Skip to content
Craftlog

Privacy Policy

Last updated: April 2025

Craftlog, Inc. (“Craftlog,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at craftlog.io and related services.

1. Information We Collect

  • Account information: name, email address, phone number, gallery or studio name
  • Collector information: name, email, shipping addresses (entered by galleries on behalf of collectors)
  • Artwork data: titles, descriptions, dimensions, images, edition details, provenance records
  • Production data: milestone updates, photos, notes posted by foundries and studios
  • Payment information: processed by Stripe. We do not store credit card numbers.
  • Usage data: pages visited, features used, device and browser information
  • Cookies: session management and authentication only. No advertising cookies.

2. How We Use Your Information

  • Provide and maintain the Craftlog platform
  • Send transactional emails (edition assignments, production updates, certificate delivery)
  • Send gallery-mediated broadcast communications (only with gallery authorization)
  • Process subscription payments
  • Improve our platform and develop new features
  • Respond to customer support requests
  • Comply with legal obligations

3. How We Share Your Information

  • With galleries: collector data is shared only with the galleries that created the collector relationship
  • With collectors: artwork information, production updates, and certificates are shared as directed by the gallery
  • With foundries and studios: only artwork and production job details relevant to their assigned work
  • With service providers: Stripe (payments), SendGrid (email), Cloudflare (hosting and storage), Railway (infrastructure)
  • We never sell personal information to third parties
  • We never share collector data between galleries unless explicitly authorized
  • We may disclose information if required by law

4. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion request
  • Provenance records: retained permanently by design. Append-only records are central to the platform's purpose.
  • Production updates and photos: retained as long as the associated edition record exists
  • Payment records: retained as required by financial regulations

5. Data Security

  • All data transmitted over HTTPS
  • Database access restricted to authorized services only
  • Passwords hashed using industry-standard algorithms
  • File storage secured with signed URLs (15-minute expiry)
  • Regular security reviews

6. Your Rights

  • Access: request a copy of your personal data at any time
  • Correction: update inaccurate information through your account settings or by contacting us
  • Deletion: request deletion of your personal data. Note: provenance records may be anonymized rather than deleted to preserve artwork history.
  • Export: download all your data at any time through the platform's data export feature
  • Opt-out: unsubscribe from non-transactional emails at any time

7. Collectors' Privacy

  • Collectors' personal information is managed by their gallery
  • Collectors can request data deletion through their gallery or by contacting us directly
  • Collector data is never shared between galleries
  • Collectors can view and manage their notification preferences

8. International Data

  • Craftlog is operated from the United States
  • By using our platform, you consent to the transfer of your information to the United States
  • We comply with applicable data protection laws

9. Children's Privacy

  • Craftlog is not intended for individuals under 18 years of age
  • We do not knowingly collect personal information from children

10. Changes to This Policy

  • We may update this Privacy Policy from time to time
  • We will notify registered users of material changes via email
  • Continued use after changes constitutes acceptance

11. Contact