Privacy Policy

1. Information We Collect

We collect information you provide directly: account details (email, name), artwork data, images, and contact information you enter into the platform.

When you sign in with Google OAuth, Google shares your email address and basic profile information (name and profile picture) with us. We use this solely to create and authenticate your account.

2. How We Use Your Information

Your data is used to provide the Artwork Codex service: storing and displaying your artworks, generating PDFs, and enabling features you use. We do not sell your personal information.

3. Third-Party Services

We use the following sub-processors to provide the service:

• Supabase — Database, authentication, and file storage
• Cloudinary — Image storage, delivery, and optimization (images are automatically resized and format-converted for performance)
• Stripe — Payment processing and subscription management for web subscriptions
• Apple App Store — In-App Purchase processing for iOS subscriptions. Apple receives your Apple ID and purchase information per their privacy policy (apple.com/legal/privacy).
• RevenueCat — Subscription receipt validation and entitlement state for the iOS app. RevenueCat receives your account identifier (Supabase user ID), purchase events, and basic device metadata (iOS version, country code, store identifier). See revenuecat.com/privacy.
• Resend — Transactional email delivery (signup confirmations, password resets). Your email address is shared with Resend for delivery purposes only.
• Google — OAuth authentication (if you choose to sign in with Google)
• Apple Sign in with Apple — OAuth authentication (if you choose to sign in with Apple). You may opt to share a private relay email instead of your real Apple ID email; in that case, we never see your real email address.

3a. iOS App — Permissions and Data

The Artwork Codex iOS app requests these device permissions, each only when you take an action that requires them:

• Camera — to photograph artworks for your inventory.
• Photo Library (read) — to import existing photos of artworks from your library.
• Photo Library (add) — to save generated PDFs and artwork images to your library when you choose to share them.
• Contacts — only when you explicitly initiate a contact import. We never read your contacts in the background.

The iOS app does not collect device identifiers (IDFA, device fingerprints) for tracking purposes. We do not include third-party analytics, advertising, or attribution SDKs in the iOS build. Crash and diagnostic information is collected only via Apple's standard App Store Connect tooling, which is governed by Apple's privacy policy.

Anonymous accounts (created via the “Get Started” button on the iOS sign-in screen) do not collect any personal information. If you later upgrade an anonymous account to a real account via Sign in with Apple, Google, or email, we collect only the email address provided by your chosen sign-in method.

4. Cookies

We use essential cookies for authentication. We do not use tracking or advertising cookies.

If you arrive via a referral link, we set a temporary httpOnly cookie containing the referral code. This cookie expires after 30 days and is used solely to credit the referring user when you subscribe. It cannot be read by third-party scripts.

5. Public Content

Portfolios and viewing rooms you create may be publicly accessible via their unique URLs. Artwork titles, images, dimensions, media, and other details you include in these features are visible to anyone with the link. You control which artworks are included and can remove them at any time.

6. Image Processing

Images you upload are stored on Cloudinary and may be automatically resized, reformatted, and optimized for display. Original images are preserved; optimized versions are generated on-the-fly for web delivery.

7. Referral Program

When you participate in the referral program, we store your unique referral code on your profile and track referral relationships (referrer and referred user IDs, referral status, and conversion date). When a referred user makes their first payment, a credit is applied to the referrer's Stripe account balance.

8. Data Retention & Account Freezing

If your paid subscription is cancelled, your account enters a frozen read-only state. All your data (artworks, images, contacts, sales) is preserved — nothing is deleted. You can continue to view and export your data. If you resubscribe, full access is restored immediately.

If you request account deletion, we will permanently remove all your data, including images stored on Cloudinary, within 30 days.

9. Your Rights

You may export your data at any time using the export feature in Settings. You may request deletion of your account and all associated data by contacting us.

Under GDPR and CCPA, you have the right to access, correct, or delete your personal data. You may also request a portable copy of your data.

9a. Data Deletion Requests

To request deletion of your account and all associated data, email hello@artworkcodex.com with the subject "Data Deletion Request" and include the email address associated with your account. We will process your request within 30 days and confirm deletion by email. This includes all artwork records, images, contacts, sales data, and profile information.

10. Security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security policies, and secure authentication. However, no system is completely secure.

11. Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email.

12. Contact

Questions about privacy? Contact us at hello@artworkcodex.com.