Privacy Policy

1. Information We Collect

We collect information you provide directly: account details (email, name), artwork data, images, and contact information you enter into the platform.

When you sign in with Google OAuth, Google shares your email address and basic profile information (name and profile picture) with us. We use this solely to create and authenticate your account.

2. How We Use Your Information

Your data is used to provide the Artwork Codex service: storing and displaying your artworks, generating PDFs, and enabling features you use. We do not sell your personal information.

3. Third-Party Services

We use the following sub-processors to provide the service:

• Supabase — Database, authentication, and file storage
• Cloudinary — Image storage, delivery, and optimization (images are automatically resized and format-converted for performance)
• Stripe — Payment processing and subscription management
• Resend — Transactional email delivery (signup confirmations, password resets). Your email address is shared with Resend for delivery purposes only.
• Google — OAuth authentication (if you choose to sign in with Google)

4. Cookies

We use essential cookies for authentication. We do not use tracking or advertising cookies.

If you arrive via a referral link, we set a temporary httpOnly cookie containing the referral code. This cookie expires after 30 days and is used solely to credit the referring user when you subscribe. It cannot be read by third-party scripts.

5. Public Content

Portfolios and viewing rooms you create may be publicly accessible via their unique URLs. Artwork titles, images, dimensions, media, and other details you include in these features are visible to anyone with the link. You control which artworks are included and can remove them at any time.

6. Image Processing

Images you upload are stored on Cloudinary and may be automatically resized, reformatted, and optimized for display. Original images are preserved; optimized versions are generated on-the-fly for web delivery.

7. Referral Program

When you participate in the referral program, we store your unique referral code on your profile and track referral relationships (referrer and referred user IDs, referral status, and conversion date). When a referred user makes their first payment, a credit is applied to the referrer's Stripe account balance.

8. Data Retention & Account Freezing

If your paid subscription is cancelled, your account enters a frozen read-only state. All your data (artworks, images, contacts, sales) is preserved — nothing is deleted. You can continue to view and export your data. If you resubscribe, full access is restored immediately.

If you request account deletion, we will permanently remove all your data, including images stored on Cloudinary, within 30 days.

9. Your Rights

You may export your data at any time using the export feature in Settings. You may request deletion of your account and all associated data by contacting us.

Under GDPR and CCPA, you have the right to access, correct, or delete your personal data. You may also request a portable copy of your data.

9a. Data Deletion Requests

To request deletion of your account and all associated data, email hello@artworkcodex.com with the subject "Data Deletion Request" and include the email address associated with your account. We will process your request within 30 days and confirm deletion by email. This includes all artwork records, images, contacts, sales data, and profile information.

10. Security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security policies, and secure authentication. However, no system is completely secure.

11. Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email.

12. Contact

Questions about privacy? Contact us at hello@artworkcodex.com.