Legal

Privacy Policy

Last updated: March 2026

artbyjj is a small, independent art shop run by Jason. We take your privacy seriously and only collect what is needed to process your orders and provide a good experience. This policy explains exactly what we collect, why, and how it is protected.

1. What information we collect

Account information

If you create an account, we store your email address and a securely hashed password. We do not store your full name, date of birth, or any other personal details beyond your email.

Order information

When you place an order we store your email address, the items purchased, and the order total. This is used to confirm your order and for your order history if you have an account.

Payment and shipping information

Payments are processed by Square. Your name, shipping address, phone number, and card details are entered directly on Square's secure checkout page and are never transmitted to or stored on our servers. We only receive confirmation that a payment was completed.

Cart data

Your shopping cart is stored in your browser's local storage only. It is never sent to our servers unless you proceed to checkout.

Contact form

If you send a message through our contact page, the information you provide (name, email, and message) is used solely to respond to your enquiry and is not stored in a database.

2. How we use your information

To process and fulfil your orders
To provide order history in your account
To respond to enquiries or commission requests
To send order confirmation emails

We do not sell your data, share it with third parties for marketing purposes, or use it for advertising.

3. How your data is stored and protected

Your account and order data is stored on Supabase, a hosted database platform that is SOC 2 certified and uses industry-standard encryption at rest and in transit. Access controls ensure that each user can only view their own orders and saved items.

Our website is served over HTTPS. Passwords are hashed by Supabase and never stored in plain text.

4. Cookies

We use a single session cookie (abj_admin) only for admin access to the Studio. No tracking cookies, advertising cookies, or third-party analytics cookies are used on this site.

5. Your rights

You have the right to:

Request a copy of the data we hold about you
Ask us to correct inaccurate data
Ask us to delete your account and associated data

To exercise any of these rights, contact us using the details below and we will respond within 30 days.

6. Data retention

We retain order records for up to 3 years for accounting purposes. If you delete your account, your personal details are removed but anonymised order records may be kept.

7. Third-party services

Square — payment processing. Square's Privacy Policy
Supabase — database and authentication. Supabase's Privacy Policy
Vercel — website hosting. Vercel's Privacy Policy

8. Changes to this policy

If we make significant changes to this policy, we will update the date at the top of this page. Continued use of the site after changes are posted means you accept the updated policy.

Questions about your privacy?

Reach out through our contact page and we will get back to you as soon as possible.