Art Spoon Privacy Policy

Effective Date: March 1, 2026

Art Spoon Inc. and its affiliates (“Art Spoon,” “we,” “us,” or “our”) respect your privacy and are committed to handling personal information responsibly.

This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you:

visit our websites;
create an account;
use our software, applications, and platform services;
interact with hosted pages, profile pages, search and discovery features, competition workflows, or other Art Spoon products; or
otherwise communicate with us.

This Privacy Policy is intended to provide a clear, meaningful, and reasonably accessible notice about our personal information practices, including rights that may apply under U.S. state privacy laws such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and the Delaware Personal Data Privacy Act (“DPDPA”), where applicable.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information that Art Spoon collects and processes as a business or controller for its own purposes, including when you interact with our website, create an account, request support, receive communications from us, or use our products directly.

1.1 Customer Content and Customer-Controlled Data

Art Spoon also provides software and platform tools to customers such as galleries, artists, studios, curators, and other organizations. In many cases, those customers upload, store, manage, publish, or otherwise control information through our products, including artist profiles, CVs, exhibition histories, collector or contact records, competition submissions, reviewer comments, and related content (“Customer Content”).

When we process Customer Content on behalf of a customer, we generally act as a processor, service provider, or contractor on that customer’s behalf. In those cases:

the customer, not Art Spoon, decides why and how that personal information is processed;
the customer’s own privacy policy may apply to that information; and
our Data Processing Addendum governs our processing for that customer.

This Privacy Policy does not apply to Customer Content to the extent Art Spoon processes it solely on behalf of a customer under that customer’s instructions, except where we are required by law to provide certain information or where this Privacy Policy expressly says otherwise.

1.2 Publicly Published Information

If a customer intentionally makes certain content public through Art Spoon products—such as public artist profiles, public gallery pages, public portfolio pages, or information displayed on /search or other discovery features—such content may be visible to other users and, depending on how it is published, may be accessible to search engines or third parties. We are not responsible for the independent privacy practices of third parties who access information that a user or customer intentionally makes public.

2. Categories of Personal Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information.

2.1 Identifiers and Contact Information

name
display name or account name
email address
phone number
mailing or billing address
company, gallery, studio, or organization name

2.2 Account and Authentication Information

username
login credentials or password-related data (stored in protected form)
account preferences
account role, permissions, and settings

2.3 Professional and Profile Information

job title
business affiliation
biography
artist CV
exhibition history
professional contact information
profile images or profile-related metadata

2.4 Transaction and Commercial Information

subscription details
billing records
order history
payment-related metadata
service plan information
customer support history related to purchases or billing

Important: Payment card details are typically collected and processed by our payment processors, not stored in full by Art Spoon, except as needed for limited billing administration records.

2.5 Internet, Device, and Usage Information

IP address
device identifiers
browser type and version
operating system
language and time zone settings
referral URL
pages viewed
clicks, navigation paths, feature usage, session activity, and similar usage data
log and diagnostic data

2.6 Communications Information

contents of messages you send us
support tickets
email correspondence
chatbot or help interactions, where enabled
survey or feedback responses

2.7 Submission, Evaluation, and Workflow Information

If you use competition, open-call, review, or related workflow features, we may process:

application details
uploaded materials
evaluator assignments
reviewer comments
rankings
review status
workflow metadata

2.8 Public Profile and Hosted Content Information

If you or a customer publish content through Art Spoon-hosted profile pages, websites, or public listings, we may process:

publicly displayed names
profile details
public-facing bios
CV and exhibition history data
artwork thumbnails and related metadata
publicly shared contact or inquiry channels, where configured

2.9 Inferences and Preference Information

We may infer general preferences, interests, or product usage patterns from your interactions with our services, but we do not use those inferences to make decisions that produce legal or similarly significant effects unless specifically disclosed.

2.10 Sensitive Personal Information / Sensitive Data

We do not seek to collect sensitive personal information unless it is reasonably necessary for a disclosed purpose or is intentionally provided through our products. Depending on context, sensitive information may include precise geolocation, health-related information, account log-in credentials combined with security codes, contents of communications, or other information defined as sensitive under applicable law.

If we process sensitive personal information where consent or specific limitations are required by law, we will do so in accordance with applicable legal requirements.

3. Sources of Personal Information

We may collect personal information from the following sources:

3.1 Directly From You

We collect information that you provide directly when you:

create an account;
subscribe to a plan;
fill out a form;
contact support;
request a demo;
sign up for communications;
submit materials through our products; or
otherwise communicate with us.

3.2 Automatically From Your Use of the Products

We automatically collect certain technical and usage information when you use our websites or products, including through cookies, pixels, SDKs, logs, and similar technologies.

3.3 From Customers and Other Users

If you are an artist, gallery contact, reviewer, applicant, collector, or another person whose information is uploaded to the platform by one of our customers, we may receive your information from that customer.

3.4 From Service Providers and Third Parties

We may receive information from:

payment processors;
cloud and IT providers;
analytics providers;
customer support tools;
business partners;
event registration tools;
marketing tools;
identity or fraud prevention tools; and
other third parties you choose to connect or integrate with our products.

3.5 From Public Sources

We may receive information from publicly available sources, including information made available by you or by others through public profiles, public websites, social media, or widely distributed media, where lawful.

4. How We Use Personal Information

We use personal information for the following purposes:

4.1 To Provide and Operate Our Products

create and manage accounts;
provide requested services and features;
store and display content;
enable profile pages, hosted pages, and search/discovery functionality;
support competition, submission, and evaluation workflows;
process requests and transactions.

4.2 To Maintain, Improve, and Develop Our Products

troubleshoot and debug;
monitor service performance;
test features;
conduct analytics;
improve usability, reliability, and user experience;
develop new features.

4.3 To Support Security and Integrity

detect, investigate, and prevent fraud, abuse, unauthorized access, and security incidents;
maintain logs and audit trails;
protect our systems, users, and services.

4.4 To Communicate With You

respond to support requests;
send operational notices;
send product updates;
provide account, subscription, billing, and service-related messages.

4.5 For Marketing and Promotional Purposes

send newsletters, product announcements, and similar communications;
measure campaign effectiveness;
understand interest in our products and services.

You can opt out of marketing emails at any time using the unsubscribe link in the message or by contacting us.

4.6 To Comply With Legal Obligations

comply with applicable laws, regulations, legal process, and government requests;
enforce our agreements;
protect legal rights, safety, and property.

4.7 For Internal Administration

billing
bookkeeping
auditing
reporting
corporate transactions
internal governance

5. Customer Content, Processor Role, and AI-Related Processing

5.1 Customer-Controlled Personal Information

Where our customers use Art Spoon products to upload and manage personal information—such as artist profiles, customer records, application materials, evaluator comments, or hosted content—we generally process that information only on the customer’s instructions and for the limited purposes of providing the products.

5.2 AI and Product Improvement

Unless we clearly disclose otherwise in a supplemental notice, product-specific notice, or agreement:

we do not use customer-uploaded personal information in Customer Content to train generalized third-party AI models for independent third-party use;
we may use de-identified, aggregated, or non-personal product usage information to improve, maintain, secure, and analyze our products; and
if we offer AI-assisted product features, any processing of Customer Content for those features will be described in the relevant product documentation, settings, or supplemental notice.

If you enable a feature that uses AI or automated tools, the relevant feature settings or product notice may provide more detail.

6. Cookies, Analytics, and Similar Technologies

We use cookies and similar technologies for purposes such as:

keeping you signed in;
remembering preferences;
measuring traffic and engagement;
analyzing product usage;
improving performance;
preventing abuse and maintaining security.

Where required by law, we provide you with choices regarding non-essential cookies and similar technologies.

6.1 Analytics

We may use analytics providers to understand how users interact with our websites and products, such as page views, clicks, feature usage, and navigation patterns.

6.2 Advertising and Cross-Context Behavioral Advertising

We do not sell personal information for money.

We do not knowingly sell or share customer-uploaded personal information in Customer Content for cross-context behavioral advertising.

If we use website-based advertising or tracking technologies in a way that constitutes “sharing” for cross-context behavioral advertising under California law, or “targeted advertising” under Delaware law, we will provide the legally required notice and opt-out methods.

6.3 Do Not Track / Browser Signals / Preference Signals

Our products may recognize certain browser-based or device-based privacy signals where required by applicable law. Where legally required, we will honor applicable opt-out preference signals for qualifying processing activities.

7. When We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

7.1 Affiliates

We may share information with our affiliates for the purposes described in this Privacy Policy, including support, administration, security, and service operations.

7.2 Service Providers and Contractors

We may share personal information with vendors and service providers that support our operations, such as:

cloud hosting and infrastructure providers;
storage and database providers;
email and communications providers;
customer support tools;
security and monitoring providers;
analytics providers;
payment and billing processors;
event or webinar providers;
professional advisers.

These recipients are generally contractually restricted from using personal information except to provide services to us or as otherwise permitted by law.

7.3 Other Users or the Public, Based on Your Settings

If you use public-facing features or if a customer publishes information through the platform, certain information may be disclosed:

to authorized users selected by the customer;
to galleries, artists, jurors, evaluators, or collaborators involved in a workflow;
publicly, where a user chooses to make information public; or
through /search or other discovery features, where enabled.

7.4 Legal and Compliance Disclosures

We may disclose personal information:

to comply with law, regulation, subpoena, court order, or legal process;
to respond to lawful requests from authorities;
to enforce contracts and policies;
to detect or prevent fraud or security issues;
to protect rights, safety, and property.

7.5 Corporate Transactions

We may disclose personal information in connection with an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.

Depending on how you use the products, the categories of personal information we may disclose to service providers, contractors, affiliates, customers, or other third parties include:

identifiers and contact information;
account and authentication information;
professional and profile information;
transaction and commercial information;
internet, device, and usage information;
communications information;
submission, evaluation, and workflow information;
public profile and hosted content information; and
inferences and preference information.

We do not disclose sensitive personal information beyond what is reasonably necessary for the disclosed purposes, except where permitted or required by law or where you direct us to do so.

9. Retention of Personal Information

We retain personal information for no longer than reasonably necessary for the purposes described in this Privacy Policy, including:

to provide the products and services you request;
to maintain your account;
to support legitimate business and operational needs;
to comply with legal obligations;
to resolve disputes; and
to enforce agreements.

Retention periods may vary depending on the type of information, the context in which it was collected, whether it is included in Customer Content, and applicable legal requirements.

When personal information is no longer needed, we will delete, de-identify, or anonymize it, or securely retain it in a manner permitted by law (for example, in backups, archives, or legal hold systems).

10. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, destruction, loss, or alteration.

These safeguards may include:

access controls and role-based permissions;
encryption in transit and, where appropriate, at rest;
logging and monitoring;
incident response procedures;
vulnerability management;
backup and recovery processes;
personnel confidentiality and training.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your passwords and account credentials and for protecting access to your own devices and systems.

11. U.S. Privacy Rights

Depending on your state of residence and our legal obligations, you may have some or all of the following rights.

11.1 California Rights (if applicable)

California residents may have the right to:

know the categories and specific pieces of personal information we collected about them;
know the categories of sources of personal information;
know the business or commercial purposes for collecting, using, disclosing, selling, or sharing personal information;
know the categories of third parties to whom personal information is disclosed;
request deletion of personal information, subject to exceptions;
request correction of inaccurate personal information;
opt out of the sale or sharing of personal information;
limit the use and disclosure of sensitive personal information, where applicable; and
not be discriminated against for exercising privacy rights.

11.2 Delaware Rights (if applicable)

Delaware residents may have the right to:

confirm whether we are processing their personal data and access it;
correct inaccuracies;
delete personal data provided by or obtained about them;
obtain a portable copy of certain personal data;
obtain a list of categories of third parties to whom we disclosed personal data; and
opt out of:

- targeted advertising,

- sale of personal data, and

- profiling in furtherance of solely automated decisions that produce legal or similarly significant effects.

11.3 How to Submit a Request

You may submit a request by using one of our designated methods:

Email: contact@artspoon.io

We may take steps to verify your identity before completing a request. We will only use verification information for that purpose.

We do not require you to create a new account in order to submit a rights request, although we may ask you to use an existing account where permitted by law.

11.4 Authorized Agents

Where required by law, you may designate an authorized agent to make certain requests on your behalf. We may require reasonable proof of authorization and identity verification.

11.5 Timing

We aim to respond within the time required by applicable law. In many cases, that means responding within 45 days, with an extension where permitted and properly communicated.

11.6 Appeals (Delaware and Similar Laws)

If we deny your request in whole or in part where an appeal right applies, you may appeal by contacting us at:

Appeal Email: contact@artspoon.io

We will review and respond to your appeal within the time required by applicable law. If we deny your appeal, we will provide information about any further complaint mechanism we are required to provide.

12. Notice Regarding Sensitive Personal Information

If we process sensitive personal information in a manner subject to special legal restrictions, we will do so only:

for the purposes disclosed to you;
where reasonably necessary to provide requested services;
in accordance with your instructions, where we act on behalf of a customer; and
in compliance with applicable law.

Where California law gives you the right to limit the use and disclosure of sensitive personal information, we will provide that right where required.

Where Delaware law requires consent for sensitive data processing, we will seek consent where required and provide a way to revoke it where applicable.

13. Children’s Privacy

Our products are not directed to children under 13 for independent consumer use unless expressly stated otherwise.

We do not knowingly sell or share the personal information of children in a way that requires special opt-in rules under applicable law.

If we learn that we have collected personal information from a child in a manner that requires parental consent and we do not have that consent, we will take appropriate steps to delete or stop processing that information as required by law.

Where a customer uses our products to process information about minors, that customer is responsible for obtaining any notices, consents, or authorizations required by law, unless otherwise expressly agreed.

14. International and Cross-Border Processing

Art Spoon is based in the United States and may process personal information in the United States and other jurisdictions where we or our service providers operate.

If personal information is transferred across borders, we take commercially reasonable steps designed to ensure that the information remains protected in accordance with applicable law and our contractual obligations.

15. Links to Third-Party Sites and Services

Our websites or products may contain links to third-party websites, applications, integrations, or services. We are not responsible for the privacy practices of those third parties. Please review their privacy notices before providing them with personal information.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:

Art Spoon Inc.

1111B S Governors Ave # 44069

Dover, DE 19904

Email: contact@artspoon.io

If applicable law gives you the right to complain to a regulator or authority, you may also contact the relevant authority in your jurisdiction.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will update the “Effective Date” above and provide notice as required by law, which may include posting the updated policy on our website, notifying you through the products, or contacting you by email where appropriate.

Your continued use of the products after the effective date of the updated Privacy Policy means that the updated version will apply, to the extent permitted by law.