AI ART MARKETPLACE

Lux et Ars

Privacy Policy

How we collect, use, store and protect your personal data — incl. GDPR rights.

Last updated: 17. November 2025

Controller Scope Data Purposes & Bases Cookies Sharing Transfers Retention Security GDPR Rights Minors DNT Changes Contact

1) Data Controller

Controller: Lux et Ars – Owner: Robin Engelmann (sole proprietorship)
Address: Hirtzweg 7, 36119 Neuhof, Germany
Email: privacy@luxetars.ai
DPO: Not appointed / not required

2) Scope

Applies to luxetars.ai and services (accounts, uploads, auctions, purchases, certificates, wallet, support).

3) Data We Collect

  • Account: email, hashed password, settings.
  • Profile & content: avatar, bio, social links; artworks + metadata you provide (incl. process notes you choose to share).
  • Transactions: orders, invoices, certificates/provenance, wallet activity.
  • KYC/AML (when required): identity/address for compliance on higher-value purchases/payouts.
  • Device & usage: IP, headers, pages, timestamps, logs, cookie/local-storage IDs.
  • Analytics & events: page views, clicks, scrolls, outbound links, errors; IP address (truncated/anonymized where configured), user agent, referrer, device/browser info, and custom events; collected via first-party Umami (self-hosted) and Ahrefs only after you accept analytics.
  • Comms: support messages, notifications, consent choices.

Don’t include sensitive personal data in prompts, descriptions, or uploads.

4) Purposes & Legal Bases (Art. 6 GDPR)

  • Contract (6(1)(b)): accounts, checkout, delivery of digital files/certificates.
  • Compliance (6(1)(c)): tax records, KYC/AML, legal requests.
  • Legitimate interests (6(1)(f)): security/fraud, service reliability, feature improvement, limited user marketing/engagement. You may object where allowed (see Rights).
  • Consent (6(1)(a)): analytics (Umami, Ahrefs), marketing emails, and any other optional cookies/trackers; withdraw anytime.
  • Vital interests (6(1)(d)): rarely, to protect individuals.

5) Cookies & Tracking

We use essential cookies for operation. Analytics (first-party Umami, self-hosted, and Ahrefs) only run after you accept analytics in the banner or site settings. Some browsers/blockers may hide the settings UI; in that case analytics stay off unless you allow them in your browser. See Cookie Policy for details and browser-level controls.

6) Sharing & Processors

We share as needed with payment processors, cloud hosting/storage, email/messaging, analytics/anti-abuse, and print/shipping providers under DPAs, plus where law requires. We do not sell personal data.

7) International Transfers

Use adequacy decisions or SCCs with supplementary measures, where appropriate.

8) Retention

  • Account/profile: for account lifetime (or deletion request, subject to legal retention).
  • Transactions/invoices: per statute (e.g., tax/commerce), up to ~10 years.
  • Certificates/provenance: retained to preserve ownership history.
  • KYC/AML: per financial regulation.
  • Logs/diagnostics: short cyclical periods for reliability/security.

9) Security

Organizational & technical measures (encryption in transit, access controls, least-privilege, monitoring). No system is 100% secure.

10) Your Rights

  • Access, rectification, deletion, restriction, portability, and objection (Arts. 15–21 GDPR).
  • Withdraw consent anytime (does not affect prior processing).
  • Complain to your supervisory authority.

Exercise rights via privacy@luxetars.ai or /contact.

11) Minors

Not directed to children under 18. Contact us to remove any such data.

12) Do-Not-Track

No unified DNT standard; we currently don’t respond. Use cookie preferences.

13) Changes

We will announce material updates. Continued use implies acceptance.

14) Contact

Email: privacy@luxetars.ai · Postal: Hirtzweg 7, 36119 Neuhof, Germany · See also Terms.

Back to About