Privacy Policy
Last updated: January 12, 2026
This Privacy Policy describes how artygroup ("we", "us", or "our") collects, uses, and shares information when you use our esigned Shopify application ("the App").
1. Information We Collect
When merchants install and use our App, we collect:
From Merchants:
- Shopify store information (store name, domain, email)
- Uploaded waiver/agreement PDF documents
- App configuration settings (branding colors, notification preferences)
- Product associations for waiver requirements
From Customers (Waiver Signers):
- Full name
- Email address
- Electronic signature (drawn or typed)
- Date/time of signature
- IP address (for legal verification)
- Browser/device information (for legal verification)
- Responses to custom waiver fields (text, checkboxes, dates)
2. How We Use Information
We use collected information to:
- Provide electronic signature and waiver management services
- Generate legally-binding signed PDF documents
- Link signed waivers to Shopify orders and customer accounts
- Send confirmation emails to signers (when enabled)
- Notify merchants of new signatures (when enabled)
- Maintain audit trails for legal compliance
- Improve and maintain the App
3. Legal Basis for Processing
We process personal data based on:
- Contract: To provide the services merchants have subscribed to
- Consent: Customers provide explicit consent when signing waivers
- Legitimate Interest: To maintain security and improve services
- Legal Obligation: To maintain records as required by law
4. Data Storage and Security
We take data security seriously:
- All data is stored on secure, encrypted servers (Supabase/AWS infrastructure)
- PDF documents are stored with AES-256 encryption at rest
- All data transmission uses TLS 1.3 encryption
- Access to data is restricted to authorized personnel only
- We maintain security logs and conduct regular security reviews
5. Data Retention
- Signed waivers: Retained for the duration specified by the merchant, or 7 years by default (for legal compliance)
- Unsigned/draft documents: Retained while the merchant's account is active
- Account data: Retained while the App is installed, deleted within 30 days of uninstallation
Merchants can request earlier deletion of specific records through the App interface.
6. Data Sharing
We do not sell personal data. We share data only:
- With Shopify: As required to integrate with the Shopify platform
- With merchants: Customer signature data is shared with the merchant whose waiver was signed
- Service providers: We use trusted providers for hosting (Supabase/AWS) and email delivery
- Legal requirements: When required by law, court order, or to protect rights and safety
7. Your Rights
Depending on your location, you may have rights to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data (subject to legal retention requirements)
- Object to or restrict processing
- Data portability (receive your data in a structured format)
- Withdraw consent at any time
To exercise these rights, contact us at the address below.
8. Cookies and Tracking
The App uses:
- Session storage: To track waiver signing progress during a session
- Local storage: To remember completed waivers for the current shopping session
We do not use third-party tracking or advertising cookies.
9. International Data Transfers
Data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.
10. Children's Privacy
Our App is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify merchants of significant changes via email or in-app notification. Continued use of the App after changes constitutes acceptance.
12. Contact Us
For privacy-related questions or to exercise your rights:
Email: gracie@artygroup.com
Address:
artygroup
1925 Century Park E, #1800
Los Angeles, CA 90067
13. For California Residents (CCPA)
California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt-out of the sale of personal information. We do not sell personal information.
14. For EU/EEA Residents (GDPR)
If you are in the EU/EEA, the data controller is the merchant using our App to collect waivers. We act as a data processor on their behalf. You may contact your local data protection authority if you have concerns.