2. Data we collect
- Account data: email, gallery name, password (stored as a hash).
- Catalog data: images, titles, dimensions, prices and other artwork information you voluntarily upload.
- Client data: name and email entered by clients when saving a composition or sending an inquiry.
- Payment data: managed exclusively by Polar.sh. ArtRoom does not store card numbers.
- Usage data: anonymous analytics via Vercel Analytics, no cookies.
3. Purpose of processing
- Provision of the contracted service.
- Billing and subscription management.
- Sending transactional communications.
- Platform improvement through aggregated, anonymous usage analysis.
- Compliance with legal obligations.
4. Legal basis
- Contract performance — for data required to provide the service (Art. 6.1.b GDPR).
- Consent — for marketing communications, if any (Art. 6.1.a GDPR).
- Legitimate interest — for anonymous usage analytics (Art. 6.1.f GDPR).
- Legal obligation — for retaining billing data (Art. 6.1.c GDPR).
5. Data retention
Account data is retained while the account is active. When you delete your account, all associated data is removed. Billing data is retained for 5 years due to tax obligations.
6. Recipients
Your data may be processed by the following service providers:
- Supabase — database and authentication.
- Polar.sh — payment processing (Merchant of Record).
- Resend — transactional email delivery.
- Vercel — hosting and infrastructure.
7. Your rights
You can exercise the following rights at any time by emailing info@tryartroom.com:
- Access — know what data we process about you.
- Rectification — correct inaccurate data.
- Erasure — delete your account and all your data.
- Portability — export your data in CSV format.
- Objection and restriction — restrict certain processing activities.