Privacy Policy for Arthour

Arthour is operated by Giulio Pozio. This Privacy Policy explains how Giulio Pozio, operating the Arthour app and services (“Arthour,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects personal data when you use the Arthour iOS app, bundle ID com.giuli.tawa, our backend services, account and subscription features, support services, and websites.

Data controller: Giulio Pozio
Address: Via Ennio Quirino Visconti 8, 00193 Roma, Italia
Privacy contact: privacy@arthour.com
Support contact: support@arthour.com

For purposes of this Policy, “personal data” means information that identifies, relates to, describes, or can reasonably be linked to an identifiable person.

1. Scope

This Policy applies to:

• The Arthour iOS app.
• Arthour account, authentication, subscription, scan, notebook, visit, ranking, recommendation, export, sync, and account-management features.
• Arthour backend services and operational systems.
• Support, privacy, and service communications.
• Arthour websites.

This Policy does not apply to third-party websites, app stores, payment systems, platforms, or services that are not controlled by Arthour and that provide their own privacy notices. For example, Apple processes App Store, Apple ID, Sign in with Apple, and payment-related data under Apple’s own terms and privacy policies.

Arthour is distributed worldwide through the Apple App Store.

2. Age Requirements

Arthour is not directed to children and is not submitted in Apple’s Kids Category. You must be at least 13 years old, or the minimum age required in your country to use an online service without parental consent.

If you are under the age at which you can lawfully use Arthour without parental consent, you may use Arthour only with permission from a parent or legal guardian where required by law.

If we learn that we have collected personal data from a child in a way that requires parental consent and such consent has not been provided, we will take appropriate steps to delete that data. Parents or guardians may contact us at privacy@arthour.com.

3. Personal Data We Collect

We collect personal data only as needed to provide, secure, improve, personalize, and support Arthour. The personal data we collect depends on how you use the app, website, and related services.

3.1 Account and Profile Data

When you create, access, or manage an Arthour account, we may process:

• Email address.
• Name, display name, or username, if provided.
• Authentication identifiers.
• Sign in with Apple identifier and Apple-provided name or email address, including private relay email address if you choose that option.
• Supabase Auth account data.
• Session tokens and device/account identifiers needed to keep you signed in and secure your account.
• Profile and preference settings, such as preferred language, explanation style, knowledge level, interests, and home city.
• Account-management activity, such as export, sync, deletion, and settings changes.

If you use email/password login, password authentication is handled through Supabase Auth. We do not store passwords in plain text.

3.2 Location and City Data

Arthour may ask for iOS Location Services permission when you choose Use current location. This feature is used to determine your current city and match it to supported Arthour cities.

When you use this feature:

• Arthour temporarily accesses a device location fix to derive city and country candidates.
• Arthour is designed for city-level use, not turn-by-turn navigation, background location tracking, or continuous location monitoring.
• Arthour does not intentionally store precise GPS coordinates or send precise GPS coordinates to the Arthour backend.
• Arthour may store or send city-related data, such as city ID, city name, country in the home-city label, and related timestamps.
• You can choose a city manually instead of using Location Services.
• Your location and city information are not visible to other Arthour users.

You can revoke location permission at any time through iOS Settings.

3.3 Camera, Photo, Scan, and Notebook Image Data

Arthour uses the camera and photos you select to identify artworks and support scan, notebook, visit, and related app features.

When you scan an artwork or select an image:

• Arthour may compress the image on your device.
• Arthour uploads the image to Arthour’s backend for artwork identification.
• For borderline, uncertain, or low-confidence results, Arthour may send the scan image and candidate artwork context to OpenAI for vision-model verification. Candidate context may include possible artwork titles, artists, museum metadata, or other identification candidates.
• Scan uploads are processed for identification and verification and are not used for long-term Arthour backend image storage.
• User scan and notebook photos are not stored in Supabase Storage. Supabase Storage is used for app and content assets.
• Scan and notebook photos saved locally on your device are subject to Arthour’s local retention setting of 30 days, unless you delete them sooner or change available settings.

You should avoid including people, private documents, payment information, health information, or other sensitive information in scan or notebook photos.

3.4 App Activity, Notebook, Visit, and Preference Data

Arthour may process data generated through your use of app features, including:

• Visits, museum or location selections, city names, timestamps, and visit duration.
• Artwork scans, saved artworks, notebook entries, notes, questions, comparisons, and preferences.
• Taste facets, recommendation inputs, recommendation outputs, ranking-related activity, and app interactions.
• Export, delete, sync, and account-management activity.
• Personal ranking information.

Arthour does not publicly show your name, location, or total participant count in rankings. User-created notes, questions, notebook content, scan history, and saved artworks are not published or made visible to other Arthour users.

3.5 Subscription and Purchase Data

Arthour uses Apple StoreKit for subscriptions and in-app purchase management. Apple handles payment processing. Arthour does not directly collect payment card numbers, bank account details, or Apple ID payment credentials.

Arthour may receive and store subscription-related data needed to provide paid access and maintain subscription status, including:

• Product ID.
• Transaction status.
• Original transaction identifiers.
• App account token.
• Subscription start, renewal, expiration, cancellation, or refund status.
• Transaction environment.
• Signed transaction information and related App Store subscription metadata.

3.6 Diagnostics, Logs, and Security Data

We collect limited diagnostic and operational data to keep Arthour secure, reliable, and functional, including:

• Crash and error diagnostics.
• Performance traces.
• Device, app, runtime, and environment metadata.
• Network and app diagnostic breadcrumbs.
• Backend request logs, request IDs, server errors, and security logs.
• IP address, user agent, or similar technical metadata where generated by backend, website, security, or hosting systems.

Sentry is configured not to intentionally receive user email/name, screenshots, view hierarchy, or precise location.

3.7 Support and Privacy Communications

If you contact us by email or through a support or privacy channel, we process:

• Your email address.
• Message content.
• Message metadata.
• Attachments or screenshots you choose to send.
• Information needed to investigate, respond to, and document your request.

Support and privacy emails are retained for 36 months, unless a longer period is required for legal, security, dispute-resolution, or compliance reasons.

3.8 Website Data, Cookies, and Pixels

The Arthour website is hosted on Render. GoDaddy is used for domain services.

The website may process browser and device data, IP address, cookie or pixel identifiers, page views, referral data, approximate location derived from IP address, and interaction events.

The website uses Meta, Google, Pinterest, and TikTok tools for analytics, measurement, advertising, and remarketing. These tools may process website cookie and pixel data according to your cookie choices, applicable law, and the relevant platform terms.

These website analytics, advertising, and remarketing tools are used on the website, not inside the Arthour iOS app. You can manage website cookie and tracking choices through the settings link in the website footer.

4. How We Use Personal Data

We use personal data to:

• Create, authenticate, secure, and manage accounts.
• Provide app features, including scans, notebook, visits, recommendations, rankings, export, sync, and account controls.
• Identify artworks and verify scan results.
• Process subscriptions and enforce subscription access.
• Personalize city, museum, artwork, explanation, and recommendation experiences.
• Save user preferences and app settings.
• Respond to support, privacy, legal, and account requests.
• Send transactional and service emails, such as verification, password reset, account, security, subscription, legal, and service notices.
• Diagnose crashes, bugs, errors, abuse, security incidents, and reliability issues.
• Maintain backend infrastructure, logs, security controls, fraud-prevention controls, and operational integrity.
• Measure and improve website performance, advertising, and marketing effectiveness.
• Comply with legal, tax, accounting, consumer protection, App Store, and regulatory obligations.
• Enforce our rights, protect users, and prevent misuse of Arthour.

Arthour does not send marketing emails and does not use push notifications.

5. Legal Bases for EEA, UK, and Swiss Users

Where the GDPR, UK GDPR, Swiss data protection law, or similar laws apply, we rely on the following legal bases.

Contract

We process personal data as necessary to provide Arthour, including account access, authentication, scans requested by you, sync, notebook features, recommendations, subscriptions, support, and core app functionality.

Consent

We rely on consent where required, including for iOS permissions such as camera, photos, and location; Sign in with Apple where applicable; optional profile choices; website advertising cookies and pixels; and optional information or attachments you choose to provide.

You may withdraw consent where processing is based on consent. Withdrawing consent does not affect processing that occurred before withdrawal.

Legitimate Interests

We process personal data where necessary for legitimate interests, including security, fraud prevention, abuse prevention, diagnostics, service reliability, product improvement, operational logs, and protection of Arthour and its users, provided those interests are not overridden by your rights and freedoms.

Legal Obligations

We process personal data where necessary to comply with legal, tax, accounting, consumer protection, App Store, regulatory, or lawful-request obligations.

We do not rely on vital interests or public task as regular legal bases for Arthour.

6. Service Providers, Processors, and Third Parties

We disclose personal data only as described in this Policy, as needed to provide Arthour, or as required by law.

We use service providers and third parties that help us operate Arthour. Where they process app personal data on our behalf, we require them to protect that data under contractual, technical, and organizational safeguards consistent with this Policy and applicable law. Some providers may also act as independent controllers for their own services, terms, compliance obligations, or platform operations.

Current providers include:

Supabase

Supabase provides authentication, database/backend services, and content asset storage. Supabase Auth processes account and authentication data. Supabase Storage is used for app and content assets, not user scan or notebook photos. Primary project region: West EU / Ireland.

Render

Render provides backend API hosting and website hosting. Primary backend and website region: Frankfurt, Germany. Render may process backend, hosting, and server log data needed to operate the service.

OpenAI

OpenAI may process scan images and candidate artwork context for borderline or uncertain scan verification. We do not intentionally send your email address, name, or precise location to OpenAI for scan verification.

OpenAI API data is not used to train OpenAI models unless we opt in to data sharing. We have not opted in. Under standard API controls, OpenAI may retain API inputs, outputs, and related abuse-monitoring logs for up to 30 days, unless a longer period is required by law or to protect OpenAI’s services or third parties from harm.

Sentry

Sentry provides crash, error, and performance diagnostics. Sentry retention is currently 30 days. Sentry is configured not to intentionally receive user email/name, screenshots, view hierarchy, or precise location.

Apple

Apple provides App Store distribution, StoreKit subscriptions, Sign in with Apple, Apple ID services, and payment processing. Apple may process data as an independent provider under Apple’s own terms and privacy policies.

Resend

Resend provides transactional email delivery only, such as verification, account, password reset, security, subscription, legal, and service emails.

GoDaddy

GoDaddy provides domain services.

Meta, Google, Pinterest, and TikTok

Meta, Google, Pinterest, and TikTok provide website-only analytics, measurement, advertising, and remarketing tools. These tools are not integrated into the Arthour iOS app. They may process website cookie and pixel data according to your choices, applicable law, and their own terms.

We do not authorize app service providers to use Arthour app personal data for their own advertising. Website advertising platforms may process website cookie or pixel data for ads, measurement, and remarketing according to your choices and their own terms.

We may also disclose personal data where necessary to comply with law, enforce our rights, investigate abuse or security incidents, protect users or the public, respond to lawful requests, or support a merger, acquisition, financing, reorganization, or transfer of Arthour, provided the recipient is required to protect personal data consistently with this Policy or you receive appropriate notice.

7. OpenAI and Scan Verification

Arthour may use OpenAI vision models to help verify artwork identification when a scan result is uncertain or borderline.

For this purpose, Arthour may send:

• The scan image.
• Candidate artwork titles.
• Candidate artists.
• Museum, collection, or artwork metadata.
• Other context needed to verify the likely artwork match.

Arthour uses the OpenAI response to improve or confirm the scan result shown to you. This processing does not produce legal or similarly significant effects about you.

You should not include people, private documents, financial information, health information, or sensitive information in scan photos. If you accidentally submit sensitive information in a scan image, you may contact us at privacy@arthour.com.

8. International Transfers

Arthour is operated from Italy and distributed worldwide. Because we use global service providers, personal data may be processed outside your country, including in the European Economic Area, the United Kingdom, Switzerland, the United States, and other locations where our providers operate.

Where required, we rely on appropriate transfer mechanisms, such as adequacy decisions, Standard Contractual Clauses, data processing terms, provider security commitments, and other lawful transfer safeguards.

9. Data Retention

We retain personal data only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted for legal, security, fraud-prevention, tax, accounting, dispute-resolution, backup, App Store, or compliance purposes.

Current retention practices include:

Account Data

Account, profile, preference, notebook, visit, recommendation, ranking, and sync data are retained while your account is active or as needed to provide Arthour.

Deleted Accounts

When you delete your account, Arthour deletes or de-identifies personal data associated with the account, except where retention is required or permitted for legal, security, fraud-prevention, tax, accounting, dispute-resolution, backup, App Store, or compliance purposes.

Deletion may take time to propagate through backups, logs, and third-party processors. Backup copies are retained only for limited operational continuity and are overwritten according to backup cycles.

Local Scan and Notebook Photos

Scan and notebook photos stored locally on your device are retained according to Arthour’s 30-day local retention setting unless you delete them sooner or change available settings.

Transient Scan Uploads

Scan uploads are processed for artwork identification and verification and are not used for long-term Arthour backend image storage.

OpenAI API Inputs and Outputs

OpenAI may retain API inputs, outputs, and related abuse-monitoring logs for up to 30 days under standard API controls, unless a longer period is required by law or needed to protect services or third parties from harm.

Sentry Diagnostics

Sentry diagnostics are retained for 30 days.

Render Logs

Render backend/server logs are retained for 14 days. No Render log stream is configured.

Support and Privacy Emails

Support and privacy emails are retained for 36 months, unless a longer period is required for legal, security, dispute-resolution, or compliance reasons.

Subscription and Accounting Records

Subscription, transaction, refund, tax, accounting, App Store compliance, and fraud-prevention records are retained as required or permitted by applicable law and platform requirements.

Website Cookies and Pixels

Website cookies, pixels, and related identifiers are retained according to website cookie settings, browser controls, consent choices, and the relevant platform terms.

10. Your Controls

You can manage your data through the Arthour app:

• Export data: Profile tab → Settings → Account → Export Data
• Delete account: Profile tab → Settings → Account → Delete
• Update profile data: Profile tab, or Profile tab → Settings
• Clear photos/history: Profile tab → Settings → Account, or Profile tab → Settings → Danger Zone

You can also contact us at privacy@arthour.com.

You can manage iOS permissions, including camera, photos, and location, through iOS Settings. If you revoke a permission, some app features may no longer work until permission is restored or you use an available alternative, such as manually selecting a city.

Subscriptions are managed through Apple’s subscription settings and App Store systems.

For website cookies and tracking, use the settings link in the website footer.

11. Sharing by You

Arthour may allow you to share visit collages, postcards, recaps, or other content using the iOS share sheet. Arthour does not upload or host that shared content first as part of the sharing flow. Once you choose a destination, the privacy practices of that destination apply.

12. What We Do Not Do

Arthour:

• Does not sell app personal data for money.
• Does not collect payment card details directly.
• Does not use IDFA, App Tracking Transparency, or ad networks in the iOS app.
• Does not use the iOS app for targeted advertising or cross-app tracking.
• Does not use website advertising pixels inside the iOS app.
• Does not publish user-created content to other Arthour users.
• Does not publicly show your name, location, or total participant count in rankings.
• Does not intentionally collect sensitive personal data.
• Does not use automated decision-making that produces legal or similarly significant effects.
• Does not send marketing emails.
• Does not use push notifications.
• Does not use OpenAI API data for model training, because OpenAI API data sharing is disabled.

The Arthour website does use advertising and remarketing pixels, which may be considered “sharing,” “targeted advertising,” or similar activity under some privacy laws. You can manage website cookie and tracking choices through the settings link in the website footer.

13. Your Privacy Rights

Depending on where you live, you may have rights to:

• Access personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Delete personal data.
• Export or receive a copy of personal data.
• Restrict certain processing.
• Object to certain processing.
• Withdraw consent where processing is based on consent.
• Opt out of sale, sharing, targeted advertising, or profiling where applicable.
• Appeal a denied privacy request where applicable.
• Be free from discrimination for exercising privacy rights.

EEA, UK, and Swiss users may also lodge a complaint with their local data protection authority. In Italy, this is the Garante per la protezione dei dati personali.

US state residents, including California residents where applicable, may have rights to know, access, delete, correct, obtain portability, opt out of sale, sharing, targeted advertising, or certain profiling, appeal denied requests, and be free from discrimination for exercising privacy rights.

You may exercise rights through in-app controls or by emailing privacy@arthour.com. We may need to verify your identity before fulfilling a request. If permitted by applicable law, an authorized agent may submit a request on your behalf, but we may require proof of authorization and verification of your identity.

Some data may not be deleted immediately or completely where retention is required or permitted for legal, security, fraud-prevention, tax, accounting, dispute-resolution, backup, App Store, or compliance purposes.

14. Security

Arthour uses HTTPS/TLS for data in transit. We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Data stored or processed by Supabase, Render, Sentry, Resend, OpenAI, Apple, GoDaddy, and other infrastructure providers is protected according to those providers’ security controls, which may include encryption at rest, access controls, monitoring, and operational security safeguards.

No method of transmission or storage is completely secure. Arthour cannot guarantee absolute security.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the app, website, email, App Store release notes, or another appropriate method.

The effective date above shows when this Policy applies.

16. Contact

For privacy requests or questions, contact:

Giulio Pozio
Via Ennio Quirino Visconti 8
00193 Roma, Italia
Email: privacy@arthour.com

For support: support@arthour.com