Privacy Policy
Last updated: November 2025. Art Registry Platform (ARP) is committed to protecting your privacy and complying with GDPR as well as other applicable data protection laws.
1. Data We Collect
- Account information such as name, email, role, and organization details.
- Artwork metadata, editions, certificates, and media you upload to the platform.
- Usage telemetry (device type, browser, region) that helps us secure the platform.
- Billing and invoicing data when you activate paid features.
2. How We Use Your Data
- Operating the registry, generating certificates, and enabling delegation workflows.
- Providing customer support and notifying you about account activity.
- Securing the platform through fraud detection, rate limiting, and abuse monitoring.
- Complying with legal obligations, including audit and financial reporting.
3. Legal Basis & Storage
- Processing is based on contract performance, legitimate interest, or explicit consent.
- Data is stored in the EU on encrypted infrastructure (Supabase + Vercel).
- Backups are retained according to our disaster recovery policy (rolling 30 days).
4. Your Rights
- Request a copy of your data or export your artwork records.
- Ask us to correct inaccuracies or delete data when legally permissible.
- Restrict processing or object to specific processing activities.
- File a complaint with your local supervisory authority.
5. Special Conditions
- Blockchain anchoring is optional and irreversible once enabled.
- Public artworks or certificates may remain cached by search engines or archival services.
- We respond to verified law-enforcement/legal requests in accordance with applicable law.
Contact & DPO
For privacy inquiries, email privacy@artregplatform.com. We respond to verified requests within 30 days.