Privacy Notice

Last updated: May 29, 2026

1. Who we are

Artefact is operated by Shane Paola (the "Seller", "we", "us"), acting as data controller for personal data processed through the Artefact service at useartefact.com.

2. Data we collect

• Account data: email address, hashed password, display name.
• Content: HTML artefacts you upload, guest passwords (hashed), comments, pins, and annotations.
• Usage data: log records, IP address, user agent, timestamps, and feature interactions.
• Support data: messages you send us.
• Billing data: handled by Paddle (see Section 5); we receive only the transaction ID, amount, currency, and invoice number.

3. Purposes & legal basis

• Provide and operate the service — performance of contract.
• Account security, abuse and fraud prevention — legitimate interests.
• Customer support — performance of contract / legitimate interests.
• Service improvement and analytics — legitimate interests.
• Legal and tax compliance — legal obligation.

4. Data sharing

We share personal data only with:

• Subprocessors that host and operate the service (cloud infrastructure, database, email delivery).
• Paddle.com Market Limited, our Merchant of Record, for processing payments, subscription management, tax compliance, and invoicing.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law.

5. Payments & Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders and is responsible for collecting your payment data, handling tax, issuing invoices, and processing refunds. See Paddle's privacy notice.

6. Retention

We retain account and content data for as long as your account is active, and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. Billing records are retained as required by applicable tax law (typically up to 10 years).

7. Your rights

You may request access to, correction of, deletion of, restriction of, or portability of your personal data, and may object to certain processing or withdraw consent at any time. EEA/UK residents may also lodge a complaint with their local supervisory authority. We respond within one month.

8. International transfers

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

9. Security

We use appropriate technical and organisational measures, including encryption in transit, hashed passwords, access controls, and audit logging.

10. Cookies

We use strictly necessary cookies for authentication and security. We do not run advertising cookies.

11. Contact

For privacy questions or to exercise your rights, contact Shane Paola via the support email shown on your invoice or order receipt.

← Back home