-party tracking; therefore, there may be some third-party tracking that occurs without our knowledge or consent.

18. Questions and Contacts

We hope this Privacy Notice has been helpful in explaining the way we handle your personal information and your rights to control it. For any questions or comments in relation to this Privacy Notice and our privacy practices in general, please contact our Privacy Office who will be pleased to help you by email at privacy@chromatic.com.

19. Changes to Our Privacy Notice

Any changes we make to this Privacy Notice in the future will be posted on this page. The updated Privacy Notice will take effect as soon as it has been updated or otherwise communicated to you.

Edit page Submit feedback