Terms of Service

Last updated: February 2026

1. Acceptance of Terms

By accessing or using ShotMatch ("the Service"), operated by How Bad? Pretty Bad LLC. ("we", "us", "our"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service.

2. Description of Service

ShotMatch is a web-based color grading platform that allows users to transfer color palettes between images and videos using AI-powered methods. The Service includes image matching, video grading, multi-reference blending, preset management, neural style transfer, and an API.

3. Accounts

You must sign in with a Google account to use the Service. You are responsible for maintaining the security of your account. You must not share your account or API keys with third parties.

4. Credits and Billing

  • Free accounts receive 100 credits upon registration.
  • Paid plans (Pro, Business, Studio) include monthly credit allocations as described on the pricing page.
  • Credit packs are one-time purchases and do not expire.
  • Subscriptions are billed monthly via Stripe. You may cancel at any time; access continues until the end of the billing period.
  • Refunds are handled on a case-by-case basis. Contact us at [email protected] for refund requests.

5. Acceptable Use

You agree not to:

  • Use the Service for any unlawful purpose.
  • Upload content that infringes third-party intellectual property rights.
  • Attempt to reverse-engineer, decompile, or exploit the Service.
  • Abuse the API with excessive requests or automated scraping.
  • Resell access to the Service without written authorization.

6. Intellectual Property

You retain all rights to the images and videos you upload. ShotMatch does not claim ownership of your content. We may temporarily process and store your content to deliver the Service, but we do not use it for training models or share it with third parties.

7. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted access. The Service is provided "as is" without warranties of any kind, express or implied. We may modify, suspend, or discontinue the Service at any time with reasonable notice.

8. Limitation of Liability

To the maximum extent permitted by applicable law, How Bad? Pretty Bad LLC. and its officers, employees, and agents shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of the Service. Our total aggregate liability is limited to the amount you paid for the Service in the 12 months preceding the claim.

9. Account Termination

We reserve the right to suspend or terminate accounts that violate these terms. You may delete your account at any time from the Account page or by contacting us at [email protected]. Upon termination, your stored references and data will be deleted in accordance with our Privacy Policy.

10. Changes to Terms

We may update these terms from time to time. Continued use of the Service after changes constitutes acceptance. We will notify users of material changes via email or in-app notice.

11. Governing Law and Dispute Resolution

These Terms are governed by and construed in accordance with the laws of Switzerland, without regard to conflict of law principles.

Any dispute arising out of or in connection with these Terms shall first be attempted to be resolved amicably by contacting us at [email protected]. If a resolution cannot be reached within 30 days, the dispute shall be submitted to the exclusive jurisdiction of the courts of Switzerland.

12. Contact

For questions about these terms, contact us at [email protected].

How Bad? Pretty Bad LLC.

Privacy Policy

Last updated: February 2026

1. Who We Are

ShotMatch ("the Service") is operated by How Bad? Pretty Bad LLC. ("we", "us", "our"). For any questions regarding this policy or your personal data, contact us at [email protected].

2. Information We Collect

When you use ShotMatch, we collect:

  • Account information: Name, email address, and profile picture from your Google account via OAuth 2.0.
  • Usage data: Credit usage, feature usage statistics, and preferences you configure.
  • Uploaded content: Images and videos you upload for processing. These are stored temporarily during processing and in your reference library if you save them.
  • Payment information: Billing is handled by Stripe. We do not store credit card numbers. We receive transaction IDs and plan details from Stripe.
  • Technical data: IP address, browser type, and device information for security and analytics.

3. How We Use Your Information

  • To provide and improve the Service (color matching, video grading, reference management).
  • To manage your account, credits, and subscriptions.
  • To communicate service updates or respond to support requests.
  • To detect and prevent abuse or fraud.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, we process personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Performance of a contract (Art. 6(1)(b)): Account creation, credit management, image and video processing, subscription billing, and delivering the core Service you requested.
  • Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, error tracking (via Sentry), and service improvement based on aggregated usage patterns.
  • Consent (Art. 6(1)(a)): Marketing communications and optional AI-powered features (AI Suggest, AI Refine) that transmit your image to OpenAI for processing.
  • Legal obligation (Art. 6(1)(c)): Compliance with applicable tax, accounting, and regulatory requirements related to billing and payments.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw consent or for any GDPR-related inquiry, contact us at [email protected].

5. What We Do Not Do

  • We do not sell your personal data to third parties.
  • We do not use your uploaded images or videos to train AI models.
  • We do not share your content with other users or third parties. If you choose to use optional AI-powered features (AI Suggest, AI Refine), the image you submit is processed by OpenAI and is not retained beyond the request.
  • We do not send marketing emails without your consent.

6. Data Storage and Security

  • Database: Account data is stored in Supabase (PostgreSQL) with row-level security.
  • File storage: Saved references are stored in Cloudflare R2 (S3-compatible), encrypted at rest.
  • Processing: Images and videos uploaded for one-time processing are not permanently stored; they are discarded after the result is returned.
  • Encryption: All data in transit is encrypted via TLS/HTTPS.

7. Third-Party Services

We use the following third-party services that may process personal data on our behalf:

  • Google OAuth: For authentication. Subject to Google's Privacy Policy.
  • Stripe: For payment processing. Subject to Stripe's Privacy Policy.
  • Supabase: For database hosting.
  • Cloudflare: For file storage, CDN, and DNS.
  • Sentry: For error tracking. Sentry receives a pseudonymous user identifier and your plan type to help us diagnose errors. No email address or personal content is sent. send_default_pii is disabled on the server side. On-error session replays (DOM snapshots) may be captured at a low sample rate to help reproduce bugs.
  • Resend: For transactional email delivery (subscription confirmations, payment receipts, account notifications). Subject to Resend's Privacy Policy.
  • OpenAI: For AI-powered color analysis features (AI Suggest, AI Refine). Images are sent to OpenAI's API for processing and are not retained by OpenAI beyond the API request. Subject to OpenAI's Privacy Policy.
  • Modal: For scalable image and video processing. Processing data is ephemeral and not retained after the task completes. Subject to Modal's Privacy Policy.

8. Data Retention

  • Account data is retained while your account is active.
  • Saved references are retained until you delete them or your account is closed.
  • Processing data (one-time uploads) is discarded immediately after results are returned.
  • Upon account deletion, all associated data is removed immediately. In rare cases where individual file deletions fail, residual data may persist for up to 30 days.

9. Your Rights

You have the right to:

  • Access your personal data stored on the Service.
  • Delete your account and all associated data.
  • Export your account data, including reference and history metadata (file contents are not included in the export).
  • Correct inaccurate information by contacting us.
  • Object to or restrict processing of your personal data.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at [email protected].

10. Cookies and Local Storage

ShotMatch uses a minimal set of cookies and browser storage, strictly necessary for the Service to function. We do not use third-party tracking or advertising cookies.

  • Session cookie: A server-side session cookie is set upon login to authenticate your requests. It is HttpOnly, Secure, and SameSite=Lax. It expires after 24 hours of inactivity.
  • Cookie consent: A localStorage entry records whether you have acknowledged the cookie notice.
  • Theme preference: Your light/dark mode preference is stored in localStorage.
  • Library cache: Reference library thumbnails may be cached in sessionStorage (per-tab, cleared on close) for performance.

For full details, see our Cookie Policy.

11. International Data Transfers

Our third-party service providers may process data outside of Switzerland. Where this occurs, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Switzerland. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Switzerland.

14. Contact

For any questions about this Privacy Policy or your personal data, contact us at [email protected].

How Bad? Pretty Bad LLC.

Cookie Policy

Last updated: February 2026

1. What Are Cookies

Cookies are small text files stored on your device by your web browser when you visit a website. They are used to remember information about your visit, such as your login status and preferences. Local storage and session storage are similar browser technologies that serve comparable purposes.

2. How ShotMatch Uses Cookies

ShotMatch uses only strictly necessary cookies and browser storage. We do not use any third-party advertising, tracking, or analytics cookies.

Name Type Purpose Duration
session Cookie Authenticates your session after login. Server-side storage via Redis. 24 hours
sm_cookie_consent localStorage Records that you have acknowledged this cookie notice. Persistent
theme localStorage Stores your light/dark mode preference. Persistent
shotmatch_prefs localStorage Caches user preferences locally for faster page loads. Persistent
shotmatch_ref_from_analyze localStorage Temporarily transfers a reference image between editor pages. Removed after use. Temporary
shotmatch_library sessionStorage Caches reference library thumbnails for faster loading. Cleared when the tab is closed. Tab session
shotmatch_history_restore sessionStorage Temporarily transfers a history result to the editor. Removed after use. Temporary

3. Session Cookie Details

Our session cookie has the following security properties:

  • HttpOnly: The cookie cannot be accessed by JavaScript, preventing cross-site scripting (XSS) attacks.
  • Secure: The cookie is only transmitted over encrypted HTTPS connections.
  • SameSite=Lax: The cookie is not sent with cross-site requests, providing protection against cross-site request forgery (CSRF).
  • Server-side: The cookie contains only a session identifier. All session data is stored on our servers (Redis), not in your browser.

4. Third-Party Cookies

ShotMatch does not set third-party tracking or advertising cookies. However, the following third-party services may set their own cookies when you interact with their elements:

  • Google (authentication): When you sign in with Google, Google may set cookies on your device as part of the OAuth flow. See Google's Cookie Policy.
  • Stripe (payment): When you access the payment or checkout interface, Stripe may set cookies for fraud prevention. See Stripe's Cookie Policy.

5. Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

  • View and delete existing cookies.
  • Block cookies from specific or all websites.
  • Set preferences for certain types of cookies.

Please note that disabling the session cookie will prevent you from logging into ShotMatch, as it is required for authentication.

6. Changes to This Policy

We may update this Cookie Policy from time to time. Changes will be posted on this page with an updated date.

7. Contact

For questions about this Cookie Policy, contact us at [email protected].

How Bad? Pretty Bad LLC.

This site uses strictly necessary cookies for authentication and preferences. No tracking or advertising cookies. Cookie Policy