Legal

Privacy Policy

Version 2026-06-24 · Last updated June 24, 2026

Who we are

Artisan is a platform that gives makers, bakers, chefs, and crafters a home for their work — a public page, a way to host events, take orders, and stay in touch with their community. This policy explains what information we collect when you use Artisan, how we use it, and the choices you have.

"Artisan," "we," "us," and "our" refer to Artisan App, LLC, the team behind artisan-app.com. If you have questions about this policy, email us at support@artisan-app.com.

What we collect

We collect the minimum we need to run the product.

  • Account information. Your name, email, and a password or Google sign-in identifier when you create an account.
  • Artisan profile content. If you sell on Artisan, the bio, photos, products, events, and social links you publish to your page. This content is public by design.
  • Customer activity. When you RSVP to an event, place an order, send a message, or follow an artisan, we store what you sent and when.
  • Contact details for messaging. If you opt in to SMS or email updates from an artisan, we store the phone number or email you provide so we can deliver those messages.
  • Payment information. When paid orders are available, payments are processed by Stripe. We never see or store your full card number — Stripe returns us a token and a payment status, which we keep as part of the order record.
  • Technical information. Standard server logs (IP address, browser, request path) and the cookies described below.

What we don't collect

There's a whole category of especially sensitive information we go out of our way not to collect. We've kept the product narrow on purpose, and here's what that means for you.

We don't collect "consumer health data." Washington's My Health My Data Act (MHMDA) protects information that reveals a person's health. We don't gather it and we don't try to figure it out. The one thing that might look health-related — allergen and dietary information like "contains nuts" or "vegan" — is an optional label an artisan adds to a product, the same way they'd note a flavor or an ingredient. It describes the item, not you. We use it only to fulfill orders and pass it along so makers can prepare what you ordered safely. We never use it to guess at, infer, or record anything about your health, and we don't build a health profile of anyone.

And we don't collect other sensitive categories of data, including:

  • Your precise location (we don't track your GPS or device location)
  • Biometric or genetic data (no face scans, fingerprints, or DNA)
  • Race or ethnic origin
  • Religious or philosophical beliefs
  • Health conditions or diagnoses
  • Sexual orientation or sex life
  • Immigration or citizenship status
  • Government ID numbers, like a driver's license or passport number
  • Social Security numbers
  • Logins or passwords to your bank or other financial accounts

One clarification on payments: when paid orders are available, your card details go straight to Stripe, our payment processor — we never see or store your full card number, only a token and a status. So the financial information that does flow through a purchase is handled by Stripe, not stored by us.

If you ever spot a field in the product that seems to ask for something on this list, that's not by design — let us know at support@artisan-app.com.

How we use it

  • To run the service — authenticate you, render your page, deliver orders and messages, and keep the product working.
  • To send transactional messages — order confirmations, event reminders, receipts, and account notifications.
  • To send optional updates you've opted into (event announcements, newsletters from artisans you follow). You can unsubscribe at any time.
  • To send you occasional marketing and product emails from Artisan itself — tips, new features, and offers. Where the law permits (for example, in the US), these are on by default and every message has a one-click unsubscribe; where an opt-in is required (the EEA, UK, and Switzerland), we send them only if you've explicitly agreed. You can change this anytime in your notification settings.
  • To investigate abuse, fraud, or security incidents.
  • To understand how Artisan is used so we can improve it — our analytics provider, PostHog, helps with this; see the cookies and analytics section below for what it receives and how to opt out.

A heads-up at collection, and a few flows worth knowing about

We tell you what we're collecting at the moment we collect it. When you sign up and when you check out, you'll see a short notice — a sentence or two — summarizing what we're collecting on that screen and why, with a link back to this policy for the full picture. The notice is the quick version; this policy is the complete one.

A few specific flows are worth calling out plainly, because they're easy to miss:

  • RSVPs to public events are public. When you mark yourself going or maybe on an event that's public, your name and profile photo show up on that event's page — visible to anyone who views it, including people who aren't signed in. If you'd rather not appear there, change your RSVP.
  • Guest orders are tied to the email you give us. You can place an order without creating an account. When you do, we use the name, email, and phone number you provide to process and fulfill that order, and you get back into it later using the same email. Anyone with access to that email can pull up that order, so use one you control.
  • We log technical details for security and debugging. Our server logs and your session records include your IP address and your browser and device info (the "user-agent"). We use these to keep accounts secure, catch abuse, and figure out what went wrong when something breaks — not to build an advertising profile of you.

Who we share it with

We share information with a small number of service providers who help us run Artisan. They see only what they need to do their job, and they're bound to keep it confidential.

  • Stripe — payment processing.
  • Pingram — SMS and email delivery.
  • Google (OAuth) — if you choose to sign in with Google.
  • PostHog — product analytics that help us understand how Artisan is used.
  • Cloudflare — image storage and delivery for photos you upload.
  • Railway — hosting and infrastructure.

We also share information with artisans you interact with. If you RSVP to an event, place an order, or send a message, the artisan can see your name, contact info, and what you sent — that's how they fulfil orders and host events.

In a business transfer. If we're ever part of a merger, acquisition, or sale of assets, your information may transfer with it, and we'll require the new owner to honor this policy.

We'll share information with law enforcement only when we're legally required to, and we'll push back on overreaching requests.

How Stripe handles payment data

When paid orders are available, payments run through Stripe. The artisan is the seller and the merchant of record — money goes to the artisan's own Stripe account, and we take a platform service fee on top. So there are a few different roles at play, and we want to be clear about each.

A few things to keep in mind:

  • We never see or store your card details. Stripe collects your card number directly and gives us back only an identifier and a payment status, which we keep as part of the order record. Your full card number never touches our servers.
  • For the payment itself, Stripe acts as a service provider handling data on our behalf — it processes the information we send it to charge your card and complete the order.
  • Stripe also uses payment data for its own purposes, as its own independent controller. Stripe needs to prevent fraud, meet its legal and regulatory obligations, and run its payments network — and for those purposes it decides on its own how the data is used. That's separate from what we ask it to do for us.
  • The artisan controls their customers' information. Because the artisan is the merchant of record, they're the one responsible for the data of the people who buy from them. We and Stripe process that data to make the transaction work.

We give you the notices the law requires — including this policy — and we rely on the appropriate legal basis (your consent or our legitimate business need to complete the transaction you asked for) so that Stripe can lawfully process this information.

Stripe has its own privacy policy explaining how it handles your data, which you can read at stripe.com/privacy.

Messaging: texts and emails

We use one provider, Pingram, to send texts and emails on our behalf. There are two kinds of messages, and they work differently.

Transactional messages are the ones that keep your account and your orders running — things like order confirmations, receipts, event reminders, and account or security notifications. We send these because you're using the product, and you can't opt out of them while you have an active account or an order in progress.

Marketing messages are the optional ones: event announcements, newsletters, and updates from artisans you follow. Marketing texts are off by default — we only send them after you opt in. Marketing email is on by default, but every marketing email can be turned off.

Opting out is easy, and it's handled for you. To stop marketing texts, reply STOP to any text. To stop marketing emails, click the unsubscribe link at the bottom of any marketing email. These opt-outs are processed by our messaging provider, Pingram — replying STOP is honored at the carrier level, and unsubscribing is honored at the provider level — so once you reply STOP or unsubscribe, the opt-out sticks even if a message was already on its way. Texting HELP to any of our texts will get you help info the same way.

A couple of practical notes: message and data rates may apply depending on your mobile plan, and how often you hear from us varies based on the artisans you follow and the events and orders you're involved in.

We do not sell or share your phone number or your SMS consent — full stop. We never sell or rent your phone number, and we don't share it (or the fact that you opted in to texts) with third parties for their own marketing. We share your number with Pingram for one reason only: so Pingram can deliver our texts and emails to you on our behalf. That's it.

Cookies, analytics, and your "do not sell or share" choice

The basics. We use a small number of cookies to run the product — the most important one keeps you signed in. We also use PostHog, an analytics tool, to understand how people use Artisan so we can make it better: which pages get visited, which buttons get clicked, where things break. PostHog may set its own cookies in your browser to do that.

What PostHog sees. To make the analytics useful, PostHog receives information that can identify you — including your name and email — alongside the usage and event data (the pages you view and the actions you take in the product). Some of our server logs and diagnostics — things like your IP address and error details — are also processed through PostHog so we can spot and fix problems.

Why we treat this carefully. We don't sell your personal information for money, and we never will. But some US privacy laws define "sale" and "share" broadly enough that sending identifiable information to an analytics provider like PostHog could count — so to be safe, we treat our use of PostHog as if it were a "sale" or "share" of your personal information, and we give you a way to opt out.

How to opt out today. You have two ways to turn this off:

  • Block the cookies in your browser. Your browser settings let you block or delete cookies — including PostHog's — at any time. That stops the analytics cookies from being set on your device. Blocking our essential cookies (the one that keeps you signed in) may sign you out or break parts of the product.
  • Ask us directly. Email support@artisan-app.com and tell us you'd like to opt out of "sale" or "share" of your personal information, and we'll turn off this kind of analytics sharing for your account.

Global Privacy Control (GPC). Some browsers and extensions can send a Global Privacy Control signal that automatically tells websites you want to opt out of "sale"/"share." We're building support to detect and honor that signal automatically, and we will honor it once that's in place. In the meantime, please use one of the two options above.

No cookie banner today. We don't show a separate cookie-consent pop-up. Instead, you stay in control through your browser settings, which let you block or delete cookies (including PostHog's) at any time, or by emailing us to opt out as described above. As noted, blocking our essential cookies may sign you out or break parts of the product.

Do Not Track. Some browsers offer a "Do Not Track" (DNT) setting. There's no shared industry standard for how a site should respond to a DNT signal, so we don't currently respond to DNT browser signals. To opt out of analytics sharing, use the browser-cookie or email options above.

Your choices

  • Access. Sign in to see the information on your account and activity.
  • Correct. Edit your profile, contact info, and preferences at any time.
  • Unsubscribe. Every marketing message has an unsubscribe link or STOP reply. Transactional messages (order confirmations, receipts) can't be opted out of while you have an active account.
  • Delete. There's no self-serve delete button yet, so to close your account and remove your data, email us at support@artisan-app.com and we'll take care of it. We don't purge everything the instant your message lands — we remove your data by hand, on a rolling basis, and we'll keep only the records we're legally required to hold on to (for example, order and payment records we need for tax, accounting, or fraud reasons). Everything else gets removed.

Your privacy rights

Artisan is offered in the United States, and this policy is written for U.S. users. We extend the same core privacy rights to everyone in the U.S. — not just residents of California or any one state. Wherever you live, you can ask us to:

  • Know and access. Tell you what personal information we've collected about you, and give you a copy of it.
  • Delete. Delete the personal information we hold about you.
  • Correct. Fix personal information that's inaccurate.
  • Get a portable copy. Receive the information you've given us in a portable, machine-readable format where it's reasonable for us to provide one.
  • Opt out. Opt out of the "sale" or "sharing" of your personal information and of targeted advertising based on it.
  • Not be penalized. Use any of these rights without being charged a different price or given a worse experience for it.

A note on the opt-out rights: we don't sell your personal information, we don't share it for cross-context behavioral advertising, and we don't use it for targeted advertising — so for most people there's nothing to opt out of. We list these rights anyway so you know where you stand. If your browser sends a recognized opt-out signal like Global Privacy Control (GPC), we're working to detect and honor it automatically; until that's in place, you can opt out by emailing us as described below.

How to make a request. Email support@artisan-app.com and tell us what you'd like to do. We'll take steps to verify your identity before acting — usually by confirming details tied to your account or order — so we don't hand your information to the wrong person.

Using an authorized agent. You can ask someone else — an "authorized agent" — to make a request for you. Have them email us at the same address with written permission from you to act on your behalf. We may still ask you to verify your own identity directly, or to confirm that you authorized the request, before we act on it.

Our timeline. We'll acknowledge your request within about 45 days and do our best to resolve it in that window. If a request is complex or we get a lot at once, we may take longer — up to another 45 days — and if we do, we'll let you know why before the first window is up.

If we say no, you can appeal. If we deny your request, we'll tell you why. You can appeal by replying to that email or writing to support@artisan-app.com with "Privacy Appeal" in the subject line. We'll review it again and write back with the outcome and our reasoning. If you're still not satisfied, you can contact your state attorney general's office.

Artisans as independent controllers

When you place an order with an artisan, that artisan receives your name, email, and phone number so they can fulfil it. At that point the artisan becomes an independent controller of that information, responsible for handling it lawfully. Our Terms of Service require artisans to use customer data only to fulfil the order, to not market to you without your separate consent, to never sell or transfer it, and to comply with the TCPA, CAN-SPAM, and applicable privacy laws. If an artisan misuses your data, let us know at support@artisan-app.com.

How long we keep it

We keep your information only as long as we have a reason to, and we're honest about how that works: there's no automatic clock that wipes everything on a fixed schedule, and there's no self-serve delete button today. When you ask us to delete your account, we remove your data by hand, on a rolling basis — not instantly — and we keep only what we're required to.

Here's what that means, category by category:

  • Account and profile data. Your name, email, login, and the profile content you've published stay with us while your account is active. When you ask us to delete your account (email support@artisan-app.com), we remove this data on a rolling basis.
  • Order and payment records. We keep order details and payment status (Stripe identifiers and the like — never your card number) for as long as tax, accounting, and payment-dispute rules require, even after you delete your account. These are the records we can't simply throw away.
  • Server logs. Standard technical logs — things like IP address, browser, and request path — are kept only for a short window as part of normally running and securing the service, and then age out.
  • Messaging records. The contact details and message history tied to your conversations with an artisan stick around while they're still relevant to your relationship with that artisan. When you or the artisan asks us to delete the account, we remove them on a rolling basis as part of that deletion request.

When you ask us to delete, we'll remove what we can and let you know what we have to keep and why. If you ever want a status update on a deletion request, just email support@artisan-app.com.

Security

We use industry-standard practices — encryption in transit, hashed passwords, least-privilege access, and audited third-party providers. No system is perfectly secure, but we take this seriously and will notify affected users promptly if we ever learn of a breach.

Children

Artisan is for adults. You have to be at least 18 to use the Services at all, and we don't design or market Artisan for children.

We don't knowingly collect personal information from anyone under 18 — and that goes double for anyone under 13. We don't ask for it, and we don't want it. If we learn that we've collected personal information from a child under 13, we'll delete it.

If you're a parent or guardian and you believe your child has given us information, email us at support@artisan-app.com and we'll take care of it.

Changes to this policy

If we make material changes, we'll update the "last updated" date above and, where appropriate, notify you by email or in the product. Continuing to use Artisan after a change means you accept the new version.

Contact

Questions, corrections, or deletion requests:

Artisan App, LLC
7511 Greenwood Ave N, Unit 5184, Seattle, WA 98103
support@artisan-app.com