Privacy Policy

ArtistGuard (artistguard.app) takes privacy seriously. We collect only what we need to run the service, we don't sell your data, and we don't use tracking or analytics cookies. This Policy explains what we collect, why, and how we handle it.

By using ArtistGuard, you consent to the practices described here. We act as the data controller for personal data collected through the service. If you have questions, reach out at [email protected].

We may update this Privacy Policy from time to time. Changes take effect when posted. Your continued use of the service after the effective date means you accept the updated Policy.

We collect only what is necessary to operate ArtistGuard securely and reliably:

• Account data: your email address, display name, and (if you set one) a password stored as a bcrypt hash. Never plain text.
• Session data: IP address, browser user agent, and a hashed session token stored in an HttpOnly cookie. Used to keep you authenticated and to detect unusual activity.
• Usage data: the artists you add for monitoring, detected metadata changes, and API key activity logs. This is the core of the service.

We do not use analytics tools. We do not track visitors across sites. We do not collect any information beyond what is listed above.

The data we collect is used to:

• Deliver and maintain the monitoring and alerting service
• Keep you authenticated and your account secure
• Send transactional emails: change alerts, account verification, and similar notifications
• Detect and prevent fraud, abuse, and Terms violations
• Comply with legal obligations

We do not use your data for advertising. We do not sell it to anyone.

We use a single cookie:

• ag_token: an HttpOnly session cookie set when you log in. It is required for authentication and cannot be accessed by JavaScript. It expires when you log out or when the session ends server-side.

We do not use analytics cookies, tracking cookies, or any third-party cookies beyond what Cloudflare may set for network routing and DDoS protection purposes. Those are technically necessary and outside our control. You can review Cloudflare's practices at cloudflare.com/privacypolicy.

We work with the following providers to operate the service. All are bound by confidentiality and data processing agreements:

• OVH: server infrastructure and storage. A data processing agreement is in place.
• Cloudflare: CDN, DDoS protection, and encrypted tunneling. Transfers outside the EU are covered by EU Standard Contractual Clauses.
• SMTP provider: used exclusively for transactional emails such as alerts and account-related notifications.

We do not share your data with any other third parties unless required by law.

We keep personal data only as long as needed for the purposes described here, or as required by law.

Change history is retained according to your plan's limits. When you delete your account, your personal data is permanently removed from active systems within 30 days. Limited system logs may temporarily persist for security or legal compliance purposes and are then automatically purged.

You can request a copy of the personal data we hold about you once every 7 days by contacting [email protected]. We'll respond within a reasonable timeframe and may ask for proof of identity before acting on the request.

If you are in the European Economic Area, you have the following rights regarding your personal data. We apply these rights to all users where applicable, regardless of location.

• Access: request a copy of the data we hold about you
• Rectification: request correction of inaccurate information
• Erasure: request deletion of your personal data
• Portability: receive your data in a structured, machine-readable format
• Restriction: request that we limit how we process your data
• Objection: object to processing based on legitimate interest

To exercise any of these rights, contact [email protected]. If you're not satisfied with how we handle your request, you have the right to lodge a complaint with your local data protection authority.

Our infrastructure is hosted within the EU. Cloudflare may route traffic through servers outside the EU as part of its global network. Where this occurs, transfers are governed by EU Standard Contractual Clauses to ensure your data remains protected.

Passwords are hashed with bcrypt. Session tokens are hashed before storage. All traffic is encrypted via HTTPS/TLS through Cloudflare. We apply access controls and monitor for unusual activity.

No system is completely secure. Use a strong, unique password and consider enabling two-factor authentication. If you suspect unauthorized access to your account, contact us immediately at [email protected].

ArtistGuard is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will take appropriate action.

Questions, requests, or concerns? Get in touch at [email protected].

Last updated: March 2026