Privacy Policy

ArtArmor ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services (collectively, the "Service").

This policy applies to all users worldwide and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, password, profile photo
• Payment Information: Billing address, payment method details (processed securely via Stripe)
• Content: Images, videos, text prompts, artwork you upload, generated media, creative decision logs
• Communications: Messages sent through the platform, support inquiries, feedback
• Profile Information: Bio, portfolio settings, social media connections

1.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, features used, time spent, click patterns, generation history
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies
• Location Data: Approximate location based on IP address
• Performance Data: Error logs, crash reports, API response times

1.3 Information from Third Parties

• Social Media: If you connect social accounts, we may receive profile information
• Payment Processors: Payment confirmation and billing information from Stripe
• AI Service Providers: Usage metadata from Anthropic, Replicate, and other AI services

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

• Provide and maintain the Service
• Process AI generation requests
• Store and manage your content
• Train custom AI models on your uploaded artwork
• Enable social media integrations and posting
• Facilitate user-to-user messaging
• Display your public portfolio

2.2 Business Operations

• Process payments and manage subscriptions
• Send transactional emails (receipts, verification, notifications)
• Provide customer support
• Enforce our Terms of Service
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations

2.3 Improvement and Analytics

• Analyze usage patterns and user behavior
• Improve Service features and performance
• Develop new features and functionality
• Conduct research using anonymized, aggregated data
• A/B testing and experimentation

2.4 Marketing (With Consent)

• Send promotional emails about new features or offers
• Display targeted advertising (with opt-out available)
• Conduct surveys and request feedback

You can opt out of marketing communications at any time.

3. AI Model Training and Content Usage

3.1 Your Content is Private by Default

We do NOT use your uploaded artwork or generated content to train general AI models. Your content remains private unless you explicitly designate it as public in your portfolio.

3.2 Custom Model Training

When you use our custom model training features (LoRA/DreamBooth), we train models exclusively on artwork you upload for that purpose. These custom models are private to your account and are not shared with other users or used to improve base AI models.

3.3 Third-Party AI Services

We use third-party AI services (Anthropic Claude, Replicate, etc.) to provide generation capabilities. These providers process your prompts and content according to their own privacy policies. We select providers with strong privacy commitments and data protection practices.

3.4 Public Content

Content you designate as public (portfolio items, public galleries) may be viewed by others and indexed by search engines. You control what content is public through your privacy settings.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating the Service:

• Supabase: Database hosting and authentication
• Stripe: Payment processing
• Anthropic: Claude AI services
• Replicate: Image and video generation
• SendGrid: Email delivery
• Vercel: Hosting and infrastructure

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose information if required to:

• Comply with legal processes (subpoenas, court orders)
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Respond to government or law enforcement requests

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have.

4.4 With Your Consent

We may share information with third parties when you provide explicit consent, such as connecting social media accounts or sharing portfolio content publicly.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally for research, analytics, or marketing purposes.

5. Your Privacy Rights

5.1 GDPR Rights (EU/UK Users)

If you are in the EU or UK, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing
• Lodge Complaint: File a complaint with your data protection authority

5.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know: Request disclosure of data collection and sharing practices
• Access: Request a copy of specific pieces of personal information
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell your data)
• Non-Discrimination: Exercise rights without discriminatory treatment

5.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@artarmor.ai or use the privacy controls in your account settings. We will respond within 30 days (or as required by applicable law).

We may request verification of your identity before processing requests.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication with bcrypt password hashing
• Database access controls and row-level security (RLS)
• Regular security audits and penetration testing
• Secure API endpoints with rate limiting
• Automated vulnerability scanning
• Employee access controls and data minimization

However, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations (tax records, etc.)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

Backups may retain data for up to 30 additional days before permanent deletion.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

We use appropriate safeguards for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with service providers
• Compliance with Privacy Shield principles (where applicable)

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@artarmor.ai and we will take prompt steps to delete such information.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: Help us understand usage patterns and improve the Service
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used for targeted advertising (with opt-out available)

10.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality. Most browsers offer:

• Cookie blocking or deletion options
• Third-party cookie controls
• Do Not Track (DNT) settings

11. Third-Party Links and Services

The Service may contain links to third-party websites, social media platforms, and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service at least 30 days before taking effect. The "Last Updated" date at the top of this policy indicates when it was last revised.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: