Privacy Policy
Welcome to ArtisTrust.
This Privacy Policy governs how Wibbly Works Inc. ("ArtisTrust," "we," "us," or "our") collects, uses, and safeguards the personal data and creative work you entrust to us when you use our website and services at artistrust.io.
We take data privacy seriously: your artwork, metadata, and personal information belong to you. This policy explains exactly what we collect, how we store it, who we share it with, and how you can request deletion at any time.
What we collect.
Account information: Your email address and any name you provide during sign up.
Artwork images: Photos and files you upload are stored on your behalf.
Artwork metadata: Titles, dates, dimensions, materials, locations, notes, tags, and copyright information you enter.
EXIF / camera data: If present in an uploaded image, we read and store it (shutter speed, aperture, GPS coordinates, etc.). You can see and edit this data at any time.
Voice memos: Audio recordings you attach to artworks are stored as audio files.
AI analysis results: When you run AI analysis, the image is sent to our AI partners and the resulting description, tags, and colour palette are stored with the artwork.
Billing information: If you subscribe to a paid plan, Stripe processes and stores your card details. We store only your Stripe customer ID and subscription status: we never see your card number.
How we store it.
Artwork images are stored in AWS S3 (US East region) via Supabase Storage. These are encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Metadata and account information are stored in a PostgreSQL database hosted by Supabase (US East region), which is also encrypted at rest.
Access to your data is protected by row level security policies. No other user can read or write your records. Our server side code uses a service role key only for operations you explicitly trigger (uploading, cataloguing, billing), and that key is never exposed to the browser.
Third parties.
We do not sell, rent, or share your personal data with any other third parties. We only share data with the following trusted providers to run the service:
Hostinger: Used to host the artistrust.io website and marketing pages.
Supabase: Handles authentication, database, and file storage.
Anthropic: Provides AI image analysis. When you run AI cataloguing, a compressed copy of the artwork image is sent to Anthropic's API.
Stripe: Handles payment processing. We never transmit your raw card data through our servers.
Resend: Handles transactional email delivery.
Google: Used to manage our official business email communications.
Your rights.
You have full control over your data. You may exercise the following rights directly within the app or by contacting us:
Access and Portability: You can export all your artwork data at any time from the app.
Correction: You can edit all metadata we hold about you directly in the app.
Deletion: You can delete your account from your Profile settings. This permanently removes all images from storage and all database records.
If you are in the EU or UK, you have additional rights under GDPR / UK GDPR. To exercise any of these rights, contact us at hello@artistrust.io.
Cookies and Retention.
We use a single session cookie set by Supabase Auth to keep you signed in. We do not use advertising cookies, tracking cookies, or third party analytics. The session cookie is HttpOnly and Secure.
Your data is retained for as long as your account exists. If you delete your account, all data is removed immediately from our systems. Automated backups held by Supabase are purged on their standard schedule, which is typically within 30 days. Stripe billing records are retained as required by financial regulations (typically 7 years).
Contact.
Wibbly Works Inc.
8, The Green
Dover DE 19901
USA
Questions or requests: hello@artistrust.io