Privacy Policy
Last updated: 15 July 2026
1. Information We Collect
We collect information you provide directly: account details (email, name), artwork data, artwork images and videos, related media metadata, and contact information you enter into the platform.
If you use the optional selling tools, we also store the seller and purchase information you provide, artwork selling settings, and your acknowledgement of the current seller terms. If you contact an artist through a public artwork page, we collect your name, email address, message, and, when needed for a delivery quote, country and postcode. The form does not ask for a full shipping address, payment-card data, tax identifiers, or marketing consent.
When you sign in with Google OAuth, Google shares your email address and basic profile information (name and profile picture) with us. We use this solely to create and authenticate your account.
For visitors to our United States Google Search advertising campaign, we record limited first-party campaign information, such as campaign, keyword, ad, device, and match-type identifiers and, when supplied by Google, a Google click identifier. We use this information only for private campaign reporting about whether the campaign leads to demo use, account creation, artwork creation, subscription trials, and paid web subscriptions. We do not send account activity back to Google. No Google or Meta advertising tags are installed.
2. How We Use Your Information
Your data is used to provide the Artwork Codex service: storing and displaying your artworks, generating PDFs, and enabling features you use. We do not sell your personal information.
Buyer enquiry data is used to deliver the requested message to the artist or gallery, keep a private enquiry record in that seller's account, prevent abuse, and support deliberate follow-up such as creating a contact. Submitting an enquiry does not enrol the buyer in marketing and does not automatically create a contact or sale.
Signed Stripe and RevenueCat billing notifications may record the first time an account starts a trial or paid subscription, together with the plan and billing platform. We use these records only for private aggregate product reporting. They do not contain names, email addresses, artwork or contact data, advertising identifiers, or payment transaction identifiers, and they are removed when the account is deleted.
3. Third-Party Services
We use the following sub-processors to provide the service:
- Vercel — Web hosting and privacy-focused aggregate web analytics. Analytics uses no cookies; before events are sent, Artwork Codex removes query strings and replaces user- or record-specific path values.
- Supabase — Database, authentication, and file storage
- Cloudinary — Image storage, delivery, and optimization (images are automatically resized and format-converted for performance)
- Stripe — Payment processing and subscription management for web subscriptions
- Apple App Store — In-App Purchase processing for iOS subscriptions. Apple receives your Apple ID and purchase information per their privacy policy (apple.com/legal/privacy).
- RevenueCat — Subscription receipt validation and entitlement state for the iOS app. RevenueCat receives your account identifier (Supabase user ID), purchase events, and basic device metadata (iOS version, country code, store identifier). See revenuecat.com/privacy.
- Resend — Transactional email delivery, including signup confirmations, password resets, and artist enquiry notifications. For an enquiry, the buyer's submitted contact details and message are included only so Resend can deliver that notification to the seller; they are not added to Resend marketing contacts.
- Google — OAuth authentication (if you choose to sign in with Google)
- Apple Sign in with Apple — OAuth authentication (if you choose to sign in with Apple). You may opt to share a private relay email instead of your real Apple ID email; in that case, we never see your real email address.
- Meta / Instagram — Optional Instagram import. If you connect an Instagram Creator or Business account, Meta shares your Instagram account ID, username, selected media metadata, captions, and temporary media URLs so we can copy selected posts into your private Artwork Codex archive. We store imported images in Cloudinary and captions in your artwork notes.
3a. Instagram Import
Instagram import is optional. When you connect Instagram, we store an encrypted access token so you can review and import your eligible image and carousel posts. We do not scrape Instagram, we do not post to your account, and we do not request messaging, publishing, comments, or insights permissions for the import feature.
If you disconnect Instagram or Meta sends us a deauthorization or data deletion request, we remove the stored Instagram connection token. Artwork records and images you already chose to import remain in your Artwork Codex account unless you delete them or request full account deletion.
3b. iOS App — Permissions and Data
The Artwork Codex iOS app requests these device permissions, each only when you take an action that requires them:
- Camera — to photograph artworks for your inventory.
- Photo Library (read) — to import existing photos of artworks or videos of artworks from your library.
- Photo Library (add) — to save generated PDFs and selected artwork media to your library when you choose to share them.
- Contacts — only when you explicitly initiate a contact import. We never read your contacts in the background.
When you add artwork media in the iOS app, we process only the images, videos, and media metadata you select or create, such as file type, file size, upload status, and display order. This information is used to store, sync, display, and manage your artwork archive across Artwork Codex.
The iOS app does not collect device identifiers (IDFA, device fingerprints) for tracking purposes. We do not include third-party analytics, advertising, or attribution SDKs in the iOS build. Crash and diagnostic information is collected only via Apple's standard App Store Connect tooling, which is governed by Apple's privacy policy.
Anonymous accounts (created via the “Get Started” button on the iOS sign-in screen) do not collect any personal information. If you later upgrade an anonymous account to a real account via Sign in with Apple, Google, or email, we collect only the email address provided by your chosen sign-in method.
4. Cookies
We use essential cookies for authentication. We do not use third-party tracking or advertising cookies.
On the website, Vercel Web Analytics records anonymous aggregate page views and limited funnel events. These events contain fixed labels such as plan, interval, currency, sign-in method, and whether an artwork was the account's first record. They do not contain names, email addresses, account or artwork IDs, artwork titles, media, contact data, or advertising identifiers.
If you arrive via a referral link, we set a temporary first-party cookie containing the public referral code. This cookie expires after 30 days and is readable by our pages so we can show referral messaging and credit the referring user if you subscribe. It is not a third-party advertising cookie.
If our hosting provider identifies your advertising visit as originating in the United States, we set a first-party, httpOnly campaign attribution cookie namedacq_touch for up to 30 days. It contains only a random opaque token; we store only a cryptographic hash of that token. If you create or sign in to an account in the same browser, the campaign visit may be connected to that account and the cookie is then cleared. The cookie is not available to advertising scripts and is not sent to Google.
5. Public Content
Portfolios and viewing rooms you create may be publicly accessible via their unique URLs. Artwork titles, images, videos, media metadata, dimensions, and other details you include in these features are visible to anyone with the link. You control which artworks are included and can remove them at any time.
When an artist turns on selling features, the seller name, seller type, country, any required trader contact address, delivery information, returns or cancellation information, and linked sales terms may also be public. The email used to receive enquiries stays private; buyers contact the seller through the enquiry form instead. Private enquiries, buyer details, reports, moderation notes, and saved checkout links are not shown on public pages. A checkout link opens only after a visitor chooses it, and Artwork Codex checks the saved link before redirecting them.
A published portfolio can remain available to anyone with its link while the owner asks search engines not to index it. Search engines may take time to recrawl and remove a page after that choice changes.
6. Media Processing
Images and videos you upload are stored and processed by our media storage and delivery providers. Images may be resized, reformatted, and optimized for display. Videos may be processed for playback in the app and on the web. Original-resolution media is preserved where the feature and your plan support it.
7. Referral Program
When you participate in the referral program, we store your unique referral code on your profile and track referral relationships (referrer and referred user IDs, referral status, and conversion date). When a referred user makes their first payment, a credit is applied to the referrer's Stripe account balance.
8. Data Retention & Account Freezing
If your paid subscription is cancelled, your account enters a frozen read-only state. All your data (artworks, images, videos, media metadata, contacts, sales) is preserved — nothing is deleted. You can continue to view and export your data. If you resubscribe, full access is restored immediately.
Seller settings and enquiries remain available to the artist while the account is retained. An artist may delete an enquiry from the dashboard. If its artwork is deleted first, the enquiry keeps a title snapshot so the artist can understand the earlier message, but the artwork link is removed. Abuse-prevention keys are short lived and contain a server-generated digest rather than a raw IP address.
If you request account deletion, we will permanently remove all your data, including media stored with our storage and delivery providers, within 30 days.
Advertising attribution remains available for account matching for up to 30 days. Unclaimed campaign records are automatically deleted no later than 90 days after arrival. Attribution linked to an account is automatically deleted no later than 18 months after arrival, or earlier when that account is deleted.
9. Your Rights
You may export your data at any time using the export feature in Settings. You may request deletion of your account and all associated data by contacting us.
Under GDPR and CCPA, you have the right to access, correct, or delete your personal data. You may also request a portable copy of your data.
A buyer who wants to access, correct, or delete enquiry information can contact us using the address below. We may need enough information to identify the relevant request and protect it from disclosure to the wrong person. We will also tell the artist or gallery where their action is needed to complete the request.
9a. Data Deletion Requests
To request deletion of your account and all associated data, email hello@artworkcodex.com with the subject "Data Deletion Request" and include the email address associated with your account. We will process your request within 30 days and confirm deletion by email. This includes all artwork records, images, videos, media metadata, contacts, sales data, seller settings, private enquiries, and profile information. Artwork Codex does not own or delete a seller's external payment account, product, or checkout link.
10. Security
We use industry-standard security measures including encrypted connections (HTTPS), row-level security policies, and secure authentication. However, no system is completely secure.
11. Changes to This Policy
We may update this policy from time to time. We will notify users of significant changes via email.
12. Contact
Questions about privacy? Contact us at hello@artworkcodex.com.