Privacy

Last updated: May 3, 2026

This is the privacy notice for coloureg (the website at coloureg.com). It explains what personal data we collect, why we collect it, who else gets to see it, and what your rights are under UK GDPR.

We've tried to write this in plain English. If anything's unclear, email us at hello@coloureg.com.

Who's responsible for your data

The data controller is coloureg, operating in the United Kingdom. You can reach us about anything privacy-related at hello@coloureg.com.

What we collect, and why

When you use coloureg, we collect:

  • Your registration plate — to look up the paint code. Stored alongside the search record.
  • Your VIN — obtained from our vehicle data provider when you submit your registration. Stored to support manual lookups (we may need it to query the manufacturer directly) and shown to you partially masked in confirmation emails.
  • Your IP address and browser user-agent — for usage analytics, abuse prevention, and to detect issues. Logged automatically with each search.
  • The timestamp of your search — same reasons.
  • Your email address — only if you submit it (manual lookup request, paint code email, or contact form). Used to send you the requested response, and stored so we can fulfil follow-up questions.

We don't ask for your name, address, phone number, or anything else. We don't track what car you actually own — only what you searched for.

Lawful basis

We rely on the following lawful bases under UK GDPR:

  • Legitimate interests — for keeping the site running, understanding how it's used (e.g. how many people search per day, top searched makes), and protecting it from abuse such as automated scrapers or repeated invalid lookups. We've assessed that these uses don't override your rights given how minimal the data is.
  • Consent — when you submit your email to receive a paint code or contact us, you're giving consent for us to process that email to deliver the response. You can withdraw consent at any time by emailing hello@coloureg.com.

We don't use automated decision-making or profiling to make decisions that significantly affect you.

Who else sees your data

We don't sell your data and we don't use it for advertising. To operate the site, your data passes through several third-party services that help us run things (called "processors" under GDPR):

  • Vehicle data providers — receive your registration plate to look up vehicle and paint code data. Based in the UK.
  • Email delivery provider — receives your email address and message content when we send you a paint code or contact reply. US-based; international transfers covered under the UK International Data Transfer Agreement / UK Data Bridge.
  • Web hosting and database providers — store your search history and the data above. The hosting provider is US-based (transfers covered by the UK Data Bridge); the database provider is EU-based.
  • Analytics provider — sets cookies in your browser to collect anonymised usage statistics such as page views, device type, and country. US-based; transfers covered as above.

If you'd like the specific names of any of these providers, email us and we'll tell you. Each processor is bound by their own privacy commitments and processes your data only as needed to provide their service to us.

How long we keep it

After 12 months, we scrub the personal fields from each search record — specifically your IP address, browser user-agent, email address, and VIN. The remaining record (the registration plate, vehicle make/model/year, and the search timestamp) is non-identifying on its own and is retained for trend reporting and product analytics.

If you'd like us to delete your data sooner than that, see "Your rights" below.

Cookies

We use a small number of cookies:

  • Essential cookies — Django session cookie and CSRF token. Required for the site to function. These don't track you and don't need your consent under UK PECR.
  • Analytics cookies — set by our analytics provider to count visits and pages viewed in aggregate. They're not used for advertising or cross-site tracking. You can prevent them by using a privacy-respecting browser (e.g. Brave) or browser extensions like uBlock Origin or Privacy Badger, which block tracking cookies before they're set.

Security

The site is served over HTTPS, so traffic between your browser and our servers is encrypted in transit. Your data is stored in UK or EU data centres operated by reputable infrastructure providers. Access to the database is restricted to the site owner and protected by strong authentication.

Children

coloureg isn't intended for children under 13. We don't knowingly collect personal data from children. If you're a parent or guardian and you believe a child has submitted data to us, email hello@coloureg.com and we'll delete it.

Your rights

Under UK GDPR you have the right to:

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data ("the right to be forgotten").
  • Restriction — ask us to pause processing while a query is resolved.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — for anything we process based on consent (e.g. your email).

To exercise any of these rights, email hello@coloureg.com. We'll respond within 30 days.

Complaints

If you're not happy with how we've handled your data, please tell us first so we can put it right. You also have the right to complain to the Information Commissioner's Office (ICO) — the UK's data protection regulator.

Changes

If we update this notice — for example to add a new processor or change retention periods — we'll update the "Last updated" date at the top of this page. For substantial changes we'll add a banner on the homepage.