FARB.NØRM
← Back to home

Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter "data") within our online offering and the related websites, features and content. It is based on the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Controller within the meaning of Art. 4 (7) GDPR is the operator named in the Imprint.

Data we collect

FARB.NØRM runs primarily in your browser and does not require an account. When you visit the site, our hosting provider automatically processes server log data (IP address, date and time, browser type, referrer URL, status code) on the basis of Art. 6 (1)(f) GDPR (legitimate interest in secure and stable operation). This data is stored for a maximum of 14 days and then deleted. If you contact us by email, the data you provide is processed under Art. 6 (1)(b) and (f) GDPR for the purpose of handling your request and is deleted as soon as it is no longer required and no statutory retention obligations apply.

Cookies, local storage and analytics

We use only technically necessary cookies and local-storage entries (e.g. language preference, onboarding state, theme, palette store, cookie-consent state). Their use is based on Art. 6 (1)(f) GDPR and § 25 (2) No. 2 TDDDG, as they are strictly required to provide the service you have requested. We do not use marketing cookies, cross-site tracking, third-party advertising, Google Analytics, Google AdSense, Meta Pixel or comparable services. A cookie notice is displayed on your first visit. Essential storage as described above is used regardless, since it is technically necessary; the notice gives you transparency and lets you actively confirm. Should we add anonymous, privacy-friendly product analytics or other non-essential services in the future, we will only do so after your prior, informed and revocable consent (Art. 6 (1)(a) GDPR, § 25 (1) TDDDG). You can withdraw a granted consent at any time via the "Cookie settings" link in the footer. Most tools inside FARB.NØRM — the palette generator, gradient generator, contrast checker, icon library, image colour extractor and the Image-to-SVG converter — run entirely in your browser. Images you drop into these tools are processed locally on your device and are never transmitted to us or to any third party.

Payments

Pro purchases (Figma Pro and PPTX Pro packs) are processed by our payment provider Gumroad (Gumroad, Inc., 1640 17th Street, Floor 2, San Francisco, CA 94107, USA). When you start a checkout, you leave FARB.NØRM and complete the purchase on Gumroad's hosted checkout. The data required to process the payment (name, email address, billing country, transaction details and, where applicable, VAT identifiers) is collected and processed by Gumroad as an independent controller; Gumroad acts as Merchant of Record and handles VAT/sales-tax collection and remittance. The legal basis is Art. 6 (1)(b) GDPR (performance of a contract). Gumroad sends us a webhook with the transaction reference, the buyer's email address and the purchased product so we can unlock your Pro access; we store this minimal record to grant and verify your licence. We do not see, store or process your payment-card details. Transfers to the USA are based on the EU Standard Contractual Clauses (Art. 46 (2)(c) GDPR) and, where applicable, the EU-US Data Privacy Framework. Gumroad's privacy policy: https://gumroad.com/privacy.

Your rights

Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing based on Art. 6 (1)(f) GDPR (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future (Art. 7 (3) GDPR). You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), e.g. the data protection authority of your federal state in Germany or of the EU member state of your residence.

Contact, hosting and updates

Our website is hosted on infrastructure within the EU. We additionally use Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) as a content delivery network and reverse proxy to deliver static assets, mitigate attacks and ensure availability. When you access the site, Cloudflare automatically processes connection data including your IP address, the requested resource, the referrer URL, the user agent and the access timestamp. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in a secure, fast and stable service). Transfers to the USA are safeguarded by the EU Standard Contractual Clauses (Art. 46 (2)(c) GDPR), Cloudflare's Data Processing Addendum, and Cloudflare's certification under the EU-US Data Privacy Framework. Further information: https://www.cloudflare.com/privacypolicy/. All data transfers are TLS-encrypted. We may update this privacy policy to reflect changes in our service or in legal requirements; the current version always applies. For any privacy-related questions, requests under Art. 15–22 GDPR, or to contact our data protection point of contact, write to: privacy@spektrae.app