Privacy policy.

This Privacy Policy explains how Chromaport Sp. z o.o. ("we", "us", "our" or “Chromaport”) collects, uses, discloses, and protects personal data. Personal Data means any information relating to an identified or identifiable natural person, such as name, address, email-addresses, IP address, or user behavior.

We have prepared this Privacy Policy (“Privacy Policy” or "Policy") to inform you of our practices regarding the Personal Data we collect from and about users of our website, (the "Chromaport Website") and our downloadable desktop and mobile applications (together with the Chromaport Website and any other products and services provided by Chromaport, the "Chromaport Offerings").

The Privacy Policy provides you with information about the processing of personal data in relation to administration of the contractual relationship between us as described and defined in the Terms of Service (“Terms of Service” or “Agreement”) or any other agreements, as well as all other cases, when you may come in contact with us.

This Policy is intended to comply with major global privacy frameworks, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy legislation.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

Legal bases for processing (GDPR)

We process Personal Data under the following legal bases:

• Contractual necessity – to provide the Chromaport Offerings
• Legitimate interests – improving performance, security, and user experience
• Consent – where required (e.g., marketing communications)
• Legal obligations – compliance with applicable laws

Categories of Personal Data, as well as purposes and legal basis for the processing

We collect information about you when you use Chromaport Offerings or otherwise interact with us. The types of information we collect about you includes:

When you create an account

For the registration of the account, we collect:

• email address
• password

The purpose of this processing is to create and manage your account and to execute the Terms of Service agreement.

Legal Basis for Processing:

• For contract performance and pre-contractual inquiries - Art. 6 (1) (b) GDPR
• With regard to legal obligation - Art. 6 (1) (c) GDPR
• Otherwise, with regard to our legitimate interests - Art. 6 (1) (f) GDPR

You also have the option to create or log in into a Chromaport account via an identity provider, e.g., Microsoft, Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland, etc.) (Google). Chromaport receives an identification token from the identity provider that contains information used to create, or connect to, your account (email address).

The legal basis for the processing of your Personal Data in connection with an identity provider is your consent pursuant to Art. 6 (1) (a) GDPR.

When you use our product

When you use Chromaport Offerings, we may collect the following Personal Data after you log in:

• Direct input to the Chromaport Offerings, such as workspace names, computer names, and app names you add to workspaces.
• Host computers information, including CPU and GPU names and manufacturers.
• Usage data, such as session start and end times, and user and device IDs.

Purpose of Processing:

• To provide Chromaport Offerings.
• To verify usage authorization and provide the functionalities of Chromaport Offerings.
• To maintain and improve the security and performance of Chromaport Offerings.

Legal Basis for Processing:

• Contractual Necessity (Art. 6(1)(b) GDPR) – for verification of usage authorization and provision of Chromaport Offerings.
• Legitimate Interests (Art. 6(1)(f) GDPR) – to secure the application, maintain its stability, and optimize performance.
• Consent (Art. 6(1)(a) GDPR) – for processing beyond contractual and legitimate interests, only when you expressly provide it.

When you visit our website

When users visit our website, i.e., even if they do not register or otherwise submit information, we (or our web hosting provider) collect user access data (so-called server log files). The server log files can include the following data:

• The address and name of the websites and files accessed
• Date and time of access
• Data volumes transferred
• Notification of successful access
• Browser type and version
• User's operating system
• Referrer URL (the previously visited page)
• IP address

Purpose of Processing:

• To ensure a smooth and reliable connection to our website.
• To maintain system security and stability.
• To statistically analyze usage patterns for website optimization.

Legal Basis for Processing:

• Legitimate Interests (Art. 6(1)(f) GDPR) – to improve the stability and functionality of our website and prevent misuse of our services.

When you consent to cookies (Art. 6 (1) (a) GDPR), we collect information about how you use our website. We use this information to improve our website and to better understand how people use it. More detail on the information we collect and how we do this is set out in section “Cookies and tracking technologies”. If you have given consent to the use of cookies, we will use Google Analytics in order to better understand our users’ needs and to optimize our service and experience. You can learn more about how Google uses this data here: https://policies.google.com/technologies/partner-sites

When you contact us.

When you contact us by email, through our website, or via our product, we may collect the following Personal Data:

• Name
• Contact details (e.g., email address, phone number)
• Any information you provide in your message or support request

Purpose of Processing:

• To respond to your general inquiries and questions.
• To provide technical support or assistance with our products or services.
• To provide quotes or information related to potential services.
• To implement pre-contractual measures or fulfill contractual obligations, where applicable

Legal Basis for Processing:

• Legitimate Interests (Art. 6(1)(f) GDPR) – for responding to general inquiries or questions not related to the Agreement
• Contractual Necessity (Art. 6(1)(b) GDPR) – when providing support or fulfilling existing contractual obligations
• Consent (Art. 6(1)(a) GDPR) – if you contact us for purposes not related to the Agreement, such as requesting a quote without an existing Agreement. Consent is given when you submit the form and can be withdrawn at any time

On social media.

When you interact with us on social media platforms, including Facebook, Twitter, YouTube, and LinkedIn, we may collect the following Personal Data:

• Social media handle or username
• Name
• Email address (if provided)

Purpose of Processing:

• To respond promptly to your comments, questions, or messages.
• To manage our social media presence and engagement.

Legal Basis for Processing:

• Legitimate Interests (Art. 6(1)(f) GDPR) – to ensure effective communication and engagement on social media while maintaining our community standards.

Analyzing and fixing crashes in applications

Chromaport may process your Personal Data to analyze crashes and errors in our mobile, desktop, or web applications. This is done only if you enable the automatic log of crashes. In such cases, all crash logs are sent to the Chromaport server where they are analyzed, and bug fixes are implemented. Such crash logs may contain:

• Session information (e.g., session ID, device ID, IP address, username)
• Device information (e.g., device name, IP address, application version, system logs)
• User information included in logs (e.g., ID)

Purpose of Processing:

• To identify, analyze, and fix application crashes and errors.
• To improve the stability, performance, and security of our applications

Legal Basis for Processing:

• Contractual Necessity (Art. 6(1)(b) GDPR) – to fulfill our contractual obligations under the Terms of Service and ensure proper functioning of the applications.

Additional Notes:

Depending on the operating system and application, crash logs may be anonymized before they are sent to Chromaport.

Personal Data collected through crash logs is used only for the purposes described above and is not shared outside of the analysis and debugging process.

Advertising and Conversion Tracking

We use advertising technologies from third-party providers, including Google Ads and Meta (Facebook/Instagram) Ads, to deliver relevant marketing content, measure the effectiveness of our campaigns, and track conversions.

Data We Collect and Process:

• Cookies and similar tracking technologies stored on your device
• Device information (IP address, browser type/version, operating system)
• User interactions with our website or advertisements (e.g., clicks, page visits, conversions, purchases)
• Referral information (how you arrived at our website)

Purpose of Processing:

• To provide personalized advertisements tailored to your interests.
• To measure and analyze the performance of our marketing campaigns.
• To track conversions (e.g., purchases or sign-ups resulting from ad interactions).

Legal Basis for Processing:

• Consent (Art. 6(1)(a) GDPR) – advertising and conversion tracking occurs only if you have explicitly consented via our consent management platform (CMP).

You can opt out of personalized ads from Google via Google Ads Settings. You can opt out of personalized ads from Meta via Meta Ad Preferences. You may also manage or delete cookies through your browser or device settings.

Personal Data collected for advertising and conversion tracking is retained only as long as necessary to fulfill the above purposes or as required by law.

Cookies and tracking technologies

We use cookies and other technologies in our services, including when you visit Chromaport Website or access Chromaport Offerings. A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and Chromaport Offerings quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of the Chromaport Offerings.

We use cookies, SDKs, and similar technologies to:

• Maintain authenticated user sessions.
• Remember preferences.
• Analyze Chromaport Website usage (e.g., via Google Analytics).
• Detect errors and performance issues.

Where required by law, we obtain consent before placing non-essential cookies. You may control cookies through your browser or device settings.

You may remove the cookies by following the instructions of your device preferences; You can find more information about cookies at www.allaboutcookies.org; however, if you choose to disable cookies, some features of Chromaport Offerings may not operate properly and your experience may be limited.

Depending on the type of cookies, we use them to process your Personal Data either on the legal basis:

• Consent (Art. 6(1)(a) GDPR) – for non-essential cookies requiring your explicit permission.
• Legitimate Interests (Art. 6(1)(f) GDPR) – for cookies necessary to operate Chromaport Offering, maintain security, or analyze usage in an aggregated or anonymized form

Service providers

We work with the following service providers to support our Chromaport Offerings. These providers may process Personal Data on our behalf:

Amazon Web Services

Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg
Data categories: User data (email), configuration data (including computer name, app name), session data.
Purpose:cloud hosting services to host the Chromaport Offerings and all related data through its AWS offering.
Legal basis: Contractual Necessity Art. 6 (1) (b) GDPR
Privacy policy of the provider: https://aws.amazon.com/en/privacy/?nc1=f_pr

Cookiebot

Provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark
Data categories: Cookie data for storing and managing user consent
Purpose: Management and storage of cookie consents, proof of consents to comply with legal requirements, documentation of user preferences.
Legal basis: Legal Obligation Art. 6 (1) (c) GDPR
Privacy policy of the provider: https://www.cookiebot.com/en/privacy-policy

Meta Ads / Facebook Pixel (Meta Platforms, Inc.)

Provider: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Data categories: Cookies, device info, IP address (shortened), browsing behavior, interactions with ads, conversion data
Purpose: Personalized advertising, conversion tracking, measurement of ad performance
Legal basis: Consent (Art. 6(1)(a) GDPR)
Privacy policy of the provider: https://www.facebook.com/policy

Google Analytics

Provider: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data categories: Cookies, user behavior (e.g. page views, clicks, duration of visit), IP address (shortened), technical information (operating system, browser, end device), source of origin (referrer URL), location (region).
Purpose: Evaluation of the use of the website, creation of reports on website activities, improvement of website use and internet use.
Legal basis: Consent Art. 6 (1) (a) GDPR
Privacy policy of the provider: https://policies.google.com/privacy

Google Ads (Google Ireland Limited)

Provider: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data categories: Cookies, device info, IP address (shortened), browsing behavior, interactions with ads, conversion data
Purpose: Personalized advertising, conversion tracking, measurement of ad performance
Legal basis: Consent (Art. 6(1)(a) GDPR)
Privacy policy of the provider: https://policies.google.com/privacy

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data categories: Google Tag Manager itself does not collect any Personal Data, it is used to manage tags that may themselves collect data (e.g. Google Analytics)
Purpose: Management and implementation of tracking and marketing tags on the website, provision and updating of JavaScript and HTML tags.
Privacy policy of the provider: https://policies.google.com/privacy

Paddle

Provider:Paddle.com Market Limited of Judd House, 18-29 Mora Street, London, EC1V 8BT, UK; Paddle Payments Limited of The Academy, 42 Pearse Street, Dublin, D02 YX88, Ireland; Paddle.com Inc. of 3811 Ditmars Blvd, #1071 Astoria, New York, 11105-1803, USA Data categories: Company name or the name of the private individual, address, e-mail, telephone, tax information, payment information to the extent permitted to us (not PCI DSS compliant)
Purpose: Merchant of Record
Legal basis: Contractual Necessity Art. 6 (1) (b) GDPR
Privacy policy of the provider: https://www.paddle.com/legal/privacy

Sentry

Provider: Sentry/Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
Data categories: IP address (shortened), technical information (operating system, browser, end device)
Purpose: Error logging for app errors happening for users of our product.
Legal basis: Contractual Necessity Art. 6 (1) (b) GDPR
Privacy policy of the provider: https://sentry.io/privacy

Data security

We take appropriate technical, organizational, and physical measures to protect your Personal Data from unauthorized access, use, or disclosure. For example, only authorized employees have access to Personal Data, and they can only do so for permitted business purposes.

We use state-of-the-art encryption methods, such as SSL, and secure protocols like HTTPS to protect your data during transfer. Our security measures are continuously reviewed and improved in line with technological developments.

While we take measures to ensure that your information is reasonably and appropriately secure, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you share your data. We cannot guarantee that only authorized persons will view your data. We cannot guarantee that the information you provide to us will not become publicly available as a result of circumventing our security measures. We are not responsible for third party circumvention of any privacy settings or security measures. You can reduce these risks by using common sense security practices, such as choosing a strong password, using different passwords for different services, and using up-to-date antivirus software.

Data Retention

We store your Personal Data for no longer than necessary for the purposes for which it was collected, including for the purposes of providing Chromaport Offerings, satisfying any legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorized use or disclosure of your Personal Data; the purposes for which we process your Personal Data; and the applicable legal requirements.

Upon termination of the contractual relationship with you, all information relating to the user account will be deleted, subject to a statutory retention period. It is the responsibility of the users to back up their data before the end of the Agreement. We are entitled to irretrievably delete all user data stored during the term of the Agreement.

International transfer

Because Chromaport operates globally, it may be necessary for us to transfer information, including Personal Data, to countries other than the country in which the information was collected.

Whenever Chromaport transfers Personal Data outside the European Union or the European Economic Area to countries that do not provide an adequate level of data protection as recognized by the European Commission, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

In particular, such transfers are safeguarded by the use of Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms, to ensure an adequate level of protection for your Personal Data. You can find more information about the Standard Contractual Clauses here: European Commission – Standard Contractual Clauses.

Your rights

Depending on your location, you may have the following rights regarding your Personal Data.

European Union / United Kingdom (GDPR)

You have the right to:

• Request information about the processing of your Personal Data.
• Access your Personal Data.
• Rectify inaccurate Personal Data.
• Erase your Personal Data ("right to be forgotten").
• Restrict or object to processing.
• Data portability (Article 20 GDPR) - You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Chromaport as spreadsheet files in Microsoft Excel format. You are required to pay €1.000 (Euro one thousand) and any applicable taxes on delivery for each data copy order.
• Withdraw consent at any time.
• Lodge a complaint with a supervisory authority.

United States – California (CCPA/CPRA)

California residents have the right to:

• Know what Personal Data is collected, used, disclosed, or shared.
• Access Personal Data.
• Request deletion.
• Correct inaccurate Personal Data.
• Opt out of sale or sharing of Personal Data (if applicable).
• Limit the use of sensitive Personal Data (if applicable).
• Not be discriminated against for exercising privacy rights.

Brazil (LGPD)

Brazilian users have the right to:

• Confirm the existence of processing.
• Access Personal Data.
• Correct incomplete or outdated Personal Data.
• Request anonymization, blocking, or deletion.
• Request data portability - You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Chromaport as spreadsheet files in Microsoft Excel format. You are required to pay €1.000 (Euro one thousand) and any applicable taxes on delivery for each data copy order.
• Withdraw consent at any time

Canada (PIPEDA)

Users in other jurisdictions may have similar rights under local law. We honor all applicable data subject requests in accordance with relevant legislation.

Requests may be submitted via:

Email: privacy@chromaport.com

We may need to verify your identity before fulfilling your request.

Data processing when accessing linked content

Chromaport Website may contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, nor do we have any influence on the content of third-party websites. Chromaport is not responsible for the privacy practices or the content of other websites. If you are redirected to other websites via links on Chromaport Website, please inform yourself there about the respective handling of your data.

Children’s Privacy

Chromaport Offerings are not intended for users under 13 years of age (or 16 in the EEA). If you have reason to believe that a child under the age of 13 (or 16 in the EEA) has provided Personal Data to Chromaport, please contact us at privacy@chromaport.com and we will endeavor to delete that information from our databases.

Controller

The controller responsible for the processing of your Personal Data as described in this Privacy Policy, within the meaning of Art. 4(7) GDPR, is:

Chromaport Sp. z o.o.
Jarosława Iwaszkiewicza 81/9
70-786 Szczecin, Poland

contact@chromaport.com

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Changes will be posted with an updated "Last modified" date.

This Privacy Policy was last modified on February 1, 2026.

If you have any questions or concerns regarding the processing of your Personal Data, you can contact us at any time at:

Email: privacy@chromaport.com