Privacy Policy

This Privacy Policy explains how Arteesa collects, uses, stores, shares, and protects personal data when you use Arteesa websites, mobile apps, and related services (collectively, the "Services").

1. Data Controller and Contact

Arteesa is operated by BST CONSULTING NIGERIA LIMITED ("Arteesa", "we", "us", "our"). For privacy questions, contact hello@arteesa.app.

2. Scope

This policy applies to clients, artisans, visitors, and any person interacting with Arteesa services, including website waitlists, mobile app onboarding, booking, messaging, wallet, payment, and review flows.

3. Data We Collect

3.1 Account and profile data

• Name, email address, phone number, account role (client/artisan/admin), password hash, OTP verification status.
• Profile photo/avatar, biography, artisan service categories, years of experience, service radius, and availability status.

3.2 Location and address data

• User-provided address text and optional latitude/longitude for service discovery and booking fulfillment.
• Device location data where permission is granted.

3.3 Service and booking data

• Service listings, booking details, schedule, location, quote/invoice references, booking status history.
• Uploaded photos and notes attached to bookings or profiles.

3.4 Messages and community data

• Conversation and message content (text/images/location/invoice messages), timestamps, read status.
• Ratings, reviews, complaints, abuse reports, and moderation outcomes.

3.5 Payment and wallet data

• Payment references, payment status, booking amounts, platform fees, transaction history.
• Wallet balances and payout requests.
• Artisan payout details (for example bank account metadata required for settlement).

3.6 Device, technical, and security data

• Device/app identifiers, IP address, logs, fraud signals, crash/diagnostic signals, and anti-abuse metadata.

4. Data Sources

• Directly from you (forms, profile edits, bookings, messages, support requests).
• Automatically from your use of the Services (logs, analytics, device and security events).
• From payment and infrastructure partners to confirm transaction outcomes and prevent fraud.

5. Why We Process Data

• To create and secure accounts (authentication, OTP, account recovery).
• To match clients and artisans, manage bookings, process payments, and settle payouts.
• To provide in-app messaging and support interactions.
• To detect abuse, prevent fraud, and enforce terms and community guidelines.
• To comply with legal, tax, accounting, and regulatory obligations.
• To improve product performance, reliability, and user experience.
• To send service notices and, where permitted, marketing communications.

6. Legal Bases (Global)

Where applicable under local law (including GDPR/UK GDPR), we rely on:

• Contract necessity (service delivery, booking, payment, support).
• Legitimate interests (fraud prevention, quality assurance, security, analytics).
• Consent (certain location uses, marketing preferences, optional cookies).
• Legal obligation (financial records, tax/regulatory compliance, dispute records).

7. How We Share Data

We may share data with:

• Payment processors and financial partners for transaction processing and settlement.
• Cloud, hosting, analytics, communication, and security service providers operating on our instructions.
• Counterparties in a transaction (for example client and artisan details needed to complete booked work).
• Professional advisers, auditors, law enforcement, or regulators where required.
• Potential acquirers in a merger/acquisition scenario subject to confidentiality and lawful transition controls.

We do not sell personal data in exchange for money.

8. Cookies and Similar Technologies

Arteesa websites use cookies and similar technologies for core functionality, analytics, and optional marketing attribution. See the Cookies and Tracking Notice for details and controls.

9. Data Retention

• Account/profile data: retained while your account is active and for a limited period after closure.
• Booking/payment/wallet records: retained as required for legal, tax, accounting, anti-fraud, and dispute defense.
• Support/abuse reports: retained to enforce trust and safety obligations.
• Where deletion is requested, we delete or anonymize data unless retention is required by law or legitimate legal defense.

10. Your Privacy Rights

Subject to local law, you may request:

• Access to your data.
• Correction of inaccurate data.
• Deletion of your account/data.
• Restriction or objection to certain processing.
• Data portability where technically feasible.
• Withdrawal of consent where processing relies on consent.

Use the Data Rights Request page or email hello@arteesa.app.

11. Account Deletion

If your app account can be created, you can also request deletion from within the app and through the web pathway at Delete Account Request.

12. Security Controls

• Role-based access controls, authentication controls, and token/session handling.
• Transport security and operational logging.
• Periodic review of third-party integrations and SDK behavior.

No method of transmission or storage is perfectly secure; use strong credentials and protect your devices.

13. International Data Transfers

Data may be processed in multiple jurisdictions. Where required, we apply safeguards such as contractual controls and equivalent security standards.

14. Age Restriction

Arteesa is intended for adults (18+). We do not knowingly allow children to create accounts. If we learn a child account was created without valid authorization, we will remove it.

15. Policy Changes

We may update this policy to reflect legal, operational, or product changes. Material updates will be posted with a revised effective date and, where required, additional notice.

16. Contact and Complaints

Contact hello@arteesa.app. If your local law grants rights to complain to a supervisory authority, you may do so.

This document is for operational readiness and must be validated by legal counsel before release.