Art Circles - Privacy Policy

1. Who We Are

Art Circles is a cultural platform and operating system for artists, galleries, organizers, collectors, and culturally curious audiences. For the purposes of data protection laws, Art Circles is the data controller of personal information we collect through our website, dashboard, events, ticketing, marketing, analytics, and related services.

2. Information We Collect

We collect and process personal data depending on how you use Art Circles:

• Account information, such as name, email address, login method, organization membership, role, and authentication/session data.
• Organizer and business information, such as organization name, profile details, branding, event details, locations, ticket settings, subscription status, billing contact details, and Stripe account connection status.
• Event, registration, and ticketing information, including attendee or guest names, email addresses, order references, ticket selections, timeslots, check-in status, cancellation or refund status, and communications related to an event.
• Payment and billing information, including Stripe customer, subscription, checkout, payment intent, refund, payout, invoice, card brand, card last four digits, expiry, funding type, and related transaction identifiers. We do not store full card numbers.
• Contacts, CRM, campaign, and import data that organizers upload or create, including contact details, audience segments, campaign recipients, delivery events, unsubscribe status, and engagement metrics.
• Content and media, such as artwork details, event images, catalogue assets, campaign designs, uploaded CSV/XLS/XLSX files, and other files or messages you provide.
• AI feature inputs and outputs, such as event context, organization context, prompts, generated tasks, recommendations, and related usage metadata when you use AI-powered features.
• Technical and usage data, including IP address, device and browser information, pages viewed, actions taken, UTM/referral data, map interactions, checkout events, scanner events, cookies, local storage, session storage, and similar technologies.
• Waitlist and referral challenge data, where applicable, such as email address, referral links, referral counts, leaderboard position, and timestamped entries.

3. How We Use Your Information

We use personal data to:

• Operate, secure, and improve Art Circles.
• Create and manage accounts, organizations, events, and tickets.
• Process registrations, orders, payments, refunds, subscriptions, invoices, payouts, and ticket check-ins.
• Send operational emails, ticket confirmations, invitations, event updates, campaign emails, billing notices, and support messages.
• Provide dashboard analytics, attribution, campaign reporting, attendance insights, and organizer performance metrics.
• Support CRM, contact import, audience segmentation, and organizer marketing workflows.
• Generate AI-powered recommendations, launch tasks, content assistance, and readiness insights when those features are used.
• Prevent fraud, abuse, unauthorized access, payment misuse, referral manipulation, and platform security issues.
• Comply with legal, tax, accounting, and regulatory obligations.

We do not use your data for automated decision-making that produces legal or similarly significant effects.

4. Legal Basis for Processing

Where UK or EU data protection law applies, we rely on the following legal bases:

• Contract - to provide the Art Circles services, process orders, manage accounts, and support organizer subscriptions.
• Consent - where you opt in to marketing, accept optional cookies, join waitlists, or provide information voluntarily.
• Legitimate interests - to operate, secure, analyze, improve, and grow the platform, prevent abuse, and support organizers and attendees.
• Legal obligation - where we must retain or disclose information for tax, accounting, payment, compliance, dispute, or regulatory reasons.

You may withdraw consent at any time where processing is based on consent.

5. Payments, Ticketing & Stripe

We use Stripe and Stripe Connect for payments, subscriptions, organizer onboarding, checkout, refunds, payment method storage, invoices, and payouts. Stripe may process payment details, identity and business verification information, billing details, card details, device data, and transaction data under its own privacy policy. Art Circles stores transaction identifiers and limited card metadata, but not full card numbers.

6. Analytics, Cookies & Tracking

We use cookies, local storage, session storage, and similar technologies to keep you signed in, remember interface state, understand how users interact with the platform, attribute registrations and campaign performance, and improve our services. We use PostHog for product analytics in production and may also collect first-party analytics events in our own systems.

You can manage cookies through your browser settings. Some cookies or storage are necessary for login, security, checkout, and core product functionality.

7. AI-Powered Features

Some Art Circles features use AI providers, including OpenAI, to produce event launch tasks, recommendations, content assistance, and related outputs. When you use those features, relevant organization, event, campaign, contact, ticket, or prompt context may be sent to the AI provider to generate a response. You should not enter sensitive personal data into AI prompts unless it is necessary for the task.

8. Files, Images & Maps

We use cloud storage providers, including Amazon Web Services, to store uploaded files such as event images, artwork images, catalogue images, campaign assets, CSV/XLS/XLSX imports, and related media. We use Mapbox to display maps, location search, venue previews, and event discovery experiences. Map interactions may involve device, browser, location, IP, and usage data processed by Mapbox.

9. How We Share Data

We do not sell your personal data. We may share personal data with:

• Service providers that help us provide hosting, payments, analytics, authentication, email delivery, AI features, cloud storage, maps, customer support, security, and infrastructure.
• Event organizers, co-hosts, and authorized organization members where necessary to operate events, registrations, campaigns, CRM, guest lists, check-in, refunds, and reporting.
• Attendees or recipients where needed to deliver tickets, invitations, confirmations, calendar links, and event communications.
• Professional advisers, legal authorities, regulators, payment networks, banks, and law enforcement where required or appropriate.
• Viral Loops or similar referral technology providers where a waitlist or referral challenge is active.

Our current third-party tools may include Stripe, PostHog, Mapbox, Google, OpenAI, Amazon Web Services, email delivery providers, hosting and infrastructure providers, and other vendors that support the services.

10. International Data Transfers

Some service providers may process personal data outside the UK, European Economic Area, or your country of residence. Where required, we rely on appropriate safeguards such as adequacy decisions, the Data Privacy Framework, Standard Contractual Clauses, or equivalent contractual and technical protections.

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy:

• Account and organization data: while the account or organization is active and for a reasonable period afterwards.
• Orders, tickets, refunds, invoices, and payout records: as required for tax, accounting, dispute, fraud prevention, and legal purposes.
• Event, check-in, CRM, campaign, and analytics data: while needed to provide organizer tools, reporting, and operational records.
• Marketing communications: until you unsubscribe or we no longer need the data for the communication purpose.
• Waitlist and referral challenge data: until the campaign ends, prizes are fulfilled, and related legal or operational needs expire.

After the relevant period, data is deleted, anonymized, or retained only where legally required.

12. Your Rights

Depending on where you live, you may have the right to:

• Access your personal data.
• Correct inaccurate or incomplete data.
• Request deletion of your data.
• Restrict or object to processing.
• Withdraw consent at any time.
• Request portability of certain data.
• Lodge a complaint with a data protection authority.

To exercise your rights, contact us at hello@art-circles.com. We may need to verify your identity before responding.

13. Marketing Communications

We may send product updates, event communications, campaign messages, waitlist updates, and marketing emails where permitted. You can unsubscribe using the link in our emails or by contacting us directly. Some operational messages, such as ticket confirmations, order updates, security alerts, billing notices, and event logistics, are necessary to provide the services and may still be sent.

14. Security

We take reasonable technical and organizational measures to protect personal data, including access controls, secure infrastructure, encrypted transport, limited internal access, monitoring, and operational safeguards. However, no system is completely secure, and transmission of information is at your own risk.

15. Children's Data

Art Circles is not intended for individuals under the age of 18. We do not knowingly collect data from children.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.

17. Contact Us

For any questions about this Privacy Policy or how we handle your data, contact Art Circles at hello@art-circles.com.