Privacy Policy

Last updated: April, 2025

This Privacy Policy explains how Artie3D collects, uses, and discloses information about you when you use our app, website, and related services (collectively, the "Services"). We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

In this Privacy Policy, "Artie3D" (referred to as "we", "us", or "our") refers to the operator of the Artie Kids App, which is operated by business based in Berlin, Germany. Artie Kids is the "data controller" of your personal data, which means we determine the purposes and means of processing your personal data. If you have any questions or requests regarding your personal data, you can contact us at artiekids-support@pixibase.app.

This Privacy Policy applies to all users of our Services worldwide. If you do not agree with the practices described in this Policy, please do not use the Services. We may update this Privacy Policy from time to time (see the "Changes to This Policy" section below). We will notify you of significant changes, and the latest version will always be available within the app and on our website.

1. Information We Collect

We collect various types of information from you when you use Artie3D. This includes information that you provide directly, information collected automatically, and information from third-party services that you connect to Artie3D. Some of this information may be considered "personal data" under applicable law because it can identify you or is linked to you.

1.1 Information You Provide to Us

Account Information: When you register or sign in to Artie3D, you provide information such as your email address and a password. If you sign in via a third-party provider (Apple or Google), we receive information from that account (for example, your name and email address, as allowed by your Apple/Google privacy settings). We store your email address and, if provided, your name or username associated with your account. This information is used to create and secure your account, allow you to log in, and communicate with you as needed (for example, for account verification or support).

User Content: The core function of Artie3D is to let you take notes and communicate with an AI assistant. Any text, images, or other content that you input, upload, or generate within the app is stored securely on our systems as your personal "User Content." We do not use this content for training or advertising. It is used solely to operate and improve the Services for you, such as syncing across devices or generating AI responses. You remain the owner of your content, and unless you explicitly choose to share it, it remains private and accessible only to you through your authenticated account.

Communications with Us: If you contact us directly (for example, by emailing support or filling out a contact form), we will receive the information you provide in your communication. This may include your name, email address, and the content of your message or attachments. We will use this information to respond to you and address your requests or questions. We may also keep a record of our correspondence for future reference (for example, to improve our support services or in case of legal inquiries).

Marketing Communication: If you opt in to receive our newsletter or marketing emails, we will send you occasional updates about product features or tips. You can unsubscribe at any time using the link provided in those emails or by contacting us.

Optional Profile Information: Artie3D may give you the option to provide additional profile information, such as a profile name or avatar, or to configure certain preferences (like your preferred language or interface settings). This information is optional and is used to personalize your experience. If provided, profile information like your display name or avatar may be visible to you in the app interface (note: Artie3D is primarily a private note-taking tool, so profile information is mainly for your own reference unless in future social features are introduced, in which case we will update you accordingly).

1.2 Information We Collect Automatically

Usage Data: When you use the Artie3D App or website, we automatically collect certain technical information about your device and how you interact with our Services. This includes:

• Device Information: Information about the device and app you are using, such as your device model, operating system version, unique device identifiers, app version, and device language settings.
• Log Data: Logs of your activity within the app or website. For example, when you use the app, our servers may record information like the features you use, the time and date of actions (e.g., when you created or edited a note), and your IP address at the time of use. If the app crashes or encounters an error, we might collect a crash report and debugging information to help us fix the issue (this may include technical details about your device and what led to the error).
• Usage Analytics: We use analytics tools (such as Google Analytics for Firebase or similar services) that collect information about how you use the Services. This can include which screens or features you access, how long you spend in the app, and other performance metrics. This information is generally collected in aggregate form so we can understand usage patterns, though it may be tied to unique user IDs or device IDs for analytics purposes.

Cookies & Similar Technologies: Our website (and, to a limited extent, the app) uses cookies and similar tracking technologies to provide and improve our Services. Cookies are small text files stored on your browser or device. For example, if you visit our marketing website or web app, we may set a cookie to remember your preferences or login state. We may also use cookies or pixels for analytics on our website (to understand how many people visit, which pages are popular, etc.). You can control cookies through your browser settings and other tools: for instance, you can set your browser to refuse cookies or delete certain cookies. However, note that some parts of our Service (like maintaining a login session on the web) may not function properly without cookies.

1.3 Information from Third-Party Services

Third-Party Sign-In Providers: If you decide to register or log in using a third-party account (such as Sign in with Apple or Google Sign-In), we receive information from those providers to facilitate your login. This typically includes your name and email address as registered with that provider, and a unique identifier token. We only use this information for authentication and account creation. We do not collect your password from those providers; the authentication process is handled by the provider and they simply verify to us that you are who you say you are.

App Store & Payment Data: When you purchase a subscription or premium upgrade through the Apple App Store or Google Play Store, we receive certain information from the store to activate your premium status. This can include an anonymized transaction or subscription ID, confirmation of payment, and the type of subscription or product purchased. We do not receive your personal financial information (like your credit card number or billing address) from the App Store or Play Store; that information is handled by the store providers. We may use a service called RevenueCat to help manage subscription status across devices—RevenueCat will process purchase receipts from Apple/Google on our behalf to let us know whether your subscription is active, and for how long. RevenueCat does not receive your full payment details either, only the necessary data to validate subscriptions.

Future Integrations: Artie3D may offer optional integrations with other services to enhance your experience (for example, in the future we might integrate with a calendar service to sync your schedule, or allow you to import data from other apps). If you choose to connect Artie3D to another service, we will clearly explain what information we will access or receive from that third party. Such integrations will always be opt-in. The information received from those third parties will be treated in line with this Privacy Policy, and we will use it only for the purposes you expect (e.g., if you connect a calendar, we might read your events to display them or to allow the AI to reference your schedule in assisting you).

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Improving the Service: First and foremost, we use your information to operate Artie3D and provide the core functionality. This includes using your Account Information to log you in and sync your data across devices, using your User Content to display it back to you (and process queries with the AI), and using usage data to understand and improve how the app functions for users. For example, knowing which features are used most helps us focus our development efforts. We also use information about errors or crashes to fix bugs and ensure the app's reliability.
• AI Processing: When you interact with the AI assistant in Artie3D, the content of your query (and relevant context from your notes if needed) is sent to our AI processing provider (OpenAI) to generate a response. We use your data in this context to get the AI functionality to work as intended. **Important:** The text of your queries and the AI's responses may be temporarily stored on third-party servers (e.g., OpenAI's systems). We do not use these AI interactions for any purpose other than to return a result to you. However, OpenAI's systems will receive that data to generate the answer. (See Section 4 on Third-Party Processors for more on how third parties handle data.)
• Communication: We may use your email address to send you service-related notices or updates. For example, we might send an email to verify your account or to inform you of important changes to the Services or this Policy. If you have opted in to receive newsletters or marketing communications, we will use your contact information to send those as well, but you can opt out at any time (see Section 6 on Your Rights and Choices). We will not spam you; typically, communications will be infrequent and related to important service information or features we believe you may find useful.
• Security and Abuse Prevention: Information like IP addresses, device identifiers, and usage patterns may be used to detect and prevent fraudulent or malicious activity. For instance, we may use certain data to verify that an account login is legitimate (for example, flagging if an account is accessed from a new location or device), or to detect misuse of the app (such as automated bots or potential hacking attempts). This is essential to keep the Service and our users safe.
• Legal Compliance: We may process your personal data as required to comply with applicable laws and regulations, or to respond to lawful requests or orders from law enforcement or other government authorities. For example, we could be required to retain certain data to comply with financial reporting laws, or disclose information if compelled by a court order.

We will not use your personal data for purposes that are unrelated to the above without asking for your consent. We do not use your personal data for advertising purposes (we do not display third-party ads in the app, and we do not sell or rent your data – see Section 5 below).

Fair Use Limits: We monitor the use of AI features to ensure fair access. If a user's usage significantly exceeds normal levels, we may limit or restrict access temporarily to maintain service performance. These restrictions are applied at our discretion and may be automated or manual.

Health and Professional Advice Disclaimer: The Services are not intended to provide professional advice in areas such as medical, legal, mental health, or financial matters. Any information, suggestions, or AI-generated responses are for informational purposes only and should not be relied upon for decision-making without consulting a qualified professional.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we must have a valid legal basis to process your personal data. We rely on the following legal grounds:

• Contract (Art. 6(1)(b) GDPR): We process most of your personal data on the basis that it is necessary to fulfill our contract with you. When you sign up for and use Artie3D, we enter into a user agreement (the Terms and Conditions) which forms a contract. We need to process your account data, notes, and other content to provide the Services you have requested under that contract.
• Legitimate Interests (Art. 6(1)(f) GDPR): We process certain data as needed for our legitimate interests, and we do so in ways that are not overridden by your data-protection rights. Our legitimate interests include improving and securing our Services. For example, collecting analytics about usage and collecting logs of errors are in our legitimate interest to ensure the product is functioning well and to develop new features. When we rely on this basis, we consider and balance any potential impact on your rights. You have the right to object to processing based on legitimate interests in certain cases (see Section 6 on your rights).
• Consent (Art. 6(1)(a) GDPR): In some situations, we rely on your consent. For instance, if we ever want to use your data for a purpose that requires consent (such as sending marketing emails, if not otherwise allowed, or integrating with a new third-party where you must opt-in), we will obtain your consent. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing before withdrawal.
• Legal Obligation (Art. 6(1)(c) GDPR): Where applicable, we will process data if necessary to comply with a legal obligation. For example, if laws require us to retain certain transaction records for a period of time (even if you delete your account), we will do so as required by law.

We will clearly inform you when we are collecting information that is optional or based on consent. For example, if in the future we introduce a feature that collects health or sensitive data, we would do so only with your explicit consent (however, as of the Last Updated date above, Artie3D does not collect any health or special category personal data).

4. How We Share Information

We understand that your personal data and content are important, and we are not in the business of selling your information to third parties. We share information about you only in the following circumstances:

• Service Providers (Processors): We use trusted third-party companies to help us operate and improve Artie3D. These providers perform services on our behalf and only process personal data under our instructions and for the purposes described in this Policy. Key service providers include:
  • OpenAI: Provides the AI language processing that powers Artie3D' smart assistant features. When you interact with the AI, your prompts and relevant context are sent to OpenAI's servers, and a response is returned. OpenAI may incidentally store these prompts and responses to maintain and improve their service. (Note: We have configured our use of OpenAI in line with OpenAI's policies to not use your data for training whenever possible, but some caching or logging by OpenAI might occur. We do not control OpenAI's internal policies, so please be aware that using the AI implies sharing data with this US-based service.)
  • Supabase: Provides our primary database and backend infrastructure. Supabase is a hosted platform (based on PostgreSQL) where we store your account information and User Content (notes, messages, etc.). Supabase acts as a cloud storage provider for us. We configure Supabase to host data in a region optimized for our users (for example, EU-based servers for European users whenever feasible) to comply with data locality preferences.
  • Firebase: We use Google Firebase for certain app functionalities such as authentication (securely managing login sessions), analytics (to understand app usage), and crash reporting. Firebase may collect device identifiers and usage data as described in Section 1.2. Google, as the provider of Firebase, processes this data on our behalf. (Google's main offices are in the United States, so some data may be transferred to the US, as noted in Section 5 on international transfers.)
  • RevenueCat: We use RevenueCat to manage in-app subscriptions and purchases. When you subscribe or make a purchase, RevenueCat receives the purchase receipt (a piece of data from Apple or Google) and helps us verify and manage your subscription status across devices. RevenueCat may store an identifier for your account or device along with subscription info, but it does not receive your payment details. RevenueCat is a US-based service provider.
  • Vercel: Our website and certain parts of our backend services may be hosted on Vercel, a cloud hosting provider. If you visit our web pages or if the app communicates with our servers, that traffic may be routed through Vercel's infrastructure. Vercel may log basic request data (IP addresses, requests made, timestamps) for operational purposes.
  • Analytics & Performance Tools: We may use services like Mixpanel, or Google Analytics to better understand how users interact with our app. These tools help us improve usability, analyze bugs, and optimize features. We configure them to minimize personal data collection, and where possible, anonymize or aggregate data.
  • SDK tools We may integrate SDKs or social plugins (e.g., Apple Sign-In, Google, or Facebook) to support logins or improve the user experience. These tools may collect metadata about your device or session when used, in accordance with their own privacy policies.
  • Other Partners: We may employ additional processors for specific functions such as email delivery (to send verification or notification emails), customer support ticketing, or data backups. For example, if we send emails, we might use an email sending service like SendGrid or a similar provider which would handle your email address for the sole purpose of sending messages. We will ensure any such processors are bound by privacy obligations and only receive the minimum data necessary.
• App Stores and Authentication Providers: In some cases, you directly share information with third parties when using our Services. For instance, if you use Apple Sign In or Google Sign-In, those providers receive data as per their own privacy policies (e.g., Apple knows you used their service to sign into Artie3D). Similarly, when you make a purchase, Apple or Google processes the payment. These companies may independently collect and handle your data under their terms. We recommend reviewing the Apple Privacy Policy and Google Privacy Policy for information on how they treat your data.
• Business Transfers: If Artie3D is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, **your information may be transferred as part of such a transaction**. We would ensure that any new owner or successor entity continues to honor the privacy commitments we have made in this Policy. We would notify you (for example, via email or a prominent notice in the app) of any change in ownership or use of your personal data, as well as any choices you may have regarding your personal data as a result of the transfer.
• Legal Compliance and Safety: We may disclose your information to third parties if we determine in good faith that such disclosure is necessary to: (a) comply with relevant laws or legal processes (e.g., a court order, subpoena, or government request); (b) enforce our Terms and other agreements or policies; (c) protect the security or integrity of our Services; or (d) protect the rights, property, or safety of Artie3D, our employees, our users, or the public. This could include sharing information with law enforcement or government agencies in response to lawful requests.
• With Your Consent: Apart from the cases listed above, we will share your personal data with others only if you direct us to or give us consent to do so. For example, if we were to implement a feature where you ask Artie3D to publish a note to another platform or share it with a friend, we would do so only with your explicit instruction, and we would only share the data necessary to fulfill your request.

Use Restrictions: User data and AI outputs may not be resold, redistributed, or used to offer commercial services without our express written permission. All use must be personal and non-commercial unless explicitly agreed upon.

We do not sell your personal information to third parties for monetary or other valuable consideration. We also do not share your personal information with third parties for their own direct marketing purposes.

5. Data Storage, International Transfers, and Retention

5.1 Where Your Data Is Stored and Transferred

Artie3D is based in Germany, but we work with service providers and infrastructure that may be located in countries outside of your home country. Specifically, many of our third-party processors (OpenAI, Google/Firebase, RevenueCat, Vercel) are located in the United States. This means that your personal data **may be transferred to and stored on servers in the United States or other countries** which might have data protection laws different from those in your jurisdiction.

If you are located in the European Union, United Kingdom, or other regions with data transfer restrictions, we take steps to ensure that appropriate safeguards are in place for the transfer of your data internationally, as required by GDPR. These safeguards may include:

• Utilizing service providers that have certified compliance with frameworks like the EU-U.S. Data Privacy Framework (if applicable) or implementing the European Commission's Standard Contractual Clauses (SCCs) in contracts with those service providers to ensure a level of protection essentially equivalent to EU standards.
• Choosing data hosting locations in Europe when available. (For example, if our database is hosted via Supabase in an EU data center, or if Firebase allows European data storage, we prefer those options to limit routine transfers.)

Despite these measures, when you use Artie3D and its features (especially AI features), some data will be transmitted to the U.S. or other countries. By using the Services or providing us with your information, **you consent to the transfer of your information to the United States and other countries outside of your country of residence**. We will handle your information securely in accordance with this Privacy Policy, wherever it is processed.

5.2 Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, and to comply with applicable legal requirements.

Here is how we approach retention for different categories of data:

• User Account Data: We retain your account information (such as your email and login credentials) and User Content (your notes, messages, etc.) for as long as your account is active. If you decide to delete your account, we will initiate deletion of your personal data from our production systems. Typically, account deletion is immediate or within a very short time frame, and your content will no longer be accessible to you or us. Please note that removal from backups may take a bit longer but we will ensure that backups are eventually purged in the normal backup rotation (usually within 30-60 days) and are not restored except if needed for disaster recovery. In any case, after you delete your account, we will not restore your personal data unless required by law.
• Communications: If you contacted us via email or support channels, we may retain those communications and our responses for a period of time in order to have a history of support requests (to help in future related issues) and to improve our customer service. Typically, support emails are retained for up to 24 months, unless a longer period is required for legal reasons (e.g., if a conversation could be relevant to a dispute).
• Analytics and Logs: We may retain app usage logs and analytics data for internal analysis. This data is often aggregated or anonymized over time. Raw logs (including IP addresses) are generally retained for a shorter period (for example, server logs might be kept for a few weeks to a few months for troubleshooting and security monitoring, then automatically deleted or anonymized). Aggregated analytics (which no longer identify a user) may be kept indefinitely to help us understand trends over time.
• Legal Requirements: In certain cases, we may need to retain data for longer if required by law. For example, if there is an outstanding issue, claim, or dispute requiring us to keep data, or if retention is necessary for compliance with tax, audit, or other legal obligations, we will retain the necessary data until such matter is resolved or for the duration required by law. If we have to retain data for legal reasons, we will isolate it from routine use of the Services so that it is only used for the legal purpose.

After the retention period expires, we will delete or anonymize your personal data in a secure manner. When we anonymize data, we remove any details that identify you personally, so the information can no longer be linked to you.

6. Your Rights and Choices

You have certain rights and choices regarding your personal data. We have outlined these below, along with how to exercise them. Please note that these rights may vary based on your location (for example, GDPR provides certain rights to EU users, and CCPA provides rights to California residents). We will honor all applicable rights under relevant data protection laws.

6.1 Your Rights under GDPR (for users in the EEA, UK, and similar jurisdictions)

• Right of Access: You have the right to request confirmation of whether we process personal data about you, and if so, to request a copy of the personal data we hold about you, as well as information about how we use it. We will provide this in a commonly used electronic form.
• Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. You can also correct and update much of your account information directly in the app (for instance, you can change your email or profile name in settings).
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data. As noted above, you can delete your account within the app, which will remove your personal data from our active systems. If you encounter any issues with the in-app deletion or have additional data concerns, you can contact us to request erasure. We will delete the requested data unless an exemption applies (for example, we might retain data if needed for a legal obligation, but we will inform you of that if it prevents deletion).
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances. This could apply, for example, if you contest the accuracy of your data and we are verifying it, or if you object to us processing data based on our legitimate interests. While we consider your request, we would restrict processing of the data in question.
• Right to Data Portability: You have the right to obtain your personal data from us in a structured, commonly used, and machine-readable format, and to request that we transfer it to another service provider where technically feasible. For example, you might want a copy of all your notes or data to move to another app. We will assist with such requests by providing you your data in a reasonable format (such as JSON or CSV files).
• Right to Object: You have the right to object to our processing of your personal data when we are doing so on the grounds of legitimate interests, or for direct marketing purposes. If you object to direct marketing, we will stop sending you marketing communications. If you object to processing based on legitimate interests, we will evaluate your request and stop or pause processing the data in question unless we have compelling legitimate grounds to continue or if it is needed for legal reasons.
• Right to Withdraw Consent: In cases where we rely on your consent to process data, you have the right to withdraw that consent at any time. For instance, if you consented to receive our newsletter, you can unsubscribe at any time (withdrawing consent for that specific purpose). Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory data protection authority. For example, if you are in Germany, you could contact the data protection authority in the region where we are based (Berlin). If you are in another EU country, you may contact your local authority. We would, however, appreciate the chance to address your concerns directly before you do this, so we encourage you to reach out to us first to see if we can resolve the issue.

You can exercise most of the above rights by contacting us at artiekids-support@pixibase.app. We may need to verify your identity before fulfilling certain requests (for example, to ensure that it's really you requesting a copy of your data or its deletion). We will respond to your request within a reasonable timeframe and in accordance with applicable law (generally within 30 days for GDPR requests).

6.2 Your Rights under CCPA (for California residents)

If you are a resident of California, the CCPA provides you with specific rights regarding your personal information:

• Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm a verifiable consumer request from you, we will disclose to you:
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • The business or commercial purpose for collecting (or, if applicable, selling) that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you.
  • If we disclosed your personal information for a business purpose, a list of the disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
• Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, **subject to certain exceptions**. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. (Examples of exceptions: we may retain information to complete a transaction or provide services you requested, to detect security incidents, to comply with a legal obligation, etc.)
• Right to Opt-Out of Sale: The CCPA gives consumers the right to opt out of the sale of their personal information. However, as stated above, **Artie3D does not sell your personal information**. We don't provide your data to third parties for monetary compensation or for their own marketing use. Therefore, there is no need to provide an opt-out mechanism for sale in our case.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. This means we will not deny you our services, charge you a different price, or provide a different level or quality of service just because you exercised your rights under the CCPA. (Note: If you request deletion of data that is necessary to provide the service, we may not be able to continue providing that service, but that's a direct result of your request, not discrimination.)

To exercise your CCPA rights to know or delete, please submit a verifiable request to us by emailing artiekids-support@pixibase.app with the subject line "CCPA Request" and let us know what you are requesting. We will need to verify your identity (for example, by confirming information we already have on file, like your email or phone number) to ensure we are responding to the correct person. You may also designate an authorized agent to make requests on your behalf; if you do so, we will need proof that the agent is authorized to act for you.

We aim to respond to verifiable requests within 45 days as required by CCPA. If we need more time (up to an additional 45 days, for a total of 90 days), we will inform you of the reason and extension period in writing. We do not discriminate against users for exercising their privacy rights.

For clarity, in the preceding 12 months, we have collected the categories of personal information from users as described in Section 1 of this Policy (such as identifiers like email, user content, usage data, etc.), from the sources described (directly from users and from device interactions), for the business purposes described in Section 2, and shared them in the manner described in Section 4. We reiterate that we have not sold personal information and have no plans to do so.

6.3 Right of Withdrawal (EU Residents)

If you are a resident of the European Union and entered into a paid subscription contract with us, you may have the right to withdraw from the contract within 14 days without giving any reason. To exercise this right, please notify us in writing (email is sufficient) within the withdrawal period.

If you withdraw, we will refund all payments received from you in connection with the subscription. If you requested that the services begin during the withdrawal period, you may be responsible for a prorated amount. Please send your request to artiekids-support@pixibase.app.

7. Security Measures

We take the security of your data seriously and implement a variety of measures to protect it from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: We use encryption to protect data in transit and at rest. For example, our app and website employ HTTPS/TLS encryption for all data transmissions, which helps prevent eavesdropping on data sent between your device and our servers. Sensitive data stored in our databases is encrypted at rest where applicable.
• Access Controls: We restrict access to personal data to authorized personnel who need it to operate, develop, or support our Services. Our team members are bound by confidentiality obligations. Administrative access to systems is protected by strong authentication (such as multi-factor authentication) to reduce the risk of unauthorized access.
• Security Testing: We regularly update our applications and conduct testing (including automated security scans and occasional penetration testing) to identify and address potential vulnerabilities. We also keep our software and third-party libraries up to date to benefit from the latest security fixes.
• Vendor Assessments: When selecting third-party service providers (like those mentioned in Section 4), we evaluate their security practices to ensure they meet a high standard of care for data security. We also have agreements in place requiring them to protect personal data to at least the same standard we do.

Despite all these precautions, **no method of transmission over the Internet or method of electronic storage is completely secure**. We cannot guarantee absolute security. However, we continually work to improve our safeguards and will inform you, as required by applicable law, in the unfortunate event of any data breach affecting your personal data. We also encourage you to help keep your data safe by using a strong, unique password for your Artie3D account and not sharing it with anyone. If you suspect any unauthorized access to your account or any security vulnerabilities, please contact us immediately.

8. Children's Privacy

The Artie3D Services are **not intended for or directed to children under the age of 16 (or the minimum digital consent age in your jurisdiction, where applicable).**. We do not knowingly collect personal data from anyone under 16 years old. If you are under 16, please do not use the App or send us any personal information.

If we become aware that we have unknowingly collected personal information from a child under 16, we will take steps to delete such information as soon as possible. If you are a parent or guardian and you believe that a child under 16 may have provided us personal information, please contact us at artiekids-support@pixibase.app so that we can investigate and delete the data if necessary.

In some jurisdictions, the age threshold may be different (for example, 13 in the United States under COPPA). We comply with applicable laws regarding minimum age requirements. We do not intentionally collect information from minors under the applicable age of consent for data collection without parental consent. If law requires a higher age for data collection consent, we will follow that requirement.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of the Policy. If changes are significant, we will provide a more prominent notice (such as a notification within the App or an email to registered users) to inform you of the updates.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. **If you continue to use Artie3D after Privacy Policy changes go into effect, you will be deemed to have accepted the updated Policy.** If you do not agree with the changes, you should delete your account and stop using the Services.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: artiekids-support@pixibase.app
Operator: Artie3D (operated by K. Gadoeva)
Address: Frankfurter Allee 218, 10365 Berlin, Germany
Data Protection Officer: If you wish to contact our data protection officer (or privacy team), you can do so by emailing artiekids-support@pixibase.app with Attention: Data Protection Officer in the subject line.

We will do our best to address any issue or question you have. Your privacy is important to us, and we welcome your feedback on our practices. If you are a consumer within the European Union, you may use the European Commission's Online Dispute Resolution (ODR) platform: https://ec.europa.eu/consumers/odr

Thank you for trusting Artie3D with your notes and information. We are committed to keeping that trust by safeguarding your data and being transparent about our practices.