ARTi Privacy Policy
This Privacy Policy explains how E1 Technology Inc. ("ARTi", "we", "us") collects, uses, shares, and protects information when you use the ARTi mobile application and related services (the "Service"). By using ARTi you agree to this Policy.
If you do not agree, do not use the Service.
1. Who we are
The Service is provided by E1 Technology Inc., a Delaware corporation headquartered at 7650 Girard Ave, Ste 300, La Jolla, CA 92037, United States.
Privacy contact: privacy@arti.social
General contact: support@arti.social
Postal: see address above.
2. Who can use ARTi
ARTi is intended for users aged 13 and older. Users under 13 cannot create an account; if we learn we have collected data from a user under 13, we delete it.
For users between 13 and the local digital-consent age (16 in the EU under GDPR Art. 8, with national variations — for example 14 in Spain, 13 in Belgium, 15 in France), a parent or legal guardian must review and accept our Terms of Service before the user creates an account. We rely on the registration flow's parental-consent acknowledgement to satisfy GDPR-K and COPPA verifiable parental consent.
3. Data we collect
3.1 Information you give us
| Category | Specific data | Why |
|---|---|---|
| Account | Email address, username/handle, display name, age band (13–15, 16–17, 18+) | Account creation, authentication, age compliance |
| Profile | Interests, language preference | Personalization of the experience |
| User content | Posts, comments, reflections, fun facts, glossary entries, quizzes, AI-generated assets you save (images, videos, infographics, games), text prompts you submit to the AI chat | Core functionality of the Service |
3.2 Information collected automatically
| Category | Specific data | Why |
|---|---|---|
| Identifiers | A pseudonymous app-generated User ID and Device ID (anonymous_id) | Authentication, session management, analytics |
| Usage data | Events such as screen views, taps, sessions, content interactions, gem and streak movements, leaderboard activity (full event list available on request) | Product improvement, feature analytics, abuse detection |
| Technical | Device type, OS version, app version, language and region settings, approximate country inferred from network/IP | Compatibility, regional content, fraud prevention |
| Diagnostics | Crash reports and error logs collected via Sentry | Stability, bug fixing |
| Push token | Apple Push Notification service (APNs) device token, only after you grant permission | Sending notifications you opt into |
| Purchases | Apple StoreKit transaction ID, product ID, and entitlement state — never card numbers | Subscription management |
3.3 What we do not collect
- Precise location (no GPS).
- Phone numbers.
- Audio recordings or voice transcriptions.
- Photos or videos uploaded from your device. Visual content on ARTi is generated by AI from your text prompts; we do not collect or store images, videos, or media you upload from your camera roll.
- Contacts.
- Browsing or search history outside the app.
- Health, financial, or biometric data.
- The IDFA. ARTi does not request App Tracking Transparency (ATT) and does not track you across other companies' apps or websites.
4. How we use information
We use information to:
- Provide and maintain the Service.
- Authenticate users and secure accounts.
- Personalize the experience (suggested topics, language).
- Process subscriptions and Gem economy.
- Generate AI content from your text prompts.
- Detect and prevent abuse, spam, fraud, and Community Guidelines violations.
- Respond to support and legal requests.
- Comply with legal obligations.
4.1 Marketing communications
We may use your email address to send you marketing communications about ARTi — new features, content highlights, subscription offers, and product updates. This is first-party marketing only: it is sent by ARTi about ARTi.
- You can opt out of marketing emails at any time using the unsubscribe link at the bottom of every marketing email, or by writing to privacy@arti.social.
- Opting out of marketing does not affect transactional or service emails (account, security, subscription, legal, abuse reports).
- For users in the EEA, UK, and Switzerland, our legal basis for first-party marketing to existing users is legitimate interests under GDPR Art. 6(1)(f) and Recital 47 (soft opt-in for similar products). You may object at any time under Art. 21.
4.2 What we don't do with your information
- We do not share your email or any other personal data with third parties for their own advertising or marketing.
- We do not engage in cross-context behavioral advertising.
- We do not use the IDFA and do not request App Tracking Transparency (ATT).
- We do not track you across other companies' apps or websites.
- We do not sell or rent personal information as defined by the CCPA / CPRA.
5. Service providers and sub-processors
We share data only with the following providers, all of whom are bound by data-processing agreements:
| Provider | Role | Data shared |
|---|---|---|
| Supabase, Inc. (United States) | Hosted database, authentication, file storage, edge functions | All account, profile, content, and usage data |
| Amazon Web Services, Inc. (AWS) (United States) | Cloud infrastructure underpinning Supabase and our website | Encrypted at-rest data; we do not access AWS data directly |
| Apple Inc. (United States) | Sign in with Apple, Apple Push Notification service, StoreKit | Apple ID identifier, push token, subscription transaction info |
| Google LLC (United States) | Gemini, Imagen, and Veo APIs for AI content generation | Text prompts you submit to the AI chat (no identity data is included) |
| OpenAI, L.L.C. (United States) | Image and sticker generation API | Text prompts (no identity data is included) |
| Pexels (Canva Inc.) (United States) | Stock-video library used for foundational content | HTTP requests only (no identity or user data) |
| Sentry (Functional Software, Inc.) (United States) | Crash and error reporting | Crash stack traces, device model, OS version, app version, anonymous user ID |
6. Legal bases (GDPR / UK GDPR)
For users in the European Economic Area, the United Kingdom, and Switzerland we process personal data under one or more of:
- Performance of a contract — providing the Service you signed up for.
- Legitimate interests — security, fraud prevention, product analytics, AI service operation. You may object at any time.
- Consent — push notifications, optional analytics where required.
- Compliance with legal obligations — tax, anti-fraud, response to lawful requests.
- Verifiable parental consent for users below the local digital age (GDPR Art. 8).
7. Your rights
Depending on where you live, you have some or all of the following rights. To exercise them write to privacy@arti.social.
7.1 GDPR / UK GDPR
Access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with your supervisory authority (e.g., the ICO in the UK, the AEPD in Spain, the CNIL in France). We respond within one month.
We have not designated an EU representative under GDPR Art. 27 because the Service is not targeted at EU data subjects on a large scale. If our user base composition changes, we will appoint one.
7.2 California (CCPA / CPRA)
You have the right to know, access, correct, delete, and to opt out of the sale or sharing of personal information, to limit the use of sensitive personal information, to non-discrimination for exercising your rights, and to designate an authorized agent.
ARTi does not sell or share personal information as defined by CCPA / CPRA, and we do not use personal information for cross-context behavioral advertising. Our optional "Your Privacy Choices" disclosure is contained in this section.
7.3 Mexico (LFPDPPP)
You have ARCO rights (Acceso, Rectificación, Cancelación, Oposición). We respond within 20 business days. The Spanish-language Privacy Notice ("Aviso de Privacidad") is available at https://arti.social/privacy.
7.4 Colombia (Ley 1581 / Habeas Data)
You may consult, update, rectify, suppress, or revoke authorization for the treatment of your personal data, request proof of authorization granted, and submit complaints to the Superintendencia de Industria y Comercio (SIC). E1 Technology Inc. acts as the data controller ("responsable del tratamiento"); Supabase and AWS act as data processors ("encargados").
7.5 Brazil (LGPD)
Confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, withdrawal of consent. Complaints can be directed to the ANPD.
8. International transfers
ARTi operates from the United States. By using the Service, you understand your data will be transferred to and processed in the United States. We rely on:
- The EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. DPF (where certified).
- Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement, including supplementary technical and organizational measures.
9. Retention
| Data | Retention |
|---|---|
| Account and profile | While the account is active |
| User content | Until you delete it or the account is closed |
| Chat prompts | Processed in real time; not retained after the response |
| Event logs | Up to 24 months identifiable, then anonymized or deleted |
| Inactive accounts | Auto-deleted after 36 months of inactivity, unless legally required to retain |
| Encrypted backups | Cleared within 30 days of deletion |
| Records of consent and Terms acceptance | Lifetime of the account plus statutory limitation periods |
When you delete your account, your private data is removed; public content you posted may remain on the platform with attribution removed.
10. Security
We use TLS in transit, encryption at rest, scoped database access, audit logging, rate limiting on sensitive endpoints, and least-privilege practices. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you in line with applicable law.
11. Children
We block accounts for users under 13 at registration. For users 13 to the local digital-consent age, we require a parent or guardian to review and accept our Terms on the user's behalf. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, write to privacy@arti.social and we will investigate and delete it.
12. Changes to this Policy
We will update the "Last updated" date and, for material changes, give in-app or email notice at least 14 days before the change takes effect. Continued use of the Service after the change constitutes acceptance.
13. Contact
E1 Technology Inc.
7650 Girard Ave, Ste 300
La Jolla, CA 92037, United States
privacy@arti.social · support@arti.social