art.quietidiot

Privacy Policy

Last updated: May 2026

1. Who we are

art.quietidiot.com is a personal photography website and print store operated by a single artist based in New Zealand. For any privacy questions, contact [email protected].

2. What we collect

When you create an account or make a purchase, we store:

  • Email address and name (if provided)
  • OAuth provider identifiers (if you sign in with Google, Facebook, or X)
  • Shipping addresses you save to your account
  • Order history (items purchased, amounts, shipping details, tracking)

If you submit a commission enquiry via the contact form, we store your name, email, project description, timeline, and budget range so we can respond to your enquiry.

We do not collect or store payment card details. All payments are processed by Stripe, who handle card data directly on their secure infrastructure.

3. Why we need it

  • To fulfil your print orders and send shipping updates
  • To respond to commission enquiries
  • To let you view your order history and manage saved addresses
  • To verify your account and keep it secure

4. Where data is stored

All data is stored in a PostgreSQL database on a secured VPS in Germany (Hetzner). Image files are stored in Cloudflare R2 object storage. Emails are sent via Resend. Payments are processed by Stripe. Print orders are fulfilled by our print partners.

5. Third parties

  • Stripe — payment processing (receives order total and your payment method directly)
  • Print partners — print fulfilment (receives shipping address and order items)
  • Resend — transactional email delivery (receives your email address)
  • Cloudflare — CDN and DDoS protection (sees your IP address)

We do not sell, rent, or share your data with any other parties. There are no advertising networks, analytics trackers, or marketing services on this site.

6. How long we keep it

Account information is kept for as long as your account exists. When you delete your account, your personal details and saved addresses are permanently removed.

Order records are retained indefinitely for accounting, tax compliance, and business records. When an account is deleted, the associated user reference on orders is removed, but the order itself remains as an anonymised transaction record.

Commission enquiries are kept for the duration of the conversation and may be retained for portfolio reference. They are not linked to user accounts.

7. Your rights

You can at any time:

  • Delete your account and all associated personal data from your account dashboard
  • Request a copy of your data by emailing us
  • Ask us to correct any inaccurate information

See our Data Deletion page for step-by-step instructions.

8. Cookies

We use a single session cookie (JWT token stored in your browser's localStorage) to keep you signed in. OAuth sign-in flows use a temporary cookie to prevent forgery — it expires after 10 minutes. We do not use tracking cookies, analytics cookies, or third-party cookies.

9. Contact

For privacy-related requests, email [email protected].