Version: Beta 1.0 — June 1, 2026
BETA NOTICE: Artworld is currently an experimental, pre-commercial beta platform. This Privacy Policy reflects our current practices and will be updated as the Platform evolves, including when a legal entity is established.
Artworld ("Platform," "we," "us," "our") is an online platform for artists to showcase and manage artworks and galleries, accessible at artworld.one.
The Platform is currently operated as a beta project by the Artworld Project team.
Data Controller: Artworld Project (artworld.one) Contact: support@artworld.one
For any privacy-related request, please email support@artworld.one with the subject line "Privacy Request". We will respond within 30 days.
| Data | When collected |
|---|---|
| Email address | Registration |
| First and last name | Registration |
| Password | Registration (stored as a secure one-way hash — we never store plaintext) |
Google OAuth (active): When you sign in with Google, we receive from Google:
Apple Sign-In (coming soon): When you sign in with Apple, we receive from Apple:
We never receive your password from any third-party authentication provider.
When social features become available (likes, follows, public comments), we will collect:
We will update this Policy before any social features go live.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Providing and operating the Platform | All account and content data | Contract (Art. 6(1)(b)) |
| Authenticating your identity | Email, tokens, third-party auth data | Contract |
| Displaying your profile and artworks (per your visibility settings) | Profile, artwork, gallery data | Contract |
| Processing your images into delivery formats (WebP variants) | Artwork images | Contract |
| Generating 3D gallery previews | Gallery configuration, artwork images | Contract |
| AI artwork analysis (at your request — transmits image to Google) | Artwork image | Contract / your explicit action |
| Sending transactional emails (password reset, email verification, subscription and payment notifications, support responses) | Email address | Contract |
| Security, fraud prevention, abuse detection (IP logging, rate limiting, ban enforcement) | IP address, account data | Legitimate interests (Art. 6(1)(f)) |
| Internal aggregated analytics (view counts, geographic distribution) | Aggregated, non-personal data | Legitimate interests |
| Responding to reports and moderation | Account and content data | Legitimate interests / Legal obligation |
| Complying with legal obligations | As required | Legal obligation (Art. 6(1)(c)) |
When you use AI-powered features, your artwork image is transmitted to Google LLC (USA) via the Google Gemini API for analysis. By clicking an AI feature button, you consent to this transmission.
We share personal data only where necessary to operate the Platform. We do not sell your personal data. We do not share data with advertisers.
| Third Party | Purpose | Data Shared | Processing Location |
|---|---|---|---|
| Google LLC (Gemini API) | AI artwork analysis | Artwork image | USA — see §7 |
| Google LLC (OAuth) | Authentication | Email, name, profile photo | USA — see §7 |
| Apple Inc. (Sign-In) | Authentication (coming soon) | Email, name | USA — see §7 |
| Amazon Web Services | Image and file storage (S3), image processing (Lambda), application hosting | Artwork images, profile photos, all account data | EU (Frankfurt, eu-central-1) |
No other third parties receive your personal data unless required by law (e.g., in response to a valid court order or governmental authority request, to the extent required by applicable law).
We send transactional emails only. These are emails required to operate your account:
We do not currently send marketing, promotional, or newsletter emails. If we introduce optional marketing communications in the future, we will ask for your separate consent first.
Our primary infrastructure runs in the European Union (Frankfurt, AWS eu-central-1). However, certain data is processed outside the EU:
Wherever data leaves the EU, we rely on appropriate safeguards as required by GDPR Chapter V.
| Cookie Name | Purpose | Type | Consent Required |
|---|---|---|---|
artworld-auth |
Authentication session (JWT access token) | Strictly necessary, httpOnly, Secure | No |
artworld-refresh |
Session renewal token | Strictly necessary, httpOnly, Secure | No |
We use only strictly necessary cookies required to authenticate you and maintain your session. No analytics, advertising, or third-party tracking cookies are used.
We do not use Google Analytics, Facebook Pixel, Mixpanel, or any external analytics service.
We do collect aggregated, non-personal internal statistics (e.g., total page views, country-level geographic distribution) to understand Platform usage and detect traffic abuse. This data:
| Data Category | Retention Period |
|---|---|
| Account data (email, name, profile) | While account is active + 30 days after deletion |
| Artwork images and content | While account is active + 30 days after deletion |
| AI analysis results and suggestions | Deleted with the linked artwork or account |
| Server logs (IP, user-agent, request data) | 90 days from collection |
| Authentication tokens (JWT) | Until session expiry or explicit logout |
| Backups | Up to 30 days (overwritten on rolling basis) |
After your account is deleted, we may retain anonymized aggregated data that cannot identify you. We will not retain any personal data beyond the periods stated above unless required by law.
If you are in the EU or EEA, you have the following rights:
| Right | What it means |
|---|---|
| Access | Request a copy of your personal data we hold |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure ("right to be forgotten") | Request deletion of your personal data |
| Restriction | Request that we limit processing of your data |
| Data portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent at any time where processing is consent-based |
To exercise any of these rights, email support@artworld.one with subject "Privacy Request". We will respond within 30 days. We may ask you to verify your identity before processing the request.
You also have the right to lodge a complaint with your local data protection supervisory authority. A list of EU DPAs is available at: https://edpb.europa.eu/about-edpb/board/members_en
UK residents have the same rights as EU residents listed above. You may also contact the Information Commissioner's Office (ICO): https://ico.org.uk
If you are a California resident, you have the right to:
To exercise these rights: support@artworld.one
We implement appropriate technical and organizational measures to protect your personal data, including:
Secure flag for authentication tokens;However, no system is completely secure. As a beta platform with a small team, we cannot guarantee absolute security. We are not liable for unauthorized access resulting from circumstances beyond our reasonable control, including third-party breaches.
If you discover a potential security vulnerability, please report it to support@artworld.one before disclosing it publicly.
The Platform is not directed to anyone under the age of 16. We do not knowingly collect personal data from anyone under 16.
If you are a parent or guardian and believe your child under 16 has created an account, please contact us at support@artworld.one and we will delete the account and all associated data.
We may update this Privacy Policy at any time. When we make material changes, we will:
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not accept the changes, you may delete your account before they take effect.
Artworld Project artworld.one support@artworld.one
For privacy-related requests, please include "Privacy Request" in the subject line. We will respond within 30 days.
For EU/EEA inquiries regarding GDPR rights, the same address applies.