Privacy Policy

1. Introduction & Scope

RedPhantomOps LLC ("Company," "we," "us," "our"), a Florida limited liability company, operates the Artistico marketplace platform (the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use the Platform. This policy applies to all users, including Buyers, Sellers, and visitors.

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Information You Provide

• Account Information: Display name, email address, and password (stored as a cryptographic hash by Firebase Authentication).
• Profile Information: Bio, location, specialties, social media links, and profile images.
• Transaction Information: Shipping addresses and order details. Payment card data is collected and processed directly by Stripe and is never stored on our servers.
• Content: Projects, product listings, images, descriptions, and messages you submit to the Platform.
• Communications: Emails, support requests, and feedback you send to us.

2.2 Information Collected Automatically

• Device & Usage Data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, and actions taken on the Platform.
• Cookies & Similar Technologies: We use cookies for authentication, session management, and analytics. See Section 11 below.

2.3 Information from Third Parties

• Google Sign-In: If you authenticate via Google, we receive your name, email address, and profile picture from your Google account.
• Stripe: We receive transaction confirmations, payout statuses, and dispute notifications from Stripe. We do not receive your full card number.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide & Maintain the Platform: Operate your account, process transactions, fulfill orders, and enable communication between Buyers and Sellers.
• Process Payments: Facilitate transactions via Stripe, distribute seller payouts, and apply marketplace fees.
• Communications: Send transactional emails (order confirmations, shipping updates, account notifications). We do not send marketing communications without your explicit opt-in consent.
• Improve the Platform: Analyze usage patterns to improve features, fix bugs, and optimize performance.
• Safety & Security: Detect and prevent fraud, abuse, security incidents, and policy violations.
• Legal Compliance: Comply with applicable laws, regulations, legal processes, and government requests.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Stripe: Payment and identity information necessary to process transactions. Subject to Stripe's Privacy Policy.
• With Firebase / Google Cloud: Account, authentication, and content data necessary to host and operate the Platform. Subject to Google's Privacy Policy.
• With Other Users: Your public profile information is visible to other users. When you purchase a physical product, your shipping address is shared with the Seller to fulfill the order.
• Legal Requirements: We may disclose information if required by law, court order, subpoena, or government request, or if we believe disclosure is necessary to protect our rights, safety, or property, or that of our users or the public.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity.

5. Third-Party Services

The Platform relies on the following third-party services that may process your data:

• Firebase Authentication — User account creation and sign-in (including Google Sign-In).
• Cloud Firestore — Database storage for profiles, products, projects, orders, and messages.
• Firebase Cloud Storage — Image and file uploads.
• Firebase App Hosting / Google Cloud — Application hosting and infrastructure.
• Stripe Payments & Stripe Connect — Payment processing, seller payouts, and financial compliance.

Each service processes data in accordance with its own privacy policy and terms. We encourage you to review their policies.

6. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within thirty (30) days, except as required by law.
• Transaction Records: Retained for seven (7) years to comply with tax and financial reporting obligations.
• User Content: Deleted upon account deletion, except where retention is required for legal compliance or ongoing dispute resolution.
• Backups: Automated backups are purged within ninety (90) days of data deletion.

7. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your information:

• All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Firebase Security Rules restrict database and storage access to authorized users.
• Payment card data is processed exclusively by Stripe, which maintains PCI DSS Level 1 compliance. We never store, process, or have access to your full card number.
• Passwords are cryptographically hashed; we do not store plaintext passwords.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights

8.1 All Users

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data Portability: Request a copy of your data in a structured, commonly used format.

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of personal information, subject to exceptions.
• Right to Opt-Out of Sale: We do not sell personal information as defined by the CCPA.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

8.3 Florida Residents (FIPA)

Under the Florida Information Protection Act (FIPA), we will notify affected Florida residents within thirty (30) days in the event of a data breach involving personal information.

8.4 How to Exercise Your Rights

To exercise any of the above rights, contact us at privacy@redphantomops.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

9. Children's Privacy

The Platform is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete it promptly. If you believe we have collected information from a minor, please contact us at privacy@redphantomops.com.

10. International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Platform, you consent to such transfer.

11. Cookies & Tracking

We use the following categories of cookies:

• Essential Cookies: Required for authentication and session management. These cannot be disabled without breaking core Platform functionality.
• Functional Cookies: Remember your preferences (e.g., display settings).
• Analytics Cookies: Firebase and Google may use analytics cookies to help us understand Platform usage patterns. These are used solely to improve the Platform.

You can control cookies through your browser settings. Disabling essential cookies may impair Platform functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' advance notice by posting the revised policy on the Platform, updating the "Last Updated" date, and, for registered users, sending notice via email. Your continued use of the Platform after the effective date constitutes acceptance of the revised policy.

13. Contact Information

For privacy-related questions or to exercise your data rights, contact: