ArtedEye

Privacy Policy

Last Updated: October 21, 2025

1. Introduction

Welcome to ArtedEye ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and share your information. This Privacy Policy explains our data practices for the ArtedEye mobile and web application ("App").

By using our App, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Biometric Data

  • Iris Photographs: We collect photographs of your iris that you capture using our App. This is considered biometric data under GDPR and other privacy regulations.
  • Purpose: These images are used to:
    • Generate artistic representations of your iris
    • Improve and train our AI models
    • Research and development purposes
  • Storage: All iris images are encrypted at rest and in transit using industry-standard encryption protocols
  • Anonymization: Iris images may be anonymized (stripped of personal identifiers) for AI training and research

2.2 Device Information

  • Device UID: We collect a unique device identifier for rate limiting and fraud prevention
  • Device Type: Information about your device model, operating system, and app version
  • IP Address: Your IP address for security and rate limiting purposes

2.3 Payment Information

  • Payment Data: When you make a purchase, we collect payment information through Stripe (web) or your device's app store (mobile)
  • Transaction History: We maintain records of your purchases and payments
  • Note: We do not directly store credit card information; this is handled by our payment processors

2.4 Usage Data

  • App usage statistics and analytics
  • Feature interactions and preferences
  • Error logs and diagnostic information

2.5 Account Information

  • Email address (if you choose to create an account)
  • User preferences and settings

3. How We Use Your Information

3.1 Primary Purposes

  • Service Delivery: To process your iris images and generate artistic representations
  • Payment Processing: To complete transactions and manage your purchases
  • Account Management: To maintain your account and preferences
  • Customer Support: To respond to your inquiries and provide assistance

3.2 Secondary Purposes

  • AI Model Training: Your anonymized iris images may be used to train and improve our AI models
  • Research & Development: To enhance our image processing algorithms and develop new features
  • Analytics: To understand usage patterns and improve user experience using Google Analytics (GA4)
  • Marketing: To measure advertising effectiveness using Google Ads conversion tracking
  • Security: To detect and prevent fraud, abuse, and security threats

4. Data Sharing and Third Parties

4.1 Service Providers

We share some of your information with trusted service providers who assist us in operating our business:

  • Google Cloud Platform: Cloud storage and computing services
  • Firebase: Backend services, authentication, and database
  • Stripe: Payment processing (web)
  • Apple/Google: In-app purchase processing (mobile)
  • Google AI: Image processing services
  • Google Analytics (GA4): Usage analytics and user behavior tracking
  • Google Ads: Advertising performance measurement and conversion tracking

4.2 Marketing and Analytics Services

We use Google Analytics and Google Ads to analyze app usage and measure marketing effectiveness:

  • Google Analytics: Collects anonymized usage data, page views, user interactions, and demographic information to help us improve the app experience
  • Google Ads: Tracks conversion events (such as purchases) to measure advertising campaign effectiveness and optimize ad spend
  • Your Control: You can control data sharing with these services by managing your consent preferences in the app. By default, tracking is disabled until you provide consent
  • Google's Privacy: These services are subject to Google's Privacy Policy. Learn more at https://policies.google.com/privacy

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Protect the rights and safety of our users and the public

5. Data Retention

  • Processed Images: Stored until you request deletion or your account is terminated
  • Anonymized Training Data: May be retained indefinitely for AI training purposes
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Account Data: Retained until account deletion plus 30 days for backup purposes
  • Usage Logs: Retained for up to 90 days unless required for security investigations

6. Your Rights (GDPR & CCPA)

6.1 Access and Portability

You have the right to:

  • Request a copy of all personal data we hold about you
  • Receive your data in a structured, machine-readable format
  • Request information about how we process your data

6.2 Deletion (Right to be Forgotten)

You can request deletion of your data by:

  • Using the in-app deletion feature

Note: Anonymized data used in AI training cannot be deleted once anonymized, as it cannot be linked back to you.

6.3 Correction

You can update or correct your account information through the App settings.

6.4 Objection and Restriction

You have the right to:

  • Object to processing of your data for certain purposes
  • Request restriction of processing under certain circumstances
  • Withdraw consent at any time (though this may limit service functionality)

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Control: Strict access controls limit who can access your data
  • Regular Audits: We conduct regular security audits and penetration testing
  • Firebase App Check: Verifies that requests come from legitimate apps
  • Rate Limiting: Prevents abuse and unauthorized access attempts
  • Cloud KMS: Encryption keys managed through Google Cloud Key Management Service

Note: No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

8. Children's Privacy

Our App is not intended for users under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will promptly delete it.

If you believe a child has provided us with personal information, please contact us at artedeye+privacy@gmail.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and European Union. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Compliance with EU-US Data Privacy Framework principles
  • Google Cloud Platform's data residency and compliance features

10. Consent and Withdrawal

By using our App, you explicitly consent to:

  • Collection and processing of your biometric data (iris images)
  • Use of your anonymized data for AI training
  • All practices described in this Privacy Policy

You can withdraw consent at any time by deleting your account, though this may result in loss of service access.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date
  • We will notify you through the App or via email
  • Continued use of the App constitutes acceptance of the updated policy

12. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us:

  • Email: artedeye+privacy@gmail.com
  • Data Protection Officer: artedeye+dpo@gmail.com
  • Postal Address: 61 rue de Lyon 75012 Paris

EU Representative: [EU Representative Name and Address - if required]

13. Supervisory Authority

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.