Effective date: January 24, 2026

This Privacy Policy explains how ColorsCode ("we", "us", "our") may access, collect, use, store, and share personal information when you use our services (the "Services"). This includes when you:

• install or use the ColorsCode mobile application (or any other app we provide that links to this policy), or
• interact with us in related ways (for example, marketing or events).

If you do not agree with this policy, please do not use the Services.

At a glance This section is a summary. For details, read the full policy below.

• What we process: Personal information may be processed depending on how you use the Services and the choices you make.
• Sensitive data: We do not process sensitive personal information.
• Other sources: We may receive limited information from public databases, marketing partners, social media platforms, and other outside sources.
• Why we use it: To operate and improve the Services, communicate with you, protect against fraud and abuse, and comply with legal obligations. Other uses require a valid legal basis, including consent where applicable.
• Sharing: We may share limited information with third-party analytics, performance monitoring, and install attribution providers when needed to run and improve the Services.
• Security: We use reasonable safeguards, but no system is completely secure.
• Your rights: Rights vary by location; you can contact us to exercise them.

Table of contents

1. Information we collect

2. How we use information

3. Legal bases for processing

4. When and with whom we share information

5. How long we keep information

6. How we protect information

7. Your privacy rights

8. Do Not Track controls

9. U.S. state-specific rights

10. Updates to this policy

11. Contact us

12. Requests to access, update, or delete data

13. Information we collect

1.1 Information you provide to us In short: We collect personal information that you choose to provide.

You may provide personal information when you contact us, request information, or take part in activities related to the Services.

Sensitive information: We do not process sensitive personal information.

Device permissions: If you grant access or permissions, we may request access to certain mobile device features (for example, storage, camera, or other features). You can change these permissions in your device settings.

If you use our application(s), we may also collect device information such as device ID, model, manufacturer, operating system version, device and app identifiers, network information, and IP address (or proxy server). This information is mainly used to keep the Services operating securely, troubleshoot issues, and support internal analytics and reporting.

You are responsible for ensuring that any information you provide is accurate and kept up to date.

1.2 Information collected automatically In short: Some information (like IP address and device characteristics) may be collected automatically when you use the Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information typically does not reveal your specific identity (like your name or contact information), but it may include device and usage information such as IP address, device identifiers, operating system, language preferences, and details about how and when you use the Services. This helps us maintain security, operate the Services, and support internal analytics and reporting.

This may include:

• Log and Usage Data: service-related, diagnostic, usage, and performance information that may be recorded when you access or use the Services.
• Device Data: information about the device you use to access the Services (such as device and application identification numbers, hardware model, operating system, and system configuration information).
• Location Data: depending on your device settings and permissions, we may collect precise or approximate location information. You can opt out by disabling location permissions. If you opt out, some features may not work as intended.

1.3 Information from third-party sources In short: We may collect limited information about you from outside sources.

To help improve the Services (for example, analytics, performance monitoring, and install attribution), we may obtain limited information from third-party providers. This may include device identifiers (such as IDFA/IDFV), IP address, crash logs, usage events, and install attribution parameters.

We do not currently use this information to provide targeted advertising. If that changes, we will update this policy and, where required, obtain your consent.

2. How we use information In short: We use information to provide, improve, and administer the Services, communicate with you, prevent fraud and abuse, and comply with law. We process information for other purposes only when we have a valid legal basis (including consent where required).

We may process personal information for reasons such as:

• providing and facilitating delivery of the Services to you;
• responding to inquiries and providing support; and
• protecting an individual's vital interests.

3. Legal bases for processing In short: We process personal information only when we believe it is necessary and we have a valid legal basis under applicable law.

3.1 If you are located in the EU or UK GDPR/UK GDPR require us to explain the legal bases we rely on. Depending on the circumstances, we may rely on:

• Consent
• Legal obligations
• Vital interests

3.2 If you are located in Canada We may process your information with your express consent, or with implied consent where permitted by law. You can withdraw your consent at any time.

3.3 When consent is not required In some exceptional cases, applicable law may permit processing without consent (for example, for investigations and fraud prevention, compliance with subpoenas or court orders, or where information is publicly available as specified by regulations).

4. When and with whom we share information In short: We may share limited information with third-party analytics, performance monitoring, and install attribution providers when necessary to operate, maintain, and improve the Services.

The types of information shared may include device identifiers (e.g., IDFA/IDFV), IP address, crash logs, usage events, and install attribution parameters for analytics, performance monitoring, and install attribution purposes.

We do not sell your personal information to third parties.

5. How long we keep information In short: We keep personal information for as long as necessary to fulfill the purposes described in this policy unless a longer retention period is required or permitted by law (for example, tax or accounting obligations).

6. How we protect information In short: We use reasonable organizational and technical safeguards to protect personal information.

However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that unauthorized parties will never be able to defeat our safeguards and improperly collect, access, steal, or modify information.

7. Your privacy rights In short: Depending on where you are located (for example, the EEA, UK, Switzerland, or Canada), you may have rights that give you greater access to and control over your personal information.

Depending on your jurisdiction, these rights may include:

• requesting access to and obtaining a copy of your personal information;
• requesting correction or deletion;
• restricting processing;
• data portability (where applicable); and
• objecting to processing in certain circumstances.

To exercise your rights, contact us using the details in the "Contact us" section. We will consider and respond to requests in accordance with applicable data protection laws.

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

If we rely on your consent, you may withdraw your consent at any time by contacting us.

8. Do Not Track controls Some browsers and mobile operating systems include a Do Not Track ("DNT") setting. Because there is no uniform standard for recognizing DNT signals, we do not currently respond to DNT signals. If a standard is adopted that we must follow in the future, we will update this policy and our practices as required.

9. U.S. state-specific rights In short: If you are a resident of certain U.S. states, you may have the right to request access to and receive details about the personal information we maintain, correct inaccuracies, obtain a copy of, or delete your personal information. You may also have the right to withdraw consent to processing where applicable.

Appeals: Under certain U.S. state privacy laws, if we decline to take action regarding your request, you may appeal our decision by contacting us. We will respond in writing with any action taken or not taken, including an explanation of the reasons.

10. Updates to this policy We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date at the top. If we make material changes, we may provide additional notice where appropriate. We encourage you to review this policy periodically.

11. Contact us If you have questions or comments about this policy, contact us at:

Email: vandellen91@outlook.com Phone: +13513589895

12. Requests to access, update, or delete data Depending on applicable law, you may have the right to request access to the personal information we collect, details about how we process it, request corrections, or request deletion. You may also have the right to withdraw consent where applicable. To make a request, contact us using the details above.