Privacy policy

Last updated: 11 March 2026

Undertint is developed by Justin Stach (“we”, “us”, “our”), based in the United Kingdom. This privacy policy explains what information we collect when you use the Undertint application at undertint.stach.ltd, and how we handle that information.

We are committed to protecting your privacy. Undertint collects very little data, and what we do collect is described below.

Beta sign-up

If you register for the Undertint beta, we collect the information you provide in the sign-up form — typically your name, email address, and details about the watercolour paints you use. We use this information solely to manage beta access and communicate with you about Undertint. We will not share this information with third parties or use it for marketing unrelated to Undertint.

The Undertint application

Undertint processes your images and palette data to generate colour mixing recipes. Image processing happens on your device — we do not upload, store, or have access to the photos you use with Undertint. Your palette and recipe data may be stored locally in your browser and is not transmitted to us.

The undertint.stach.ltd website

Analytics

We use Vercel Web Analytics to understand how visitors use our website. Vercel Analytics does not use cookies and does not collect personal identifiers that could track you across websites. The following aggregated data points may be recorded with each page view: the page URL, referrer, approximate geolocation (country and city, derived from IP address), device type, operating system, and browser. This data is aggregated and cannot be used to identify individual visitors. For more information, see Vercel’s analytics privacy policy.

Advertising measurement

If you accept cookies via the consent banner, we load a single Google Ads tag to measure whether our advertising leads to visits. This tag may set cookies on your device. It is never loaded unless you explicitly accept, and you can withdraw your consent at any time below. If you decline, no advertising cookies are set and no tracking scripts are loaded.

Other cookies

We do not set any first-party cookies. Third-party services (Vercel) may set strictly necessary cookies as part of their infrastructure. We do not use cookies for profiling.

Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:

• Consent (Article 6(1)(a)) — for processing information you provide when signing up for the beta, and for loading the Google Ads measurement tag when you accept cookies.
• Legitimate interests (Article 6(1)(f)) — for website analytics, to understand how our website is used and to improve it.

Data sharing

We do not sell, rent, or trade your personal data. Data may be processed by the following third-party service providers solely in connection with the services described above:

• Vercel (website hosting and analytics) — privacy policy
• Google (advertising measurement, only if you accept cookies) — privacy policy

International transfers

Some of our service providers (Vercel) may process data outside the United Kingdom. Where this occurs, appropriate safeguards are in place, including standard contractual clauses and adequacy decisions recognised under UK data protection law.

Data retention

Beta sign-up information is retained only for the duration of the beta programme and a reasonable period thereafter. Server logs that may contain IP addresses are retained only for as long as is necessary for operational and security purposes, typically no longer than 30 days.

Your rights

Under the UK GDPR, you have the following rights in relation to any personal data we process:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure (“right to be forgotten”)
• The right to restrict processing
• The right to data portability
• The right to object to processing based on legitimate interests

Given the minimal data we collect, in most cases there will be no personal data for us to provide, correct, or delete. If you wish to exercise any of these rights, please contact us at the address below.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. You can contact the ICO at ico.org.uk.

Children’s privacy

Undertint is not directed at children under 13, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “last updated” date.

Contact

If you have any questions about this privacy policy, please contact us at:

Justin Stach
Email: hello@stach.ltd