Privacy

Data controller

The controller of the data described here is the operator of neochrome:

René Obe

Schloßstraße 2, 53115 Bonn, Germany

For any question about your data, write to us via the contact form at the bottom of the page, or at contact@neochrome.art.

The principle: the strict minimum

neochrome is a RAW development engine. Its job is to compute an image, not to collect data. Everything was designed for it to retain as little as possible: your photos are never kept, no advertising or tracker is used, and the only information stored is the indispensable data that makes your account and any subscription work.

Your photos

This is the most important point, and the simplest: your photos are never kept.

The RAW file you upload is read, then erased immediately after reading. The developed image then exists only in memory and in a temporary folder, for the duration of your session, so that you can produce as many versions as you wish. It is erased as soon as you leave the engine, and at the latest automatically after fifteen minutes.

Your images are never archived, reused, analysed, or used to train any model: neochrome contains no artificial intelligence. They are not passed to any third party. The computation takes place on our server, located in Germany; your file only passes through it for the time needed to read it, and does not remain there.

You alone remain responsible for the rights attached to the people or works your photos depict; neochrome neither identifies nor analyses their content.

Legal basis: performance of the service you request (Art. 6(1)(b) GDPR). No retention.

Your account

To recognise you from one visit to the next and to count your downloads, neochrome keeps a deliberately minimal account:

• your email address;
• a technical identifier provided by Google, if you choose to sign in with Google (see “Signing in”);
• the date your account was created;
• the count of your used free downloads and the status of your subscription.

Legal basis: performance of the contract between us when you create an account (Art. 6(1)(b)). Data kept as long as your account exists, and deleted when you delete it (see “Your rights”).

Signing in

neochrome uses no password. Two sign-in methods are available to you:

With Google: we receive from Google a technical identifier and your email address. Your name and profile picture may pass through at that moment to display the page, but are not kept. This sign-in is governed by Google's terms and privacy policy.

By email link: you provide your address, and we send you a single-use sign-in link, valid for fifteen minutes. This link is cryptographically signed and is not stored in any database.

Legal basis: performance of the contract (Art. 6(1)(b)).

Subscription and payment

Payments are handled entirely by Stripe, a specialised and certified provider. Your card details are entered on Stripe's secure pages: they never pass through neochrome and are never stored there.

On our side, we keep only a Stripe customer identifier, the status of your subscription, the chosen plan and the start and renewal dates — just enough to open access for you and manage renewal or cancellation.

Legal basis: performance of the subscription contract (Art. 6(1)(b)) and the legal obligation to retain invoices for accounting (Art. 6(1)(c)). Billing data is kept for the period required by law (eight to ten years depending on the type of document, under German law).

Your presets

If you save your slider settings under a name, neochrome keeps these positions, linked to your account. They are mere preferences, with no personal information, that spare you from recomposing your favourite settings.

Legal basis: performance of the contract (Art. 6(1)(b)). Deleted together with your account.

The contact form

When you write to us, your email address and your message are sent to us by email. They are not recorded in any database; they serve only to reply to you.

Legal basis: our legitimate interest in handling your request (Art. 6(1)(f)). Kept for the time needed to reply, then erased.

Fingerprint of a deleted account

When you delete your account, we keep a one-way fingerprint of your email address — a signature computed from the address, not the address itself, which cannot be turned back into your email.

This fingerprint serves only to prevent an account from being recreated at once to bypass the free-download limit: on a new registration, the address provided is transformed by the same computation and compared with this fingerprint, without any address being read in clear. It is the only trace that remains after a deletion.

Legal basis: our legitimate interest in preventing abuse (Art. 6(1)(f)). This fingerprint is the minimal data strictly necessary for that sole purpose; lacking a natural expiry, it is kept for as long as this prevention remains useful. You may object to its retention (Art. 21), unless it remains necessary to prevent a proven abuse.

Cookies and local storage

neochrome uses only two cookies, both strictly functional. No advertising cookie, no tracker, no audience measurement:

• a session cookie, which keeps you signed in; it is signed, inaccessible to JavaScript, and expires when you close your browser. It is indispensable to the operation of the service;
• a language cookie, which remembers the language you chose for one year; it is only set when you click a language.

Because no tracking or advertising cookie is used, no consent banner is required (§ 25 TDDDG): this information suffices.

Technical logs

To run and secure the service, the web server may keep brief technical logs — IP address, date, page requested, browser type. This is standard for any website; these logs serve security and troubleshooting, never to track you, and are kept for a short time before being erased.

Legal basis: our legitimate interest in operating and protecting the service (Art. 6(1)(f)).

Recipients and providers

neochrome neither sells nor trades your data for advertising. It is entrusted only to the providers strictly necessary to the service; some act as processors on our behalf, others (notably Stripe and Google) as independent controllers for their own legal obligations:

• Netcup (Germany) — hosting and infrastructure;
• Stripe — processing of payments and the subscription;
• Google — only if you choose to sign in with Google;
• Brevo (France) — delivery of emails (sign-in link, contact form).

Transfers outside the European Union

Hosting and email delivery take place within the European Union. For certain operations, Stripe and Google may process data outside the Union (notably in the United States); these transfers are framed by the European Commission's standard contractual clauses and, where applicable, by the EU–US Data Privacy Framework.

Your rights

Regarding your data, the GDPR grants you the following rights:

• to access your data and obtain a copy of it;
• to have it corrected if it is inaccurate;
• to have it erased;
• to restrict its processing, or to object to it;
• to receive a portable copy of it;
• to withdraw your consent at any time, without affecting what has already been done.

To exercise them: you can delete your account yourself from the “My account” tab; for the rest, write to us. You also have the right to lodge a complaint with a supervisory authority (the competent German data protection authority, or the CNIL in France).

Security

Exchanges with neochrome are encrypted (HTTPS). Sessions are signed, secrets kept out of the code, the fingerprint of a deleted account is irreversible, and card data never touches our servers.

No automated decision, no profiling

neochrome makes no automated decision producing legal effects concerning you (Art. 22 GDPR) and builds no profile. The download count and the subscription status come from a simple, deterministic and transparent calculation.

Minors

neochrome is not directed at children and does not knowingly collect data concerning them.

Changes

This page may evolve if the service changes. The last-updated date shown at the top prevails.