Privacy Policy

The Artist HQ, LLC

Effective Date: March 22, 2026

Last Updated: March 22, 2026

The Artist HQ, LLC (“The Artist HQ,” “ArtistHQ,” “we,” “our,” or “us”) operates the website artisthq.co, the client portal at portal.artisthq.co, and related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites, use our client portal, or engage with our Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

1. Information We Collect

We collect information that you provide directly to us, information collected automatically through your use of our Services, and information obtained from third-party sources in connection with the Services we provide.

1.1 Information You Provide Directly

When you register for an account, use our client portal, or engage our services, we may collect:

  • Full name

  • Email address

  • Date of birth

  • Profile picture

  • Project details and creative briefs

  • Content files (photos, videos, audio, graphics, and other media assets)

  • Billing and payment information (processed securely through Stripe; see Section 4)

  • Communications you send to us via email, the portal, or other channels

1.2 Information Collected Through Third-Party Authentication

When you connect a social media account through Meta (Facebook/Instagram) authentication, we receive a limited authorization token to access your social media data for the purposes of managing your social media presence as part of our Services. We do not store your Meta login credentials. The authorization token is used solely to perform actions you have authorized, such as posting content, retrieving analytics, and managing your social media accounts on your behalf.

1.3 Information Collected Automatically

When you access our Services, certain information is collected automatically:

  • Device information (browser type, operating system, device identifiers)

  • IP address and approximate geographic location

  • Pages visited, time spent on pages, and navigation patterns

  • Referring URLs and search terms that led you to our site

  • Usage data and interaction patterns within the client portal

This data is collected through Google Analytics 4 (GA4) and standard server logging. See Section 5 for details on Google Analytics.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

  • To create and manage your client account on our portal

  • To deliver media production, social media management, web development, and branding services

  • To manage project timelines, deliverables, and creative workflows

  • To store and organize your content files and creative assets

  • To schedule and manage events or deadlines via calendar integrations

2.2 Communication

  • To send you project updates, deliverable notifications, and service-related communications

  • To respond to your inquiries, support requests, and feedback

  • To send administrative information such as changes to our terms or policies

2.3 Analytics and Improvement

  • To analyze website traffic and usage patterns to improve our Services

  • To monitor the performance of social media campaigns managed on your behalf

  • To identify technical issues and improve portal functionality

2.4 Business Operations

  • To process payments and manage billing through Stripe

  • To comply with legal obligations and enforce our terms of service

  • To protect against fraud, unauthorized access, and other security threats

3. Google API Services

Our Services integrate with the following Google APIs. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Google Sign-In (OAuth 2.0)

We use Google Sign-In to provide a secure, streamlined authentication experience. When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We use this information solely to create and authenticate your ArtistHQ portal account. We do not access any other data from your Google account beyond what is required for authentication.

3.2 Google Calendar API

We use the Google Calendar API to help manage project timelines, deadlines, and scheduled events related to the services we provide. Calendar data accessed through this integration is used exclusively for coordinating service delivery between ArtistHQ and our clients. We do not read, modify, or store calendar data unrelated to ArtistHQ services.

3.3 Google Analytics 4 (GA4)

We use Google Analytics 4 to collect anonymized, aggregate data about how visitors interact with our websites (artisthq.co and portal.artisthq.co). GA4 uses cookies and similar technologies to collect information such as pages visited, session duration, and traffic sources. This data is used to understand usage trends and improve our Services. GA4 data is not combined with personally identifiable information.

You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at tools.google.com/dlpage/gaoptout.

3.4 Limited Use Disclosure

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We will only use access to read, write, modify, or control Google account data when necessary to provide or improve the features the user has specifically requested.

  • We will not use Google API data for serving advertisements.

  • We will not transfer Google API data to third parties unless necessary to provide or improve user-facing features, required for compliance with applicable laws, or as part of a merger, acquisition, or asset sale with user notice.

  • We will not use Google API data for purposes unrelated to the features requested by the user.

  • Human access to Google API data is limited to situations where it is necessary to respond to a support request, comply with law, or investigate security issues.

4. Payment Processing

We use Stripe, Inc. as our third-party payment processor. When you make a payment through our Services, your payment information (credit card number, billing address, and related financial data) is collected and processed directly by Stripe. We do not store your full credit card number or sensitive payment details on our servers.

We receive from Stripe only the information necessary to confirm transactions and manage your account, such as the last four digits of your card, transaction amounts, and payment status.

Stripe’s handling of your payment data is governed by their privacy policy, available at stripe.com/privacy. Stripe is PCI DSS Level 1 certified, the highest level of certification in the payment card industry.

5. Cookies and Tracking Technologies

Our Services use cookies and similar tracking technologies to enhance your experience and collect usage data.

5.1 Types of Cookies We Use

  • Essential Cookies: Required for the portal to function properly, including authentication session cookies and security tokens.

  • Analytics Cookies: Used by Google Analytics 4 to collect anonymized usage data. These cookies track page views, session duration, and user interactions to help us improve our Services.

  • Preference Cookies: Remember your settings and preferences within the client portal.

5.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or alert you when cookies are being sent. Please note that disabling essential cookies may affect the functionality of the client portal.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Services:

  • Stripe — Payment processing

  • Supabase — Database hosting and management

  • Vercel — Website and portal hosting

  • Google — Authentication, calendar, and analytics services

  • Meta (Facebook/Instagram) — Social media management via authorized API access

  • Social media analytics platforms — Performance monitoring and reporting for client campaigns

These providers are contractually obligated to use your information only as necessary to perform services on our behalf and to maintain appropriate security measures.

6.2 Legal Requirements

We may disclose your information if required to do so by law, in response to a valid legal process (such as a subpoena, court order, or government request), to protect our rights and property, to investigate suspected fraud or violations of our terms, or to protect the safety of our users or the public.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Services prior to your information being transferred and becoming subject to a different privacy policy.

7. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your personal information:

  • All data in transit is encrypted using TLS/SSL encryption.

  • Database access is protected by Row Level Security (RLS) policies ensuring clients can only access their own data.

  • Authentication is managed through secure OAuth 2.0 protocols.

  • Our hosting infrastructure (Vercel and Supabase) maintains SOC 2 compliance and enterprise-grade security.

  • Access to personal data is limited to authorized personnel on a need-to-know basis.

  • Payment data is handled exclusively by PCI DSS Level 1 certified Stripe infrastructure.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining and improving our security practices.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. After termination of a client relationship, we will retain your data as follows:

  • Account information (name, email): Retained for up to 12 months after account deactivation, then permanently deleted.

  • Content files and creative assets: Retained for up to 90 days after the conclusion of services, then permanently deleted unless you request earlier deletion or extended retention.

  • Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).

  • Analytics data: Retained in anonymized, aggregate form and not tied to individual accounts.

You may request deletion of your data at any time by contacting us at info@artisthq.co. We will process deletion requests within 30 days, subject to any legal retention requirements.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Access and Portability

You may request a copy of the personal information we hold about you in a commonly used, machine-readable format.

9.2 Correction

You may request that we correct any inaccurate or incomplete personal information. You can also update certain information directly through your client portal account settings.

9.3 Deletion

You may request that we delete your personal information, subject to certain exceptions (such as data we are required to retain by law).

9.4 Objection and Restriction

You may object to or request restriction of certain processing activities, such as direct marketing communications.

9.5 Revocation of Consent

Where we rely on your consent to process personal information, you may withdraw that consent at any time. You can revoke access to connected Google or Meta services at any time through your respective account settings on those platforms.

9.6 Exercising Your Rights

To exercise any of these rights, please contact us at info@artisthq.co. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

10. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at info@artisthq.co.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, platforms, or services that are not operated or controlled by The Artist HQ. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you interact with through or in connection with our Services.

12. State-Specific Disclosures

12.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

12.2 Tennessee Residents

If you are a Tennessee resident, you may have rights under the Tennessee Information Protection Act (TIPA), including the right to access, correct, delete, and obtain a copy of your personal information, as well as the right to opt out of targeted advertising. To exercise these rights, contact us at info@artisthq.co.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, notify you via email or through a notice on our Services.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

The Artist HQ, LLC

Email: info@artisthq.co

Website: artisthq.co

Privacy Policy URL: artisthq.co/privacy

We aim to respond to all inquiries within 30 business days.

**