Privacy Policy

1. Overview

Artistek, Inc. ("Artistek," "we," "our," or "us") operates an AI-powered entertainment booking marketplace that connects venues with artists, bands, and musicians. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use our platform at artistek.io and any related mobile applications (collectively, the "Service").

By creating an account or using our Service, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, password (stored as a one-way hash), phone number, and account type (Venue, Artist, or Musician).
• Profile Information: Business name, biography, location (city, state, ZIP code), genre preferences, performance history, photos, videos, portfolio links, and pricing information.
• Booking & Contract Data: Event details, performance dates, agreed fees, contract terms, rider requirements, and communications between parties on our platform.
• Payment Information: Credit/debit card details and bank account information submitted when adding a payment method. This data is transmitted directly to and stored by our payment processor, Stripe, Inc. We do not store full card numbers or bank account numbers on our servers — only the last four digits and account type for display purposes.
• Identity & Tax Information: Tax identification numbers, W-9/W-8 forms, and identity verification documents collected when required for payouts or regulatory compliance.
• Communications: Messages you send through our in-app messaging system, support tickets, and any other direct communications with us.

2.2 Bank Account Data via Stripe Financial Connections

When you add a bank account for ACH Direct Debit payments, we use Stripe Financial Connections to verify your bank account. Through this process, Stripe may collect and share with us:

• Your tokenized bank account and routing number (used solely to initiate ACH payments — we never see the raw numbers)
• Account type (checking or savings) and last four digits of the account number
• Current and pending account balance (used to help verify sufficient funds before initiating a transaction)
• Bank name and account holder name

Stripe Financial Connections data is used solely for payment processing and fraud prevention. We do not sell this data or use it for credit scoring or marketing. Stripe's use of your Financial Connections data is governed by the Stripe Financial Connections Account Agreement.

2.3 Information Collected Automatically

• Usage Data: Pages visited, features used, search queries, clicks, and the time and duration of your sessions.
• Device & Log Data: IP address, browser type and version, operating system, referral URLs, and error logs.
• Location Data: General location derived from your IP address or, with your permission, your device's GPS for distance-based search results. ZIP code is collected during signup for personalized search defaults.
• Cookies & Similar Technologies: We use session cookies to maintain your login state and local storage for user preferences. We do not use third-party advertising cookies.

3. How We Use Your Information

• Providing the Service: Creating and managing your account, facilitating bookings, processing payments, releasing escrow funds, and generating contracts.
• AI-Powered Matching: We use OpenAI's API to analyze your profile, preferences, and search queries to generate personalized venue and artist recommendations. Your data is sent to OpenAI under a data processing agreement and is not used to train OpenAI's public models.
• Payments & Payouts: Processing ACH Direct Debit and credit card payments from venues, holding funds in escrow, and transferring artist payouts through Stripe Connect.
• Communications: Sending booking confirmations, payment receipts, contract notifications, and important platform updates via email. You may opt out of non-essential communications at any time.
• Safety & Fraud Prevention: Detecting and preventing fraudulent transactions, unauthorized access, and violations of our Terms of Service.
• Legal Compliance: Satisfying tax reporting obligations (1099-K/1099-NEC for eligible artists), responding to lawful government requests, and enforcing our agreements.
• Product Improvement: Analyzing aggregated usage patterns to improve platform features, fix bugs, and develop new functionality. This analysis uses anonymized or aggregated data where possible.
• Location-Based Search: Using your ZIP code or city to display nearby artists and venues by default. You can change or clear your location at any time from the search filters.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 With Other Users

When you engage in a booking, relevant profile information (name, business name, location, pricing, portfolio) is shared with the counterparty to facilitate the transaction. Messages sent through our platform are visible to both parties in the conversation.

4.2 With Service Providers

• Stripe, Inc. — Payment processing, escrow, ACH Direct Debit, Financial Connections, and Stripe Connect payouts. Stripe's privacy policy is available at stripe.com/privacy.
• OpenAI, L.L.C. — AI-powered search and artist/venue recommendations. Data submitted to OpenAI is subject to a data processing agreement.
• Email Service Provider — Transactional and notification emails (booking confirmations, payment receipts, etc.).
• Cloud Infrastructure — Hosting, database, and file storage services. These providers access data only as necessary to provide infrastructure services and are bound by confidentiality obligations.

4.3 For Legal Reasons

We may disclose your information if required by law, subpoena, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Artistek, our users, or the public.

4.4 Business Transfers

If Artistek is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your personal information becomes subject to a materially different privacy policy.

5. Payment Processing & Escrow

All payment processing on Artistek is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you add a payment method:

• Credit/debit card data is collected directly by Stripe's secure form and never passes through our servers.
• Bank account data (for ACH) is collected via Stripe Financial Connections, verified, and tokenized by Stripe before any information is shared with us.
• Booking payments are held in escrow and released to the artist upon completion of the event, minus applicable platform and processing fees.
• We store only non-sensitive identifiers (Stripe customer ID, payment method ID, last four digits, and account type) on our servers for display and reference purposes.

6. Data Retention

• Active Accounts: We retain your personal information for as long as your account is active or as needed to provide the Service.
• Deleted Accounts: When you delete your account, we remove your personal profile data within 30 days. Certain records (transaction history, contracts, tax documents) are retained for up to 7 years to comply with financial and legal obligations.
• Messages & Communications: In-platform messages are retained for 2 years after account deletion, or as required by law, to resolve disputes.
• Bank Account Data: Tokenized payment methods are stored with Stripe. You may remove a saved payment method at any time from your account settings, which instructs Stripe to delete the associated token.
• Backups: Encrypted backups may retain data for up to 90 days after deletion from the primary database.

7. Data Security

We implement the following security measures to protect your information:

• All data transmitted between your browser and our servers is encrypted via TLS/HTTPS.
• Passwords are hashed using bcrypt and are never stored in plain text.
• Authentication uses short-lived JSON Web Tokens (JWTs) with refresh token rotation.
• Sensitive credentials (API keys, database connection strings) are stored as environment variables and never committed to source code.
• Payment data is handled exclusively by Stripe, which maintains PCI-DSS Level 1 compliance.
• Access to production systems is restricted to authorized personnel on a need-to-know basis.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Update or correct inaccurate information via your account settings or by contacting us.
• Deletion: Request deletion of your account and personal data. Note that some data may be retained for legal and financial compliance purposes as described in Section 6.
• Portability: Request an export of your personal data in a machine-readable format.
• Opt-Out of Marketing: Unsubscribe from non-essential email communications at any time using the unsubscribe link in any email we send. Transactional emails (booking confirmations, payment receipts) cannot be opted out of while your account is active.
• Remove Payment Methods: Delete saved credit cards or bank accounts at any time from Dashboard → Account → Payment Methods.
• Location Preferences: Clear or change your default search location at any time from the search filter controls.

To exercise any of these rights, contact us at privacy@artistek.io. We will respond within 30 days.

9. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose what personal information we have collected about you, the sources of that information, the business or commercial purpose for collecting it, and the categories of third parties we share it with.
• Right to Delete: You may request deletion of your personal information subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Do Not Sell: We do not sell personal information. You do not need to opt out.

To submit a CCPA request, email privacy@artistek.io with "CCPA Request" in the subject line.

10. Children's Privacy

The Artistek platform is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@artistek.io and we will take steps to delete such information.

11. Third-Party Links & Services

Our platform may contain links to third-party websites or integrate with third-party services (such as social media platforms for profile verification). This Privacy Policy does not apply to those third-party services, and we encourage you to review their privacy policies. We are not responsible for the privacy practices of third-party sites.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (to the address on your account) and by posting a notice on the platform at least 14 days before the changes take effect. The "Last updated" date at the top of this policy indicates when it was most recently revised. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: