Privacy Policy
Last updated: 30 March 2026
Palettise (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Palettise website and platform (the “Service”).
We are the data controller for the personal data processed through the Service. If you have any questions, you can reach us at hello@palettise.com.
1. Data We Collect
Account data
When you create an account, we collect information provided through our authentication provider, Clerk, including your name, email address, profile picture, and authentication identifiers.
Usage data
We automatically collect information about how you interact with the Service, including pages visited, features used, generation history, timestamps, device type, browser type, operating system, and IP address.
Generation data
When you use our AI design system generator, we collect the prompts and inputs you provide, along with the generated outputs. This data is used to deliver the Service and improve its quality.
Payment data
If you subscribe to a paid plan, payment information is collected and processed directly by Stripe. We do not store your full card details. We receive limited billing information such as the last four digits of your card, billing address, and transaction records.
Cookie and tracking data
We use cookies and similar technologies to collect data about your browsing behaviour. For full details, see our Cookie Policy.
2. How We Use Your Data
We process your personal data for the following purposes and lawful bases under the UK GDPR:
| Purpose | Lawful Basis |
|---|---|
| Providing and operating the Service | Performance of a contract |
| Processing payments and managing subscriptions | Performance of a contract |
| Sending transactional emails (e.g. account updates) | Performance of a contract |
| Analysing usage to improve the Service | Legitimate interest |
| Analytics and performance measurement | Consent (via cookie preferences) |
| Advertising measurement and remarketing | Consent (via cookie preferences) |
| Ensuring security and preventing fraud | Legitimate interest |
| Complying with legal obligations | Legal obligation |
3. Analytics and Advertising
With your consent, we use the following third-party analytics and advertising services:
- Google Analytics— to understand how visitors interact with the Service, including page views, session duration, traffic sources, and user demographics. Google Analytics uses cookies to collect pseudonymised data.
- Google Ads (Conversion Tracking) — to measure the effectiveness of our advertising campaigns and to provide remarketing audiences. Google Ads may set cookies to track conversions and serve personalised ads across the Google Display Network.
- Meta Pixel (Facebook) — to measure the effectiveness of our advertising on Meta platforms (Facebook, Instagram), to build custom audiences, and to serve relevant ads. The Meta Pixel collects data about your interactions with the Service.
These services may transfer data outside the UK. Where this occurs, we ensure appropriate safeguards are in place (see Section 7). You can manage your preferences for these services via our Cookie Policy or the cookie consent banner.
4. Third-Party Processors
We share your data with the following third-party service providers who process data on our behalf:
- Clerk— authentication and user management
- Supabase— database hosting and storage
- Stripe— payment processing and subscription management
- Anthropic (Claude API) — AI processing for design system generation
- Vercel— website hosting and deployment
- Google— analytics and advertising services
- Meta— advertising measurement and remarketing
Each processor is bound by data processing agreements and processes your data only as instructed by us and in accordance with applicable data protection law.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:
- Account data: retained for the lifetime of your account and deleted within 90 days of account closure
- Generation data: retained for the lifetime of your account
- Payment records: retained for 7 years as required by UK tax and accounting regulations
- Analytics data: retained in accordance with the respective third-party provider’s retention policies (typically 14–26 months)
6. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data in certain circumstances
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or direct marketing
- Right to withdraw consent — withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at hello@palettise.com. We will respond within one month of receiving your request.
7. International Transfers
Some of our third-party processors are located outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO), or reliance on an adequacy decision where applicable.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
9. Children’s Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
12. Contact Us
For any questions or requests regarding this Privacy Policy or your personal data, please contact us at hello@palettise.com.