Privacy Policy — TinPot

Last updated: May 14, 2026

1. Data controller

2. Description of the app

TinPot (also distributed as PaintRack / ChromaMatch) is an application for matching and looking up paint colours. Core features do not require creating an account with the service.

3. Data we process and why

3.1. Data on the device

  • Images or use of the camera or photo library: Only when you choose those features, to obtain colour information and show you results in the app. Processing takes place in the context of your use of the app.
  • Preferences and usage data stored locally: (For example brand settings, theme, inventory or lists on the device), to remember your configuration. This data remains on the device unless you remove it.

3.2. Diagnostics and product improvement (Android, published builds)

On Android, in builds compiled for public distribution, the app may use:

  • Firebase Analytics (Google): Aggregated usage events (for example tab interaction, theme changes, actions related to brands or colour sampling). The implementation is intended not to send directly identifying data as free-text in these events.
  • Firebase Crashlytics (Google): Error and crash reports to fix bugs and improve stability. These may include technical data about the device and the failure (for example system model, stack traces).

Google’s privacy policy: https://policies.google.com/privacy

3.3. Links to third-party sites

If the app opens links in the browser or in external apps (for example support or collaboration), those sites have their own policies. We are not responsible for their content or how they process data.

4. Legal basis

Depending on the situation: performance of pre-contractual measures or of the contract with the app store user, legitimate interests in maintaining and improving the app and its security, and consent when the operating system requests permissions (camera, photos, etc.).

5. Retention

  • Local data on the device: For as long as you keep the app and do not clear its data in system settings.
  • Analytics and Crashlytics: As configured and under Google’s retention policies; see Google’s documentation and your device or Google account options where applicable.

6. Recipients and processors

We may use providers who process data on our behalf as processors, in particular Google LLC or, where applicable, Google Ireland Limited, under Firebase. International transfers of data may occur; Google describes its safeguards in its policies and documentation.

7. Device permissions

The app may request permissions such as camera and access to images for features that require them (for example colour sampling or scanning). You can revoke permissions in system settings; some features may no longer be available.

8. Your rights

Where applicable law allows (for example in the European Economic Area), you may request access, rectification, erasure, restriction of processing, objection and, where applicable, data portability for data we process as controller. To exercise these rights, email [email protected]. You may also lodge a complaint with the data protection authority in your country.

9. Children

The app is not directed at children. If you are a parent or guardian and believe we have collected data from a child, contact us at [email protected].

10. Security

We apply reasonable technical and organisational measures to protect information. No method of transmission or storage is completely secure.

11. Changes to this policy

We may update this text. The “Last updated” date will reflect the current version. Material changes may be communicated through appropriate means (for example an app update or store notice), as required by applicable law.

12. Contact

Privacy-related questions: [email protected]