Privacy Policy.
Artistik, a d/b/a of Digideal LLC, a limited liability company organized under the laws of the State of Delaware, United States, with its registered address at 16192 Coastal Highway, Lewes, Delaware 19958-9776 (hereinafter referred to as the “Company,” “Artistik,” “we,” “us,” or “our”), operates the website and application accessible at artistik.ai and app.artistik.ai (collectively, the “Service”). This Privacy Policy (this “Policy”) sets forth the manner in which the Company collects, uses, processes, stores, discloses, and protects personal information and personal data (as those terms are defined under applicable law, collectively “Personal Data”) in connection with your access to and use of the Service.
This Policy is incorporated into and forms part of the Company’s Terms of Service. By accessing or using the Service, you hereby acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your Personal Data in accordance with this Policy. If you do not agree to this Policy, you must immediately cease all use of the Service.
For purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”), the Company acts as the data controller of your Personal Data. For purposes of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA/CPRA”), the Company is a “business” that collects and processes the Personal Data of California consumers.
1. Information We Collect
1.1 Information You Provide Directly
In connection with your access to and use of the Service, we may collect the following categories of Personal Data that you voluntarily provide:
- Account Registration Data: When you create an account, we collect your full name, email address, and password (stored in hashed form). If you register using a third-party authentication provider (e.g., Google OAuth), we receive your name and email address as authorized by you through that provider.
- Payment and Billing Data: When you subscribe to a paid plan, our third-party payment processor, Stripe, Inc. (“Stripe”), collects your payment card number, expiration date, CVV/CVC, billing address, and transaction details. The Company does not store, process, or have access to your full payment card numbers. We receive from Stripe only limited billing information, including the last four digits of your card number, card type, billing address, and transaction confirmation details, as necessary to manage your subscription and comply with applicable law.
- User Content and AI Prompts: Text prompts, creative briefs, descriptions, preferences, instructions, and any other inputs you submit to the Service for the purpose of generating content, as well as the resulting Generated Content produced by the Service.
- Communications Data: Information you provide when you contact our support team, submit inquiries, respond to surveys, or otherwise communicate with the Company, including the content of such communications and any attachments thereto.
1.2 Information Collected Automatically
When you access or use the Service, we automatically collect certain information through technical means, including:
- Usage Data: Pages and features accessed, content generated, actions taken within the Service, timestamps, session duration, click patterns, navigation paths, and interaction sequences.
- Device and Browser Information: Internet Protocol (IP) address, browser type and version, operating system and version, device type, unique device identifiers, screen resolution, display settings, and language preferences.
- Cookies and Similar Technologies: We deploy essential cookies and, subject to your consent where required by applicable law, analytics cookies to maintain your session, store your preferences, and analyze Service usage patterns. Please refer to Section 9 (Cookie Policy) of this Policy for further details.
- Server Log Data: Our servers automatically record information contained in HTTP requests made to the Service, including the requested URL, HTTP method, referring URL, response status code, bytes transferred, and the date and time of each request.
1.3 Information Received from Third Parties
- Authentication Providers: If you elect to authenticate via a third-party service (e.g., Google), we receive your basic profile information, including your name, email address, and profile photograph, to the extent authorized by you through that provider’s permissions flow.
- Payment Processor: Stripe may transmit to us transaction confirmations, payment status updates, subscription lifecycle events, and limited billing details necessary for the Company to manage your Subscription and fulfill its obligations under the Terms of Service.
2. Legal Bases for Processing (GDPR Article 6)
Where the GDPR or UK GDPR applies to our processing of your Personal Data, we rely upon the following legal bases, as applicable to each processing activity:
| Processing Activity | Legal Basis (GDPR Article 6(1)) |
|---|---|
| Providing, operating, and maintaining the Service, including account creation and authentication | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing Subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Generating content based on User Content and AI prompts | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional communications (account confirmations, receipts, security alerts, service notifications) | Performance of a contract (Art. 6(1)(b)) |
| Improving and optimizing the Service, including AI model quality and feature development | Legitimate interests (Art. 6(1)(f)) — interest in improving and developing our Service |
| Analyzing usage patterns, trends, and aggregate metrics | Legitimate interests (Art. 6(1)(f)) — interest in understanding how our Service is used |
| Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues | Legitimate interests (Art. 6(1)(f)) — interest in maintaining the security and integrity of the Service |
| Complying with applicable legal obligations, including tax, accounting, and regulatory requirements | Legal obligation (Art. 6(1)(c)) |
| Sending marketing and promotional communications | Consent (Art. 6(1)(a)) — only with your prior opt-in consent |
| Responding to legal process, law enforcement requests, and protecting our legal rights | Legitimate interests (Art. 6(1)(f)) and/or legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests as the legal basis for processing, we have conducted a balancing assessment to ensure that our interests are not overridden by your fundamental rights and freedoms. You may request further information regarding these assessments by contacting us at [email protected].
3. How We Use Your Information
We use the Personal Data we collect for the following purposes, each in accordance with the applicable legal basis set forth in Section 2:
- (a) To provide, operate, maintain, and administer the Service, including the processing of User Content through AI models to generate content;
- (b) To create, manage, and authenticate your account;
- (c) To process payments, manage Subscriptions, allocate Credits, and maintain billing records;
- (d) To send transactional communications, including account confirmations, payment receipts, subscription renewal notices, security alerts, and service-related notifications;
- (e) To improve, enhance, and optimize the Service, including through the analysis of usage patterns, performance metrics, and user behavior;
- (f) To conduct research and development for new features, products, and services;
- (g) To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, and to enforce our Terms of Service;
- (h) To comply with applicable laws, regulations, legal processes, or governmental requests;
- (i) To send marketing and promotional communications, solely where you have provided your prior opt-in consent (you may withdraw such consent at any time); and
- (j) To respond to your inquiries, requests, and support tickets.
4. How We Share Your Information
4.1 The Company does not sell, rent, or trade your Personal Data to third parties for their own marketing purposes. We shall never sell your Personal Data within the meaning of the CCPA/CPRA.
4.2 We may disclose your Personal Data to the following categories of recipients, solely to the extent necessary for the purposes described herein:
- Sub-processors and Service Providers: We engage third-party sub-processors and service providers to perform certain functions on our behalf. These sub-processors are contractually bound by data processing agreements that require them to process Personal Data solely in accordance with our documented instructions, to implement appropriate technical and organizational security measures, and to comply with applicable data protection laws. A complete list of our current sub-processors is set forth in Section 5 below.
- AI Model Providers: User Content, including text prompts and creative inputs, may be transmitted to third-party AI model providers for the purpose of generating content. We contractually require these providers to: (i) process User Content solely for the purpose of generating responses to your requests; (ii) not use your inputs to train, improve, or fine-tune their general-purpose models; and (iii) not share your inputs with other customers or third parties.
- Legal and Regulatory Disclosures: We may disclose your Personal Data if required to do so by applicable law, subpoena, court order, governmental investigation, or regulatory request, or if we have a good-faith belief that such disclosure is reasonably necessary to: (i) comply with a legal obligation; (ii) protect and defend the rights, property, or safety of the Company, our users, or the public; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; or (iv) enforce our Terms of Service.
- Business Transfers: In the event of a merger, acquisition, reorganization, asset sale, financing, bankruptcy, or similar corporate transaction involving all or a portion of our assets, your Personal Data may be transferred or disclosed as part of such transaction. We shall use commercially reasonable efforts to ensure that the acquiring entity is bound by obligations substantially similar to those set forth in this Policy with respect to your Personal Data. We shall provide notice to affected users of any such transfer in accordance with applicable law.
- With Your Consent: We may disclose your Personal Data for other purposes with your explicit, informed, and freely given consent.
5. Sub-processors
The following table identifies the third-party sub-processors that the Company engages to process Personal Data on its behalf in connection with the provision of the Service. The Company maintains data processing agreements with each sub-processor that impose obligations consistent with the requirements of applicable data protection laws.
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing, subscription management, billing, and fraud prevention | United States |
| Cloudflare, Inc. | Content delivery network (CDN), DNS management, DDoS protection, and web application firewall | United States (global edge network) |
| SendGrid (Twilio Inc.) | Transactional and marketing email delivery | United States |
| OpenAI, L.L.C. | AI-powered text and content generation | United States |
| Anthropic, PBC | AI-powered text and content generation | United States |
| ElevenLabs, Inc. | AI-powered audio and voice generation (audiobooks) | United States |
| Zoho Corporation Pvt. Ltd. | Business email hosting and management | United States / India |
The Company reserves the right to engage additional sub-processors or replace existing sub-processors as necessary for the continued operation of the Service. We shall update this list accordingly and, where required by applicable law, provide prior notice of material changes to our sub-processor arrangements.
6. Data Retention
We retain your Personal Data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, as described in this Policy, or as required or permitted by applicable law. Our specific retention periods are as follows:
- Account Registration Data: Retained for the duration of your active account. Upon account deletion, we shall delete or anonymize this data within thirty (30) calendar days, except to the extent that longer retention is required by applicable law or necessary for the establishment, exercise, or defense of legal claims.
- User Content and Generated Content: Retained for the duration of your active account. You may delete individual projects and their associated content at any time through the Service. Upon account deletion, we shall delete all User Content and Generated Content within thirty (30) calendar days, subject to applicable backup retention cycles.
- Payment and Billing Records: Retained for up to seven (7) years following the date of the transaction, as required for compliance with applicable tax, accounting, and financial reporting obligations.
- Usage Data and Server Logs: Retained for up to twenty-four (24) months for analytics, security, and fraud prevention purposes, after which such data is either anonymized or permanently deleted.
- Communications Data: Retained for up to thirty-six (36) months following the date of the communication, or longer if necessary for the resolution of an ongoing support matter or legal claim.
Upon the expiration of the applicable retention period, Personal Data shall be securely deleted or irreversibly anonymized such that it can no longer be used to identify you, except where longer retention is mandated by applicable law.
7. Your Rights and Choices
7.1 Rights of All Users
Regardless of your geographic location, you have the right to:
- (a) Access the Personal Data we hold about you and request a copy thereof;
- (b) Update or correct inaccurate or incomplete Personal Data;
- (c) Delete your account and request erasure of your associated Personal Data, subject to applicable legal retention requirements;
- (d) Opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by contacting us at [email protected]; and
- (e) Request information about the categories of Personal Data we collect and the purposes for which it is processed.
7.2 Rights of EEA, UK, and Swiss Data Subjects (GDPR)
If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, you are entitled to the following additional rights under the GDPR and UK GDPR:
- Right of Access (Article 15): You have the right to obtain confirmation as to whether or not your Personal Data is being processed and, where that is the case, to obtain access to your Personal Data together with certain supplementary information, including the purposes of processing, categories of data, recipients, and retention periods.
- Right to Rectification (Article 16): You have the right to obtain the rectification of inaccurate Personal Data and to have incomplete Personal Data completed.
- Right to Erasure (Article 17): You have the right to obtain the erasure of your Personal Data without undue delay where one of the grounds set forth in Article 17(1) applies, subject to the exceptions provided in Article 17(3).
- Right to Restriction of Processing (Article 18): You have the right to obtain restriction of processing where the accuracy of the data is contested, the processing is unlawful, or the Company no longer needs the data but it is required for the establishment, exercise, or defense of legal claims.
- Right to Data Portability (Article 20): You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or contract and is carried out by automated means.
- Right to Object (Article 21): You have the right to object, on grounds relating to your particular situation, to the processing of your Personal Data which is based on legitimate interests. Upon receipt of such objection, we shall cease processing unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.
- Right to Withdraw Consent (Article 7(3)): Where our processing is based on your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your Personal Data infringes the GDPR.
To exercise any of the foregoing rights, please submit a written request to [email protected]. We shall respond to all rights requests within thirty (30) days of receipt, as required by applicable law. In certain circumstances, we may extend this period by an additional sixty (60) days, provided that we notify you of such extension and the reasons therefor within the initial thirty (30) day period.
7.3 Rights of California Residents (CCPA/CPRA)
If you are a resident of the State of California, you are entitled to the following rights under the CCPA/CPRA:
- Right to Know: You have the right to request that we disclose the categories of Personal Data we have collected about you, the categories of sources from which such data was collected, the business or commercial purpose for collecting such data, the categories of third parties with whom we share such data, and the specific pieces of Personal Data we have collected about you, in each case covering the preceding twelve (12) month period.
- Right to Delete: You have the right to request the deletion of your Personal Data that we have collected, subject to certain exceptions set forth in the CCPA/CPRA, including where retention is necessary for us to complete a transaction, detect security incidents, comply with legal obligations, or exercise or defend legal claims.
- Right to Correct: You have the right to request the correction of inaccurate Personal Data that we maintain about you.
- Right to Opt Out of Sale or Sharing: You have the right to opt out of the “sale” or “sharing” (as those terms are defined under the CCPA/CPRA) of your Personal Data. We hereby affirm that we do not sell or share your Personal Data as defined under the CCPA/CPRA, and have not done so in the preceding twelve (12) months.
- Right to Non-Discrimination: We shall not discriminate against you for exercising any of your rights under the CCPA/CPRA, including by denying goods or services, charging different prices, providing a different level or quality of service, or suggesting that you may receive a different price or quality of service.
- Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive Personal Data (as defined under the CCPA/CPRA), you have the right to limit our use and disclosure of such data to that which is necessary to perform the services you have requested.
To exercise any of the foregoing rights, please submit a verifiable consumer request to [email protected] or through your account settings at app.artistik.ai. We shall verify your identity before fulfilling any rights request and shall respond within forty-five (45) calendar days of receipt, as required by the CCPA/CPRA.
Categories of Personal Data Collected: In the preceding twelve (12) months, we have collected the following categories of Personal Data as defined under the CCPA/CPRA: identifiers (name, email address, IP address); commercial information (subscription and transaction records); Internet or other electronic network activity information (usage data, log data); geolocation data (derived from IP address); and inferences drawn from the foregoing.
8. International Data Transfers
8.1 Your Personal Data may be transferred to, stored in, and processed in countries other than the country in which it was originally collected, including the United States of America. These countries may have data protection laws that differ from the laws of your country of residence.
8.2 Where we transfer Personal Data from the EEA, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection by the European Commission or the UK Secretary of State (as applicable), we implement appropriate safeguards to ensure that your Personal Data receives an adequate level of protection, including:
- (a) Standard Contractual Clauses (“SCCs”) adopted by the European Commission pursuant to Commission Implementing Decision (EU) 2021/914, as supplemented by the UK International Data Transfer Addendum where applicable;
- (b) Data processing agreements with all sub-processors that incorporate the SCCs and impose obligations consistent with Articles 28 and 32 of the GDPR; and
- (c) Supplementary technical and organizational measures where the transfer impact assessment indicates that additional safeguards are necessary to ensure essentially equivalent protection.
You may obtain a copy of the relevant safeguards by contacting us at [email protected].
9. Cookie Policy
9.1 What Are Cookies
Cookies are small text files that are stored on your device (computer, tablet, or mobile device) when you visit a website. Cookies serve various functions, including enabling the website to recognize your device, remember your preferences, and analyze how you interact with the website.
9.2 Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the operation of the Service. They enable core functionality such as session management, authentication, load balancing, and security features. These cookies cannot be disabled, as the Service cannot function properly without them. Legal basis: legitimate interests / necessity for the provision of the Service.
- Analytics and Performance Cookies: These cookies enable us to collect aggregated, anonymized data regarding how users interact with the Service, including pages visited, session duration, and navigation paths. We use privacy-respecting analytics tools that do not track users across third-party websites. These cookies are deployed only with your prior consent where required by applicable law. Legal basis: consent (where required) or legitimate interests.
9.3 Your Cookie Choices
You may control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies, and you may configure your browser to alert you when cookies are being set. Please note that disabling strictly necessary cookies may impair or prevent your ability to access or use the Service. For further information on managing cookies, please consult your browser’s help documentation.
9.4 Do Not Track Signals
The Company honors Do Not Track (“DNT”) signals transmitted by your browser. When we detect a DNT signal, we do not deploy analytics or performance cookies and do not engage in cross-site tracking of the user who transmitted the signal.
10. Data Security
10.1 The Company implements and maintains appropriate technical and organizational measures designed to protect the confidentiality, integrity, and availability of your Personal Data against unauthorized access, alteration, disclosure, destruction, loss, or other forms of unlawful processing. These measures include, without limitation:
- (a) Encryption of Personal Data in transit using Transport Layer Security (TLS) version 1.2 or higher;
- (b) Encryption of Personal Data at rest using Advanced Encryption Standard (AES) with 256-bit keys;
- (c) Role-based access controls and multi-factor authentication for internal systems;
- (d) Regular security assessments, penetration testing, and vulnerability scanning;
- (e) Incident response and breach notification procedures; and
- (f) Security awareness training for personnel with access to Personal Data.
10.2 Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. The Company cannot and does not guarantee the absolute security of your Personal Data. You acknowledge that you transmit your Personal Data to and through the Service at your own risk. In the event of a personal data breach (as defined under the GDPR), the Company shall notify the relevant supervisory authority and affected data subjects in accordance with Articles 33 and 34 of the GDPR, as applicable.
11. Children’s Privacy
The Service is not directed to, and is not intended for use by, individuals under the age of eighteen (18). The Company does not knowingly collect, solicit, or process Personal Data from children under the age of eighteen (18). If you are under the age of eighteen (18), you are prohibited from creating an account or using the Service. If we become aware that we have collected Personal Data from an individual under the age of eighteen (18), we shall take prompt steps to delete such data from our systems. If you are a parent or legal guardian and believe that your child has provided Personal Data to the Company, please contact us immediately at [email protected] so that we may take appropriate action.
12. Third-Party Links and Services
The Service may contain hyperlinks to websites, applications, or services operated by third parties. The Company is not responsible for, and this Policy does not apply to, the privacy practices, content, or data collection activities of any third-party website, application, or service. We encourage you to review the privacy policy of every third-party service you visit or interact with. The inclusion of any link on the Service does not imply endorsement, sponsorship, or affiliation by the Company.
13. Changes to This Privacy Policy
13.1 The Company reserves the right to modify, amend, or update this Policy at any time and in its sole discretion. The “Effective date” set forth at the top of this Policy indicates the date on which this Policy was last materially revised.
13.2 For material changes to this Policy — meaning changes that expand the categories of Personal Data collected, introduce new purposes for processing, or materially alter the manner in which Personal Data is shared — the Company shall provide no fewer than thirty (30) days’ prior notice via email to the address associated with your account, or through a prominent notice posted on the Service.
13.3 Your continued access to or use of the Service following the effective date of any modification shall constitute your acceptance of and agreement to be bound by the modified Policy. If you do not agree to any modification, you must discontinue your use of the Service prior to the effective date of such modification and may request deletion of your account and Personal Data in accordance with Section 7.
14. Data Protection Officer
For all inquiries related to data protection, privacy rights, or this Policy — including requests to exercise your rights under the GDPR, UK GDPR, or CCPA/CPRA — you may contact our Data Protection Officer at:
Privacy Team, Digideal LLC
Artistik
16192 Coastal Highway, Lewes, Delaware 19958-9776
Email: [email protected]
We shall endeavor to respond to all inquiries and rights requests within the timeframes mandated by applicable law.
15. Contact Information
For general questions, concerns, or requests regarding this Privacy Policy or the Company’s data practices, please contact:
Artistik — d/b/a Digideal LLC
16192 Coastal Highway, Lewes, Delaware 19958-9776
Email: [email protected]
Website: artistik.ai