Legal

Privacy Policy

Last updated: April 2026

This document is a draft and will be reviewed by legal counsel before launch.

1. Information We Collect

We collect information you provide directly: name, email address, role, portfolio information (for artists), and transaction details. We also collect usage data including pages visited, search queries, and interaction patterns to improve the Platform.

2. How We Use Your Information

  • Operating and improving the Platform
  • Processing transactions and payments
  • AI-powered features: artwork analysis, search, and recommendations
  • Communications: transactional emails, notifications
  • Analytics: understanding usage patterns and conversion
  • Legal compliance and fraud prevention

3. Third-Party Services

PrismArt uses the following third-party services:

  • Supabase — Database, authentication, and file storage. Data stored on Supabase infrastructure.
  • Stripe — Payment processing. Payment information is handled by Stripe and not stored on our servers.
  • Google Gemini API (via Genkit) — AI artwork analysis. Artwork images are sent to Google for analysis. Google's data retention policies apply.
  • Langfuse — AI observability. Search queries and AI responses are logged for quality monitoring.
  • Resend — Transactional email delivery.

4. Cookies & Tracking

We use essential cookies for authentication and session management. We may use analytics tools to understand Platform usage. You can control cookie preferences through your browser settings.

5. Data Retention

Account data is retained while your account is active. Artwork data and transaction records are retained for legal and tax compliance purposes. AI analysis logs are retained for quality improvement. You may request deletion of your account and associated data.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your account and data
  • Export your data in a portable format
  • Opt out of non-essential communications

7. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption, Row Level Security (RLS) on our database, and secure authentication through Supabase Auth. However, no method of electronic storage is 100% secure.

8. Children's Privacy

PrismArt is not directed to children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or Platform notification.

10. Contact

Privacy inquiries may be directed to privacy@prismart.app.