ARTi Privacy Policy
This Privacy Policy explains how E1 Technology Inc. ("ARTi", "we", "us") collects, uses, shares, and protects information when you use the ARTi mobile application and related services (the "Service"). By using ARTi you agree to this Policy.
If you do not agree, do not use the Service.
1. Who we are
The Service is provided by E1 Technology Inc., a Delaware corporation headquartered at 7650 Girard Ave, Ste 300, La Jolla, CA 92037, United States.
Privacy contact: privacy@arti.social
General contact: support@arti.social
Postal: see address above.
2. Who can use ARTi
ARTi is intended for users aged 13 and older. During registration, you select your age band — under 13, 13–15, 16–17, or 18+. Users who select under 13 cannot create an account. We do not collect or store your exact date of birth.
For users between 13 and the local digital-consent age (16 in the EU under GDPR Art. 8, with national variations — for example 14 in Spain, 13 in Belgium, 15 in France), a parent or legal guardian must review and accept our Terms of Service before the user creates an account. We rely on the registration flow's parental-consent acknowledgement to satisfy GDPR-K and COPPA verifiable parental consent.
3. Data we collect
3.1 Information you give us
| Category | Specific data | Why |
|---|---|---|
| Account | Email address, username/handle, display name, age band you select at signup (13–15, 16–17, or 18+ — not exact date of birth) | Account creation, authentication, age compliance |
| Profile | Interests, language preference | Personalization of the experience |
| User content | Posts, comments, reflections, fun facts, glossary entries, quizzes, AI-generated assets you save (images, videos, infographics, games), text prompts you submit to the AI chat, and any photos or images you choose to upload as visual reference for AI generation | Core functionality of the Service |
3.2 Information collected automatically
| Category | Specific data | Why |
|---|---|---|
| Identifiers | A pseudonymous app-generated User ID and Device ID (anonymous_id) | Authentication, session management, analytics |
| Usage data | Events such as screen views, taps, sessions, content interactions, gem and streak movements, leaderboard activity (full event list available on request) | Product improvement, feature analytics, abuse detection |
| Technical | Device type, OS version, app version, language and region settings, approximate country inferred from network/IP | Compatibility, regional content, fraud prevention |
| Diagnostics | Crash reports and error logs collected via Sentry | Stability, bug fixing |
| Push token | A device push token — from Apple Push Notification service (APNs) on iOS, or Firebase Cloud Messaging (FCM) on Android — only after you grant permission | Sending notifications you opt into |
| Purchases | Apple StoreKit (iOS) or Google Play Billing (Android) transaction ID, product ID, and entitlement state — never card numbers | Subscription management |
3.3 What we do not collect
- Date of birth. We ask for your age band only (under 13, 13–15, 16–17, or 18+) — we do not collect or store your exact date of birth.
- Precise location (no GPS).
- Phone numbers.
- Audio recordings or voice transcriptions.
- Contacts.
- Browsing or search history outside the app.
- Health, financial, or biometric data.
- Advertising identifiers (the IDFA or Android Advertising ID). ARTi does not request App Tracking Transparency (ATT), does not use advertising identifiers, and does not track you across other companies' apps or websites.
4. How we use information
We use information to:
- Provide and maintain the Service.
- Authenticate users and secure accounts.
- Personalize the experience (suggested topics, language).
- Process subscriptions and Gem economy.
- Generate AI content from your text prompts and from any photos or images you choose to upload as visual reference.
- Detect and prevent abuse, spam, fraud, and Community Guidelines violations.
- Respond to support and legal requests.
- Comply with legal obligations.
4.1 Marketing communications
We may use your email address to send you marketing communications about ARTi — new features, content highlights, subscription offers, and product updates. This is first-party marketing only: it is sent by ARTi about ARTi.
- You can opt out of marketing emails at any time using the unsubscribe link at the bottom of every marketing email, or by writing to privacy@arti.social.
- Opting out of marketing does not affect transactional or service emails (account, security, subscription, legal, abuse reports).
- For users in the EEA, UK, and Switzerland, our legal basis for first-party marketing to existing users is legitimate interests under GDPR Art. 6(1)(f) and Recital 47 (soft opt-in for similar products). You may object at any time under Art. 21.
4.2 What we don't do with your information
- We do not share your email or any other personal data with third parties for their own advertising or marketing.
- We do not engage in cross-context behavioral advertising.
- We do not use the IDFA or Android Advertising ID and do not request App Tracking Transparency (ATT).
- We do not track you across other companies' apps or websites.
- We do not sell or rent personal information as defined by the CCPA / CPRA.
5. Service providers and sub-processors
We share data only with the following providers, all of whom are bound by data-processing agreements:
| Provider | Role | Data shared |
|---|---|---|
| Supabase, Inc. (United States) | Hosted database, authentication, file storage, edge functions | All account, profile, content, and usage data |
| Amazon Web Services, Inc. (AWS) (United States) | Cloud infrastructure underpinning Supabase and our website | Encrypted at-rest data; we do not access AWS data directly |
| Apple Inc. (United States) | Sign in with Apple, Apple Push Notification service, StoreKit | Apple ID identifier, push token, subscription transaction info |
| Google LLC (United States) — Gemini, Imagen, and Veo APIs | AI generation of text, images, and videos from your prompts; analysis of photos you upload as visual reference | The text prompt you submit, plus any photo or image you choose to upload as visual input. No email, name, User ID, location, or any other personal identifier is sent alongside. See §6 below for the full disclosure and consent flow. |
| OpenAI, L.L.C. (United States) — image and sticker generation API | AI generation of stylized stickers and images from your prompts | The text prompt you submit, plus any photo or image you choose to upload as visual input. No email, name, User ID, location, or any other personal identifier is sent alongside. See §6 below for the full disclosure and consent flow. |
| Pexels (Canva Inc.) (United States) | Stock-video library used for foundational content | HTTP requests only (no identity or user data) |
| Sentry (Functional Software, Inc.) (United States) | Crash and error reporting | Crash stack traces, device model, OS version, app version, anonymous user ID |
| Google LLC (United States) — Google Play Billing and Firebase Cloud Messaging | Android subscription billing and Android push notifications | Subscription transaction info (Android); the FCM device push token, only after you grant notification permission |
| Resend (Resend, Inc.) (United States) | Transactional and marketing email delivery | Your email address, display name, and the subscription/receipt details included in the relevant email |
| Slack (Slack Technologies, LLC, a Salesforce company) (United States) | Internal content-moderation and support operations (handling of reports and in-app feedback) | When you submit a report or feedback: the reporter and reported usernames/handles and report metadata, or your feedback message — not your email or other account identifiers |
6. AI services — what we send, where it goes, and your consent
ARTi uses third-party AI services to generate visual content (images, videos, infographics, games) and to power the AI chat experience. To do this, your text prompts — and, when you choose, photos or images you upload as visual reference — are sent over the network to AI providers operated by Google LLC and OpenAI, L.L.C. This section explains exactly what is sent, to whom, and how you give and withdraw your consent.
6.1 What we send
- The text prompt you type. When you tap "Create" and submit a prompt to generate an image, infographic, video, or game — or when you send a message in the AI chat — the prompt text is transmitted to the AI provider over HTTPS.
- Any photo or image you choose to upload as visual reference. When you explicitly pick a photo from your camera roll, take a new photo, or upload an image as visual input to an AI generation flow, that image is transmitted along with your prompt to the AI provider. Photo or image upload is always opt-in and per-action — we never read your camera roll without your tapping to select a specific image, and AI generation works without uploading anything.
- No personal identifiers alongside the prompt or image. We do not send your email address, your username, your display name, your User ID, your Device ID, your age band, your location, or your device data alongside the prompt. EXIF metadata on uploaded images (which can contain location and device information) is stripped before the image is sent.
- No prior conversation history beyond the immediate session context the AI needs to respond. Cross-session history is not transmitted.
- No audio, no video, no files other than the image you explicitly select. ARTi does not access your microphone or arbitrary files on your device.
6.2 Where it goes
| Provider | Used for | What they receive |
|---|---|---|
| Google LLC (United States) — Gemini, Imagen, Veo APIs | Text, image, and video content generation; the AI chat companion; analysis of photos you upload as visual reference | Your text prompt, plus any photo or image you upload as visual input (EXIF metadata stripped before sending). Governed by Google's AI / ML Service Specific Terms. Under those terms, prompts and images submitted via the API are not used to train Google's commercial models. |
| OpenAI, L.L.C. (United States) — image and sticker generation API | Stylized stickers and images | Your text prompt, plus any photo or image you upload as visual input (EXIF metadata stripped before sending). Governed by OpenAI's API data usage policies. Under those policies, prompts and images submitted via the API are not used to train OpenAI's models. |
Both providers handle your prompts and uploaded images under their own privacy and data-retention policies. ARTi does not retain your prompts or uploaded images on our servers after the AI response is delivered.
6.3 Your consent — required before we send anything
The first time you tap an AI feature (Create → AI generation, or the AI chat), the app shows a consent screen that explains:
- What data will be sent (your text prompt and, when you choose to upload one, the photo or image you select as visual reference)
- Who it will be sent to (Google LLC and/or OpenAI, L.L.C.)
- For what purpose (to generate the content you requested)
- That you can revoke consent at any time
You must explicitly accept the consent before any prompt or image is transmitted to an AI provider. Until you accept, AI features are unavailable. Uploading a photo is always optional and a separate, deliberate action on your part — there is no automatic camera-roll access.
6.4 Withdrawing consent
You can revoke your AI-services consent at any time in Settings → Privacy → AI Services. When you withdraw consent:
- AI features (Create → image/video/infographic/game; AI chat) become unavailable until you re-consent.
- The free, non-AI content types remain available: Reflection, Fun Fact, Quiz, and Glossary.
- Content you already created with AI is not deleted (you can delete individual items via the content detail screen).
- Withdrawing consent does not affect any other parts of the Service.
6.5 Using ARTi without AI
You can use ARTi without ever consenting to AI services. You can still create free text-based content (Reflection, Fun Fact, Quiz, Glossary), engage with the community via likes and comments, participate in projects, manage your subscription, and use every other non-AI feature. Consent to AI services is required only for the AI generation and AI chat features themselves.
7. Legal bases (GDPR / UK GDPR)
For users in the European Economic Area, the United Kingdom, and Switzerland we process personal data under one or more of:
- Performance of a contract — providing the Service you signed up for.
- Legitimate interests — security, fraud prevention, product analytics, AI service operation. You may object at any time.
- Consent — push notifications, optional analytics where required.
- Compliance with legal obligations — tax, anti-fraud, response to lawful requests.
- Verifiable parental consent for users below the local digital age (GDPR Art. 8).
8. Your rights
Depending on where you live, you have some or all of the following rights. To exercise them write to privacy@arti.social.
8.1 GDPR / UK GDPR
Access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with your supervisory authority (e.g., the ICO in the UK, the AEPD in Spain, the CNIL in France). We respond within one month.
We have not designated an EU representative under GDPR Art. 27 because the Service is not targeted at EU data subjects on a large scale. If our user base composition changes, we will appoint one.
8.2 California (CCPA / CPRA)
You have the right to know, access, correct, delete, and to opt out of the sale or sharing of personal information, to limit the use of sensitive personal information, to non-discrimination for exercising your rights, and to designate an authorized agent.
ARTi does not sell or share personal information as defined by CCPA / CPRA, and we do not use personal information for cross-context behavioral advertising. Our optional "Your Privacy Choices" disclosure is contained in this section.
8.3 Mexico (LFPDPPP)
You have ARCO rights (Acceso, Rectificación, Cancelación, Oposición). We respond within 20 business days. The Spanish-language Privacy Notice ("Aviso de Privacidad") is available at https://legal.arti.social/es/privacy-policy.
8.4 Colombia (Ley 1581 / Habeas Data)
You may consult, update, rectify, suppress, or revoke authorization for the treatment of your personal data, request proof of authorization granted, and submit complaints to the Superintendencia de Industria y Comercio (SIC). E1 Technology Inc. acts as the data controller ("responsable del tratamiento"); Supabase and AWS act as data processors ("encargados").
8.5 Brazil (LGPD)
Confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, withdrawal of consent. Complaints can be directed to the ANPD.
9. International transfers
ARTi operates from the United States. By using the Service, you understand your data will be transferred to and processed in the United States. We rely on:
- The EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. DPF (where certified).
- Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement, including supplementary technical and organizational measures.
10. Retention
| Data | Retention |
|---|---|
| Account and profile | While the account is active |
| User content | Until you delete it or the account is closed |
| Chat prompts | Processed in real time; not retained on our servers after the AI response |
| Photos / images you upload as visual reference for AI generation | Sent to the AI provider for that one request; not retained on our servers. EXIF metadata stripped before sending. Subject to the AI provider's own retention policy. |
| Event logs | Up to 24 months identifiable, then anonymized or deleted |
| Inactive accounts | Auto-deleted after 36 months of inactivity, unless legally required to retain |
| Encrypted backups | Cleared within 30 days of deletion |
| Records of consent and Terms acceptance | Lifetime of the account plus statutory limitation periods |
When you delete your account, your private data is removed; public content you posted may remain on the platform with attribution removed.
11. Security
We use TLS in transit, encryption at rest, scoped database access, audit logging, rate limiting on sensitive endpoints, and least-privilege practices. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you in line with applicable law.
12. Children
We block accounts for users under 13 at registration. For users 13 to the local digital-consent age, we require a parent or guardian to review and accept our Terms on the user's behalf. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, write to privacy@arti.social and we will investigate and delete it.
13. Changes to this Policy
We will update the "Last updated" date and, for material changes, give in-app or email notice at least 14 days before the change takes effect. Continued use of the Service after the change constitutes acceptance.
14. Contact
E1 Technology Inc.
7650 Girard Ave, Ste 300
La Jolla, CA 92037, United States
privacy@arti.social · support@arti.social