Privacy Policy

The controller responsible for data processing on this website is:

We collect and process the following categories of personal data:

• Account data: name, email address, and profile image when you create an account or sign in via a third-party provider (Google, Microsoft, or Apple).
• Project data: information you provide about your jewelry commission, including descriptions, design preferences, and reference images you upload.
• Design conversations: the text, notes, and sketches you share during the brief intake with our AI design assistant (see section 5).
• Usage data: anonymised information about how you interact with our website, collected via cookies and analytics tools (see sections 6 and 7).
• Communication data: content of messages you send us via email or our contact channels.

We process your personal data on the following legal bases under Art. 6(1) GDPR:

• Consent (Art. 6(1)(a)): for analytics cookies and optional marketing communications. You may withdraw your consent at any time.
• Contract performance (Art. 6(1)(b)): for processing account and project data necessary to provide our bespoke jewelry design services.
• Legitimate interests (Art. 6(1)(f)): for website security, fraud prevention, and improving our services.

You may sign in using your Google, Microsoft, or Apple account. When you do, the respective provider shares your name, email address, and profile picture with us. We store this data solely to authenticate your session and personalise your experience. We do not receive or store your password from these providers.

The data processing by these providers is governed by their own privacy policies:

• Google Privacy Policy
• Microsoft Privacy Statement
• Apple Privacy Policy

Your account, project, and conversation data — along with any files or images you upload — are stored on EU-based cloud infrastructure operated within the European Economic Area. This data is not transferred outside the EU for routine hosting.

AI-Assisted Design Intake

During the brief intake, you may have a guided conversation with our AI design assistant. To generate the assistant's replies, the text of your conversation is sent to Anthropic, PBC ("Anthropic"), an AI service provider based in the United States. Anthropic processes this content only to produce the assistant's responses and does not use it to train its models.

This transfer to a third country is safeguarded by the EU Standard Contractual Clauses (SCCs) included in our data processing agreement with Anthropic. For more information, see Anthropic's Privacy Policy.

Once an equivalent EU-based AI service becomes available, we intend to migrate this processing to it.

This website uses cookies — small text files stored on your device — to ensure core functionality and to analyse usage.

• Strictly necessary cookies: required for authentication and session management. These do not require your consent.
• Analytics cookies: used to understand how visitors interact with the website (see section 7). These are only set with your prior consent.

You can manage or delete cookies at any time through your browser settings. Disabling strictly necessary cookies may impair website functionality.

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies to help us analyse how visitors use the site.

We have enabled IP anonymisation (anonymizeIp), which means Google truncates your IP address within the EU before any transfer to the United States. In exceptional cases, the full IP address may be sent to a Google server in the U.S. and shortened there.

Google Analytics cookies are only set after you give your consent. You may withdraw your consent at any time or opt out by installing the Google Analytics Opt-out Browser Add-on.

For more details, see Google's Privacy Policy.

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specifically:

• Account and project data are retained for the duration of the customer relationship and for seven years thereafter, in accordance with Austrian statutory retention obligations (§ 132 BAO).
• Analytics data is automatically deleted after 14 months.
• You may request deletion of your account and associated data at any time (see section 9).

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy.
• Right to rectification (Art. 16) — request correction of inaccurate data.
• Right to erasure (Art. 17) — request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18) — request that processing be limited under certain conditions.
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interests.

To exercise any of these rights, contact us at office@greyscale.at. We will respond within one month.

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the Austrian Data Protection Authority:

This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognise an encrypted connection by the "https://" prefix and the lock icon in your browser address bar.

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The current version is always available on this page.

Last updated: May 2026