Privacy Policy

1. Controller

Christopher De Oliveira Eberhard
c/o Impressumservice Dein-Impressum
Stettiner Straße 41
35410 Hungen
Germany
Email: legal@artmakers.app

2. Data collected and purposes

Sign-in via X (Twitter)

ArtMakers uses X (Twitter) exclusively for authentication. When you sign in, the following data is transmitted by X and stored: X username, display name, profile image URL, and a unique user ID. This data is required to provide the service (Art. 6(1)(b) GDPR).

User-uploaded content

Artworks and images you upload are stored on Cloudflare R2 infrastructure. Processing is carried out for the performance of the contract (Art. 6(1)(b) GDPR).

Error reporting and diagnostics

We use Sentry (Sentry Inc., USA) for quality assurance. When errors occur, technical data such as browser type, operating system, URL, and user ID may be transmitted. The legal basis is our legitimate interest in the stability of the service (Art. 6(1)(f) GDPR). Sentry is certified under the EU–US Data Privacy Framework.

Server logs and hosting

The frontend is hosted via Vercel Inc. (USA) and the backend via Railway Corp. (USA). When you access the platform, technical data (IP address, timestamp, requested URL, HTTP status codes) is automatically stored in server logs. The legal basis is our legitimate interest in secure operation (Art. 6(1)(f) GDPR). Both providers are certified under the EU–US Data Privacy Framework.

3. Disclosure to third parties

Data is only shared with the service providers listed above (X/Twitter, Cloudflare, Sentry, Vercel, Railway) as part of the respective data processing agreements. No further disclosure to third parties takes place unless we are legally required to do so.

4. Retention

User data is stored for as long as an active account exists. After account deletion, personal data is removed within 30 days unless statutory retention obligations apply. Server logs are automatically deleted after 30 days.

5. Your rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

To exercise these rights, contact: legal@artmakers.app

You also have the right to lodge a complaint with the competent data protection supervisory authority. The competent authority for Hesse is the Hessian Commissioner for Data Protection and Freedom of Information (Hessischer Beauftragter für Datenschutz und Informationsfreiheit).

6. Cookies and local storage

ArtMakers uses technically necessary cookies and session storage solely for authentication (session token). No tracking or advertising cookies are used. Consent is not required for technically necessary cookies (§ 25(2) TDDDG).