Privacy Policy

We collect information you provide directly when you register or interact with the platform:

• Account details — name, email address, and/or phone number used to create your account.
• Authentication data — password hash (never your plain-text password), one-time codes, and Google account identifiers when you sign in with Google.
• Payment information — we use Razorpay to process payments. We store a reference order ID, amount, currency, and payment confirmation reference. We do not store your full card details — these are handled entirely by Razorpay.
• Artwork and provenance data — artwork titles, descriptions, images, and provenance records you upload.
• NFC tag data — token identifiers linked to artworks and ownership records.
• Usage data — pages visited, actions taken (e.g. purchases, scans), and device/browser information collected via standard server logs.

• Authenticate you and maintain your session securely.
• Process NFC tag orders and send order confirmation emails.
• Link physical artworks to their digital provenance records via NFC tags.
• Send transactional emails — order confirmations, OTP codes for login, and account notices. We do not send marketing emails without your explicit consent.
• Provide customer support and respond to enquiries.
• Detect and prevent fraud, abuse, or violations of our Terms of Service.
• Comply with applicable legal obligations.

We share data with the following third parties only to the extent necessary to operate the platform:

We do not sell your personal data to third parties, and we do not use it for targeted advertising.

We use a single session cookie (session_id) to keep you signed in. This cookie is signed and HTTP-only — it cannot be read by JavaScript. We do not use advertising trackers or third-party analytics cookies.

• Account data — retained for as long as your account is active. You may request deletion at any time (see Section 6).
• Order and payment records — retained for seven years for accounting and legal compliance purposes.
• NFC tag provenance records — retained indefinitely as they form part of the artwork's permanent history.
• Server logs — retained for up to 90 days.

Depending on your jurisdiction (including users in the EU/EEA under GDPR and users in India under DPDPA), you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate information.
• Deletion — ask us to delete your account and associated personal data (subject to legal retention requirements).
• Portability — receive your data in a machine-readable format.
• Objection — object to certain types of processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

We apply industry-standard measures to protect your data: HTTPS for all traffic, bcrypt password hashing, HTTP-only signed session cookies, HMAC-verified payment callbacks, and environment-variable management for secrets. No security measure is infallible; if you suspect unauthorised access to your account, contact us immediately at [email protected].

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of Artenthic after a change constitutes acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy, please reach out to us:
Artenthic
Email: [email protected]