Privacy policy

Last updated: 13 May 2026

Undertint is developed by Justin Stach (“we”, “us”, “our”), based in the United Kingdom. This privacy policy explains what information we collect when you use the Undertint iOS application and the undertint.app website, and how we handle that information.

We are committed to protecting your privacy. Undertint collects very little data, and what we do collect is described below.

The Undertint iOS application

Undertint processes your images and palette data to generate colour mixing recipes. The app is designed to work entirely on your device.

• Image processing runs on your device. Photos you import are never uploaded to us or to any third party. Reference photos are chosen through Apple’s PhotosPicker, so Undertint never gains general access to your photo library.
• Sessions, palettes, and recipes are stored locally on your device using Apple’s standard frameworks (SwiftData and the file system). They are not transmitted to us.
• The app does not include analytics, telemetry, advertising, or third-party tracking SDKs. The only network activity is Apple’s StoreKit, used to process and restore the optional Undertint Pro in-app purchase.
• If you choose to save a value study image, the app uses iOS’s add-only photo library permission to write the image to your photo library. Nothing is sent off your device.
• On-device image classification, used to suggest a session name from your photo, runs locally via Apple’s Vision framework. Photos remain on your device throughout.
• The app is distributed via the App Store. When you download the app, Apple may collect diagnostic and usage information under Apple’s privacy policy. Stach Ltd does not receive any of that information.

In-app purchases

Undertint offers a single one-off in-app purchase, Undertint Pro, which unlocks two- and three-paint mix recipes. The purchase is processed by Apple’s App Store on your device. Stach Ltd does not see, store, or process your payment details or your Apple ID.

Apple records the transaction against your Apple ID so the unlock can be restored on your other devices and shared with your family. Undertint reads the unlock status from Apple’s StoreKit framework on the device and caches a single boolean (purchased or not) in local app storage. No transaction data leaves your device through Undertint.

Apple’s own privacy practices for App Store purchases are described at apple.com/legal/privacy.

The undertint.app website

Analytics

We use Plausible Analytics to understand how visitors use our website. Plausible does not use cookies and does not collect personal identifiers that could track you across websites. The following aggregated data points may be recorded with each page view: the page URL, referrer, approximate geolocation (country and city, derived from IP address), device type, operating system, and browser. This data is aggregated and cannot be used to identify individual visitors. For more information, see Plausible’s data policy.

Cookies

We do not set any first-party cookies, and we do not load any advertising or tracking scripts. Third-party services (Vercel) may set strictly necessary cookies as part of their infrastructure. We do not use cookies for profiling.

Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on legitimate interests (Article 6(1)(f)) for the aggregated website analytics described above, to understand how the site is used and to improve it.

Data sharing

We do not sell, rent, or trade your personal data. Data may be processed by the following third-party service providers solely in connection with the services described above:

• Vercel (website hosting) — privacy policy
• Plausible Analytics (privacy-friendly, cookieless website analytics) — privacy policy

International transfers

Some of our service providers (Vercel) may process data outside the United Kingdom. Where this occurs, appropriate safeguards are in place, including standard contractual clauses and adequacy decisions recognised under UK data protection law.

Data retention

Server logs that may contain IP addresses are retained only for as long as is necessary for operational and security purposes, typically no longer than 30 days.

Your rights

Under the UK GDPR, you have the following rights in relation to any personal data we process:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure (“right to be forgotten”)
• The right to restrict processing
• The right to data portability
• The right to object to processing based on legitimate interests

Given the minimal data we collect, in most cases there will be no personal data for us to provide, correct, or delete. If you wish to exercise any of these rights, please contact us at the address below.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. You can contact the ICO at ico.org.uk.

Children’s privacy

Undertint is not directed at children under 13, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “last updated” date.

Contact

If you have any questions about this privacy policy, please contact us at:

Justin Stach
Email: hello@stach.ltd