Privacy Policy

This Privacy Policy describes how Artyflow AB ("Artyflow", "we", "our", or "us") collects, uses, and protects the personal data of Clients and Users ("you") when using the Artyflow platform (the "Platform"). We are committed to protecting your privacy and handling your personal data responsibly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Who We Are

Artyflow AB

Org. no: 559525-4615

Email: contact@artyflow.com

Website: www.artyflow.com

Artyflow acts as the data controller when determining the purpose and means of processing your personal data on the Platform.

2. What Information We Collect

We may collect the following types of personal data:

• Identity Data: Name, email address, company name, role/title
• Account Data: Login credentials (hashed), user permissions, license allocation
• Usage Data: Task activity, login timestamps, platform engagement
• Technical Data: Device type, operating system, browser type, IP address
• Support Data: Communication with customer support, feedback, bug reports

Google Sign-In

Artyflow uses Google OAuth (via Supabase Auth) as the primary sign-in method. When you log in with Google, we receive your name, email address, and profile picture from your Google account. This data is used solely to create and identify your account within the Platform. We do not access your Google Drive, Gmail, or any other Google services. Google's handling of your data is governed by Google's Privacy Policy.

We do not collect or process sensitive personal data (e.g. health data, political views).

3. How We Use Your Data

We process personal data to:

• Provide access to and functionality within the Platform
• Notify you of tasks, updates, or account activity
• Personalize features and recommendations
• Improve the Platform through analytics and feedback
• Respond to support inquiries and troubleshoot issues
• Comply with legal obligations

We do not sell or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We rely on the following legal bases:

• Contractual necessity: To provide the Platform to you or your organization
• Legitimate interests: To improve, maintain, and secure our Platform
• Consent: For cookies and optional analytics (where applicable)
• Legal obligation: When required by law (e.g. accounting or fraud prevention)

5. Data Sharing

We may share data with trusted service providers (e.g. Supabase, Expo, hosting providers, analytics tools) who process data on our behalf. These providers are contractually bound to comply with GDPR.

5a. Third-Party Platform Integrations

Artyflow integrates with third-party platforms to provide analytics and insights on behalf of our users. These integrations are optional and require explicit authorization from the account holder.

TikTok

When a user connects a TikTok account, Artyflow retrieves the following data via TikTok's official API:

• Display name, username, and profile avatar
• Follower count, following count, total likes, and video count
• Public video list including titles, thumbnails, view counts, likes, comments, and shares

This data is used solely to display creator analytics within the Artyflow platform. It is not shared with third parties or used for advertising. Users may disconnect their TikTok account at any time via platform settings, after which no new data will be fetched. TikTok data is governed by TikTok's Privacy Policy.

YouTube

When a user connects a YouTube channel, Artyflow retrieves the following data via YouTube's Data API:

• Channel name, handle, and URL
• Subscriber count, total views, and video count
• Recent public videos including titles, thumbnails, and engagement statistics

This data is used solely to display channel analytics within the Artyflow platform. Users may disconnect their YouTube channel at any time via platform settings. YouTube data is governed by Google's Privacy Policy.

Spotify

When a user connects a Spotify artist profile, Artyflow retrieves follower count, popularity score, and streaming statistics via Spotify's API. This data is used solely to display artist analytics within the platform. Spotify data is governed by Spotify's Privacy Policy.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

• Data related to active user accounts is retained throughout the subscription period.
• Inactive or deleted accounts are anonymized or deleted within 90 days unless otherwise agreed.
• When a Client's data is deleted, all Users linked exclusively to that Client will also be deleted. However, if a User is associated with multiple Clients, only the data related to the terminated Client will be deleted; data linked to other active Clients will remain unaffected.

7. International Transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or transfers to countries deemed adequate by the European Commission.

8. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Data portability
• Withdraw consent (where applicable)

To exercise your rights, contact us at legal@artyflow.com. We will respond within 30 work days.

Account Deletion

You may permanently delete your account directly within the Artyflow app. Navigate to Profile → Delete Account to initiate the deletion process.

Upon deletion, all personal data associated with your account — including your profile, activity history, and created content — is permanently and irreversibly removed. This action cannot be undone.

If your account is linked to an organization, data shared within that organization may be retained until the organization's account is terminated.

9. Cookies & Analytics

Artyflow uses strictly necessary cookies to operate the Platform and optional analytics cookies only with your explicit consent. Necessary cookies are required for core website functionality and cannot be disabled.

Analytics cookies are activated only after you provide consent via the cookie banner. You may refuse non-essential cookies or withdraw your consent at any time through the cookie settings available on our website.

Google Analytics & Google Tag Manager

We use Google Tag Manager (GTM) to manage website scripts and Google Analytics 4 (GA4) to collect pseudonymized usage data about how visitors interact with our website.

This may include information such as:

• Pages visited
• Time spent on the site
• Referring sources
• Device and browser type
• General geographic location (country or city level)

Google Analytics uses cookies and similar technologies to collect this information. No Google Analytics tracking is activated unless you accept non-essential cookies in the cookie banner. If you reject non-essential cookies in the cookie banner, no Google Analytics tracking will take place.

Data collected through Google Analytics is processed by Google LLC. This may involve transfers of personal data outside the EU/EEA. Where such transfers occur, appropriate safeguards are implemented, including Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms.

We have configured Google Analytics 4 to minimize data collection, including IP anonymization and limited data retention settings.

For more information about how Google processes personal data, please refer to Google's Privacy Policy.

10. Data Security

We implement appropriate technical and organizational security measures including:

• Encrypted connections (SSL/TLS)
• Role-based access control
• Secure authentication and session handling
• Regular monitoring and backups

11. Contact

If you have questions, requests, or concerns about this Privacy Policy or how we handle your data, contact:

12. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be published on our website, and where appropriate, notified to you via email or through the Platform.