Privacy Policy
This Privacy Policy explains how Direct.Art (trading name), operated by the Direct.Art founding team pending incorporation as a UK limited company (“Direct.Art”, “we”, “us”, or “our”), collects and uses personal information when you visit our marketing website at direct.art / www.direct.art, join our early-access waitlist, or use related services we make available during our pre-launch phase.
We aim to be transparent and to comply with applicable data-protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who is responsible for your data?
Direct.Art is the data controller for personal information described in this policy. We are not yet a registered limited company. Until incorporation is complete, the founding team operates Direct.Art as a pre-incorporation venture.
Privacy contact: hello@direct.art
2. What information we collect
Depending on how you interact with us, we may collect:
- Waitlist and contact details — email address, name, country, phone number (optional), social handles (optional), website URL (optional), and preferences you select (such as art styles, mediums, or subjects).
- Marketing attribution — referrer URL, UTM campaign parameters, and the page or hostname you signed up from.
- Technical and security data — IP address, browser user-agent, and timestamps when you submit forms or interact with our API. Our hosting and infrastructure providers may also process server logs.
- Local storage on your device — we store waitlist form preferences and cookie-consent choice in your browser’s local storage. See our Cookie Policy.
- Connected social accounts (where offered) — if you choose to connect an Instagram or similar account through Direct.Art integrations, we process the information required to provide that connection (for example account identifiers, profile information, and messaging data made available through the platform’s APIs), in line with the permissions you grant and the third-party platform’s terms.
- Communications — if you email us or we contact you about early access, we keep the content of those messages and related metadata.
We do not intentionally collect special-category data (such as health or biometric data).
3. How we use your information
We use personal information to:
- operate the website and waitlist;
- respond to enquiries and manage early-access communications;
- understand interest in Direct.Art and improve our pre-launch experience;
- maintain security, prevent abuse, and troubleshoot technical issues;
- comply with legal obligations; and
- provide social or messaging integrations you explicitly connect (where available during testing or early access).
We do not sell your personal information. We do not use waitlist data for unrelated third-party marketing.
4. Legal bases (UK GDPR)
- Consent — where you submit the waitlist form or opt in to communications.
- Legitimate interests — to operate and secure our website, understand demand for early access, and improve our service, balanced against your rights.
- Contract / pre-contractual steps — where processing is necessary before providing access you have requested.
- Legal obligation — where we must retain or disclose information by law.
5. Who we share information with
We use trusted service providers (“processors”) that host or support our operations, including:
- website hosting and content delivery (for example Vercel);
- database and storage (for example Supabase, within the EU/UK where configured);
- API and backend infrastructure (for example Render);
- social platform providers (for example Meta / Instagram) when you connect an account; and
- email or communication tools if we use them to contact you.
These providers process data on our instructions and under appropriate contractual safeguards. We may also disclose information if required by law, regulation, court order, or to protect our rights, users, or the public.
6. International transfers
Some providers may process data outside the UK. Where this occurs, we rely on appropriate safeguards such as UK adequacy regulations, Standard Contractual Clauses, or equivalent mechanisms required by UK GDPR.
7. How long we keep information
- Waitlist records — until you ask us to delete them, you unsubscribe, or they are no longer needed for early-access administration (typically reviewed at least annually).
- Server logs — for a limited period necessary for security and debugging.
- Connected integration data — while your connection remains active and as needed afterwards for compliance, dispute resolution, or deletion requests.
8. Your rights
If UK GDPR applies, you may have the right to:
- access your personal information;
- correct inaccurate information;
- request erasure in certain circumstances;
- restrict or object to certain processing;
- data portability where applicable; and
- withdraw consent where processing is based on consent.
To exercise these rights, email hello@direct.art. We may need to verify your identity before responding.
You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
9. Security
We use administrative, technical, and organisational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10. Children
Our services are not directed at children under 16. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
11. Third-party links and platforms
Our website may link to third-party sites or allow you to connect third-party accounts. Their privacy practices are governed by their own policies (for example Meta’s policies for Instagram). We encourage you to review them.
12. Changes to this policy
We may update this Privacy Policy from time to time. The effective date at the top will change when we do. Material changes may be highlighted on the website or communicated where appropriate.
13. Contact
Questions about this policy or our use of personal information: hello@direct.art