Privacy Policy
Last updated: February 26, 2026
1. Data Controller
Coollage Studio ("we", "us", or "our") is the data controller for personal data processed through Coollage ("the Service"). You can reach us at info@coollage.studio.
2. Data We Collect & Legal Basis
Authentication Data
When you create an account, we collect your email address and a unique user identifier (UID) through Firebase Authentication (Google sign-in or email/password). If available from your provider, we may also process basic profile data such as display name and profile photo URL.
Legal basis: Contract performance — necessary to provide you with the Service.
Beta Access Data
During beta, we may store your current access tier (for example, free or beta Pro access) and related status fields in Cloud Firestore to control feature availability.
Legal basis: Contract performance — necessary to manage your access to the Service.
Payment Data
Coollage currently runs in beta with paid subscriptions disabled. Stripe integration exists for future paid plans, but checkout and billing are not active during beta mode. We do not collect or store payment card data. If billing is enabled in the future, payment details will be processed directly by Stripe.
Local Storage (Preferences)
We store functional preferences locally in your browser using localStorage. This includes your theme preference, workspace mode, aspect ratio settings, a cached copy of your plan status, and your analytics consent choice. We also use sessionStorage to prevent duplicate launch events during a single browser session.
Legal basis: Legitimate interest — to provide a consistent user experience.
Analytics & Performance Metrics
With your consent, we use Vercel Analytics and Vercel Speed Insights to understand feature usage and site performance. Analytics is disabled by default and only enabled after you accept the consent banner. We do not send your uploaded images to analytics providers.
Legal basis: Consent.
3. How Images Are Processed
All image processing in Coollage happens entirely within your browser. Your images are never uploaded, transmitted, or stored on our servers. We have no access to the images you use with the Service.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Authentication | User sign-in and identity | Email, UID, and basic profile data (if available) |
| Cloud Firestore | Account, beta access status, and subscription metadata | Email, UID, access/subscription status fields |
| Vercel Analytics | Consent-based product analytics | Event metadata and technical usage data |
| Vercel Speed Insights | Consent-based performance monitoring | Web performance metrics and technical telemetry |
| Stripe (disabled in beta) | Subscription checkout and billing (when enabled) | Email, UID reference, plan/price identifiers |
Each third-party service operates under its own privacy policy. We encourage you to review their policies.
5. Cookies & Local Storage
Coollage does not set cookies directly. Firebase Authentication may set its own cookies for session management. We use browser localStorage for functional settings and consent state (`themeMode`, `theme`, `workspaceMode`, `selectedAspectRatio`, `coollage.plan.session`, `coollage.analytics.consent`) and sessionStorage for a session launch marker (`coollage.app.launched`).
6. Data Retention
We retain your account data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us at info@coollage.studio. We will process deletion requests within 30 days.
7. International Data Transfers
Firebase, Vercel, and Stripe may process data outside the European Economic Area (EEA). These transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and provider compliance with applicable data protection frameworks.
8. Your Rights Under GDPR
As a user in the EU, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Data portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Restriction — request that we limit processing of your data
- Complaint — lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority
To exercise any of these rights, contact us at info@coollage.studio. We will respond within 30 days.
9. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
11. Contact
For any questions or concerns about this Privacy Policy or our data practices, contact us at info@coollage.studio.