Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Gessoed ("we," "us," or "our") collects, uses, and protects your information when you use our Service. We believe in being direct about this — we collect what we need to run the product and nothing more.

1. Information We Collect

Account information. When you sign in with Google, we receive your name, email address, and profile photo from Google. When you sign in via magic link email, we store your email address only.

Studio data. We store the paint palette you build (brand names, color names, hex values), the projects you create, and the mix recipes and notes you save. This is the core data that makes the Service work.

Reference photos. When you upload a reference photo to sample colors, it is processed locally in your browser. The image data is used only to enable pixel-level color sampling and is not transmitted to or stored on our servers.

Usage data. We collect basic information about how you use the Service — such as which features you use and when — to help us improve the product. We do not sell this data.

Payment information. If you purchase lifetime access, payment is processed by Paddle. We do not receive or store your credit card details. We receive confirmation of your payment status from Paddle.

2. How We Use Your Information

• To provide and maintain the Service
• To authenticate you and keep your account secure
• To store your studio data and make it available across sessions and devices
• To generate AI-powered mix recipes using the Claude API (Anthropic)
• To send you transactional emails such as sign-in links
• To process payments and confirm access status
• To improve the Service based on how it is used

3. Third-Party Services

Gessoed uses the following third-party services:

• Cloudflare — Hosting, database (D1), and infrastructure. Cloudflare may process your data in accordance with their privacy policy.
• Anthropic (Claude API) — AI-generated mix recipes. Color data and paint information is sent to Anthropic's API to generate recipes. Anthropic's privacy policy governs this processing.
• Google OAuth — Optional authentication. If you sign in with Google, Google's privacy policy applies to that process.
• Resend — Email delivery for magic link sign-in emails.
• Paddle — Payment processing for lifetime access purchases.

4. Data Storage and Security

Your data is stored in Cloudflare's D1 database infrastructure. We use industry-standard security practices including encrypted connections (HTTPS), secure session tokens (HttpOnly cookies), and access controls. We do not store plaintext passwords — authentication is handled via Google OAuth or passwordless magic links.

5. Data Retention

Your account data is retained for as long as your account is active. If you wish to delete your account and all associated data, contact us at hello@gessoed.app and we will process your request within 30 days.

6. Your Rights

You have the right to:

• Access the data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your studio data

To exercise any of these rights, contact us at hello@gessoed.app.

7. Cookies and Sessions

We use a single HttpOnly session cookie (gessoed_session) to keep you signed in. This cookie is required for the Service to function. It expires after 30 days of inactivity. We do not use advertising cookies or third-party tracking cookies.

8. Children's Privacy

Gessoed is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last updated" date at the top of this page will always reflect the most recent revision.

10. Contact

Questions or concerns about your privacy? Contact us at hello@gessoed.app.