Privacy Policy

Last updated: June 2026

1. Who we are

ArtLedger.ai (Lisbon, Portugal) is the data controller for personal data processed through the Service, including the Art City Map (ACM) layer.

2. What we collect

• Account data: email, password hash, display name, city, avatar URL, bio.
• Usage data: chat prompts and assistant responses, uploaded photos of artworks, watchlist entries, language preference, device and browser metadata, IP-derived approximate location.
• Payment data: handled by our payment processor (Paddle / Stripe). We receive subscription status, not full card numbers.

3. How we use it

• Provide the AI assistant, valuations, ACM city guides, and watchlists.
• Process payments and manage your Pro subscription.
• Improve models and editorial coverage (anonymous aggregate signals only).
• Detect abuse, prevent fraud, and protect cultural-heritage compliance.
• Send transactional emails (account, billing, security).

4. Legal bases (GDPR)

Performance of contract (running the Service), legitimate interests (security, product improvement), consent (optional analytics and marketing), legal obligation (tax, AML, cultural heritage).

5. Sharing

We share data with vetted processors: cloud hosting, AI model providers (for inference), payment processors, email delivery, image CDN. We do not sell personal data.

6. Retention

Account data: kept while your account is active. Chat history: kept up to 24 months unless you delete it. Payment records: kept as required by tax law (typically 7 years).

7. Your rights

You can access, correct, export, restrict, or delete your personal data, and object to processing based on legitimate interests. You can delete your profile data at any time from the profile page. To exercise other rights or contact our DPO: privacy@artledger.ai. You may also complain to your local data-protection authority (CNPD in Portugal).

8. International transfers

Some processors operate outside the EEA. We rely on Standard Contractual Clauses and equivalent safeguards.

9. Security

Passwords are hashed. Data in transit is encrypted (TLS). Access is restricted on a need-to-know basis. No system is 100% secure; report incidents to security@artledger.ai.

10. Children

The Service is not directed at children under 16. We do not knowingly process their data.

11. Changes

We will notify material changes in-app or by email.

See also our Terms of Use.