Privacy Policy

artt.pro

Last updated: July 06, 2026

1. Introduction

artt.pro is a platform for creating and selling premium framed wall art. Artists upload their artwork, design framed products, sell them through their own sales channels (such as a connected Shopify store), and artt.pro produces and ships the finished pieces across the European Union.

This Privacy Policy explains how we handle personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Latvian data protection law. It applies to artists who use artt.pro and to the personal data we process when fulfilling orders.

2. Who We Are (Data Controller)

The operator of artt.pro is the Latvia-registered company identified in our Legal Notice (the "operator", "we", "our", "us"). We are the data controller for the personal data described in this policy, except where we act as a processor on an artist's behalf (see Section 10).

You can contact us using the details in Section 12.

3. Personal Data We Process

a. Artist account data

  • Contact name and email address
  • Business / brand name, billing address, and VAT identification number
  • Connected sales-channel details (e.g. Shopify store name and URL)
  • Account configuration and usage data (e.g. products designed, orders placed)

b. Payment data

Card payments are processed by our payment provider (Stripe). We do not store full card numbers; we retain a payment-method reference, charge records, and invoices needed for billing, accounting, and VAT.

c. Artwork and content you upload

Images and artwork you upload to design and produce your framed products. This may incidentally contain personal data if you choose to include it.

d. End-customer data for order fulfilment

To produce and ship an order, we process the end customer's name, shipping address, and order details. We receive this from the artist's connected sales channel. For this data the artist is the controller and we act as a processor on the artist's instructions (see Section 10).

e. Technical data

Server logs, IP address, device/browser information, and error-diagnostic data used to operate, secure, and troubleshoot the platform.

4. How We Use Data and Our Lawful Bases

We process personal data for the following purposes and lawful bases under Article 6 GDPR:

  • Providing the service — creating your account, designing products, placing orders, and producing and shipping them (performance of a contract).
  • Billing, invoicing, VAT, and accounting — charging you and issuing VAT invoices (performance of a contract and compliance with a legal obligation).
  • Security, fraud prevention, and service improvement — protecting the platform, diagnosing errors, and improving reliability (our legitimate interests).
  • Service communications — sending you transactional messages such as order, payment, and account notices (performance of a contract / legitimate interests).

We do not sell personal data, and we do not use end-customer data for our own marketing.

5. Cookies

artt.pro uses strictly necessary cookies only — a session cookie required to keep you signed in and to protect against cross-site request forgery. These are essential to the service and are not used for tracking.

We do not use third-party advertising or cross-site tracking cookies.

6. Service Providers We Share Data With

We share personal data with the service providers (processors) we rely on to run artt.pro, only as needed to provide the service and under appropriate data-processing terms:

  • Payments — Stripe (payment processing, billing).
  • Framing & print fulfilment — our framing and print-production provider, which receives the print file and shipping details to produce and dispatch orders.
  • File storage & delivery — Uploadcare (storage and CDN for uploaded artwork and print files).
  • Transactional email — Postmark (sending order, payment, and account emails).
  • Hosting & infrastructure — our cloud hosting provider.
  • Error monitoring — Sentry (diagnosing application errors).
  • Sales-channel integration — Shopify (where you connect your store), which provides order and customer data for fulfilment.

We may also disclose personal data where required by law, to establish or defend legal claims, or in connection with a business transfer.

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we rely on an adequacy decision of the European Commission or on appropriate safeguards such as the European Commission's Standard Contractual Clauses. You can request more information using the contact details in Section 12.

8. Data Retention

  • Artist account data is kept for the life of your account and deleted or anonymised after closure, unless we must keep it longer by law.
  • Invoices and accounting/VAT records are retained for the period required by Latvian law.
  • Order and fulfilment data is retained to support reprints, warranty, and dispute resolution.
  • On account closure or a valid erasure request, we delete or anonymise personal data unless retention is required by law.

9. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit (TLS) and encryption of sensitive stored credentials
  • Access controls and authenticated administration
  • Audit logging and separation of production and test environments
  • Rate limiting and account-protection measures on authentication
  • An incident-response process for personal-data breaches

Where a personal-data breach is likely to result in a risk to individuals, we will notify the Latvian supervisory authority (the Data State Inspectorate, Datu valsts inspekcija) and affected individuals as required by the GDPR.

10. When We Act as Your Processor

For end-customer personal data used to fulfil orders, the artist is the data controller and artt.pro acts as a processor on the artist's documented instructions. As the controller, you are responsible for having a lawful basis to share that data with us and for informing your customers that their order data is shared with artt.pro for production and delivery.

We process such data only to provide the fulfilment service, apply appropriate safeguards, and assist you with data-subject requests. This may be supplemented by a separate data-processing agreement.

11. Your Rights

Subject to the conditions in the GDPR, you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to processing;
  • data portability; and
  • withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us using the details in Section 12. You also have the right to lodge a complaint with the Latvian supervisory authority, the Data State Inspectorate (Datu valsts inspekcija, dvi.gov.lv), or with the supervisory authority in your EU country of residence.

12. Changes and Contact

We may update this Privacy Policy from time to time. The updated version will be posted here with a revised "Last updated" date, and material changes will be communicated to active artists.

If you have questions or wish to exercise your rights, contact: