Privacy Policy
This Privacy Policy explains how Key.Art ("Key.Art," "we," "us") processes personal data when you use our website (www.key.art) and our related application (www.key.art/app), services, tools and features (collectively, the "Services").
By using the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Services.
Controller and contact details
Data controller: Pentagram Film AB (Sweden), operating the Service under the Key.Art brand (until a dedicated operating company is established).
Address: Key.Art c/o Pentagram Film AB, Tre Liljor 3, 113 44 Stockholm, Sweden
Contact: support@key.art
Privacy contact: support@key.art
IP/Copyright contact: support@key.art
What personal data we collect
2.1 Account data
Name (optional), email address
Username / account identifiers
Password (stored as a hash via our authentication provider)
2.2 Subscription and billing data
Plan type, subscription status, invoices/receipts
Payment confirmations and transaction references
Note: Payment details (such as full card numbers) are typically processed by our payment provider and/or merchant-of-record partner, not stored directly by us.
Payment provider / Merchant of record: Polar Software Inc.
2.3 Usage and device data
Log data (IP address, timestamps, pages viewed, feature usage)
Device and browser information
Approximate location derived from IP (country/city level)
2.4 Support and communications
Messages you send to support (email, chat)
Service emails we send (billing, security, account notices)
2.5 User content in the Service
Collections, saved searches, tags, notes, and other content you create in your account (not public unless you choose to share when sharing features exist).
Why we process personal data (purposes and legal bases)
We process personal data for the following purposes:
3.1 Provide the Service (contract)
Create and manage accounts
Authenticate users and provide features (collections, search, etc.)
Provide customer support
Legal basis: performance of a contract (or steps prior to entering a contract).
3.2 Security, fraud prevention, and service integrity (legitimate interests)
Prevent abuse, credential sharing, and unauthorized access
Maintain logs and detect incidents
Legal basis: legitimate interests in keeping the Service secure and reliable.
3.3 Billing and accounting (legal obligation / contract)
Process payments and maintain accounting records
Handle refunds where applicable
Legal basis: contract and/or legal obligation.
3.4 Improve and develop the Service (legitimate interests; consent where required)
Understand how the Service is used
Fix bugs and improve performance
Legal basis: legitimate interests; analytics cookies may require consent depending on your location and applicable law.
3.5 Marketing communications (consent or legitimate interests, depending on law)
Send product updates and offers where permitted
You can opt out at any time
Legal basis: consent or legitimate interests depending on context and applicable law.
How we share personal data
We share personal data only as necessary, including with:
Hosting / infrastructure providers: Supabase PostgreSQL database / DigitalOcean Spaces object storage
Authentication provider: Supabase Auth & Db
Analytics provider(s): Google Analytics / Polar Software Inc.
Email / customer support tools: CORDNET OÜ (d/b/a “Featurebase”)
Payment providers / merchant-of-record: Polar Software Inc.
Professional advisors (lawyers, auditors) as needed
Authorities if required by law or to protect rights/safety
We require service providers (processors) to protect personal data and use it only for providing services to us.
Data retention
We keep personal data only as long as needed for the purposes described above, including while your account is active and as needed for legal, accounting, or dispute purposes.
Your rights
Depending on your location and applicable law (including EU/EEA users), you may have rights to:
access your personal data
correct inaccurate data
delete data
restrict or object to processing
data portability
withdraw consent (where processing is based on consent)
lodge a complaint with a supervisory authority
To exercise rights, contact support@key.art.
Security
We use appropriate technical and organizational measures to protect personal data. However, no system is 100% secure.
Children
The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided personal data to us, please contact support@key.art and we will take steps to delete such information.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date indicates when changes were made. If changes materially affect your rights, we will take reasonable steps to notify you.
1 1. Contact and complaints
Privacy questions: support@key.art
If you are in Sweden, you may also contact the Swedish supervisory authority (IMY) to lodge a complaint.
International transfers
If personal data is transferred outside the EU/EEA, we will use appropriate safeguards such as adequacy decisions or Standard Contractual Clauses (and additional measures where required).