Privacy Policy
Last Updated — August 22, 2025
1) Overview & Applicability
This Policy explains how Artovio Inc. (“Artovio”, “we”, “us”) processes personal information for our websites, apps, and marketplace services (“Services”). If you do not agree, please discontinue use. We may update this Policy; the date above reflects the latest version.
2) Data We Collect
- Identifiers & Account: name, email, username, hashed password, settings/preferences.
- Security Telemetry: IP address and related metadata at login and when artists accept platform terms (for evidencing consent and account security).
- Transaction Data: orders, amounts, fulfillment details; limited payment metadata (we do not store full card numbers).
- Communications: messages you send to us (e.g., support).
- Usage Signals: device/browser info, logs created by our systems and service providers.
Please avoid submitting sensitive data we do not request. Do not upload others’ personal information without permission.
3) Why We Use Data (Legal Bases)
- Provide the Services / Contract: create/manage accounts, process orders, provide support.
- Security & Fraud Prevention (Legitimate Interests / Legal Obligations): protect accounts, detect/prevent abuse and unauthorized access, enforce our terms, maintain audit evidence (including IP at login and artist terms acceptance).
- Compliance: tax/accounting and other legal or regulatory requirements.
- Consent (if used): optional communications or features that require it; consent can be withdrawn at any time.
4) Marketplace Roles (Buyers & Artists)
Artovio typically acts as the controller of buyer and artist account data. Artists may act as independent controllers for information they collect directly from buyers (e.g., custom commissions) and must comply with applicable law for their own processing.
5) Sources of Data
- You: account setup, orders, uploads, messages.
- Automatically: cookies/SDKs, logs, device/browser signals.
- Service Providers: payment, hosting, security, and similar operational partners.
6) Cookies & Similar Technologies
We use necessary cookies/SDKs to run the Services and remember certain preferences. Where required by law, we obtain consent for non-essential cookies. You can control cookies via your browser settings and our interfaces where available.
7) Security & Network Logs (IP Addresses)
We collect and retain IP addresses and related network metadata in server/CDN/WAF/application logs to protect the Services (e.g., detect/mitigate fraud and abuse, rate-limit requests, investigate incidents, enforce our terms). For artists, we also keep consent evidence (including IP and timestamp) for acceptance of terms. Where feasible, we apply data minimization and access controls.
8) Payments, Payouts & Identity Verification
Payments, payouts, and (where required) identity verification are handled by a certified third-party payment and identity provider under its own terms and privacy notices. We do not store full card numbers. Providers may act as independent controllers for certain activities (e.g., fraud/AML) and as processors for others.
9) Sharing with Service Providers
We share personal information with service providers that support our operations (e.g., hosting, payments, security, email/SMS, customer support) under agreements requiring confidentiality and appropriate safeguards. We may also disclose information as required by law or to protect rights and safety.
10) International Transfers
We may transfer personal information to other countries. Where required, we implement appropriate legal mechanisms (e.g., contractual safeguards/adequacy) for such transfers.
11) Retention
We keep personal information only for as long as necessary to provide the Services, meet legal/regulatory obligations (including security, fraud prevention, tax/accounting, and consent record-keeping), resolve disputes, and enforce agreements.
12) Security Measures
We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, monitoring, and vulnerability management. No method is 100% secure; please use a secure connection and unique credentials.
13) Automated Tools & Profiling
We may use automated tools to help detect spam, fraud, or policy violations, and to personalize certain experiences where permitted by law. We do not rely solely on automated decisions producing legal or similarly significant effects where prohibited.
14) Do Not Sell/Share & Global Signals
We currently do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide an opt-out mechanism and, where required by law, honor recognized universal/“global” privacy signals for such activities.
15) User-Generated Content (Public Areas)
Content you post (e.g., listings, reviews) may be public. Do not include personal information you prefer to keep private in public areas.
16) Third-Party Links
Our Services may link to external sites. Their privacy practices are governed by their own policies; we are not responsible for them.
17) Lawful Requests & Compliance
We may access, preserve, and disclose information when we believe in good faith it is necessary to comply with applicable law, lawful requests, or legal process; to protect users, our Services, or others; to enforce our terms; or to respond to security or integrity issues.
18) Marketing Communications
We may send transactional messages related to your account or orders. Marketing communications (if used) are sent with consent or as otherwise permitted by law. You can opt out by contacting us.
19) Your Rights & How to Contact Us
Depending on your location, you may have rights (e.g., access, correction, deletion, objection). To exercise a right or raise a question, contact us at privacy@artovio.com or via our contact page. We will respond as required by applicable law.
20) Children
The Services are not directed to children under 13 (or the age defined by local law). If you believe we collected such data, contact us so we can address it.
21) Changes to this Policy
We may update this Policy to reflect operational, legal, or regulatory changes. We will post updates here with an updated date and provide additional notice where required.
