Privacy Policy

Who we are

SWW.art is operated by Shorpo Research Inc. (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, and protect your information when you use our e-commerce platform and any associated services (collectively, the “Services”).

What we collect

We collect only the information necessary to provide the Services:

• Account information (name, email address, hashed password) for authentication
• Order and transaction data (items purchased, shipping address, order history)
• Payment information processed securely through Stripe — we never store your credit card details on our servers
• Content you upload (artwork images, product descriptions) if you are a seller
• Newsletter subscription email addresses, if you opt in

Where your data is stored

Your data is primarily processed and stored in Europe (Germany) on OVHcloud infrastructure. Some data is processed in the United States by third-party services including Stripe (payments), Cloudflare R2 (file storage), and HyperDX (observability).

OVHcloud is certified to the following standards:

• ISO/IEC 27001:2022 — information security management
• ISO/IEC 27017 — cloud-specific security controls
• ISO/IEC 27018 — protection of personal data in public cloud
• ISO/IEC 27701:2019 — privacy information management
• SOC 1 and SOC 2 Type II — independent security audits

Encryption

All data is encrypted in transit using TLS 1.3. Databases are encrypted at rest using AES-256. Uploaded files (artwork images, documents) are encrypted at rest and transmitted over encrypted connections only. Passwords are hashed using bcrypt and are never stored in plaintext.

Payment processing

All payments are processed securely through Stripe, a PCI DSS Level 1 certified payment processor. We do not store, process, or have access to your full credit card numbers. Stripe handles all sensitive payment data according to the highest industry security standards.

Analytics

We use privacy-focused analytics to understand how our Services are used and to improve the user experience. We do not use third-party advertising trackers, retargeting pixels, or sell your data to advertisers. We do not use third-party cookies for advertising purposes.

Your rights

Under the Personal Information Protection and Electronic Documents Act (PIPEDA) you have the right to:

• Access the personal information we hold about you and be informed of its use
• Challenge the accuracy of your personal information and have it corrected
• Withdraw consent for the collection, use, or disclosure of your personal information
• Request deletion of your personal information, subject to legal retention obligations

To exercise any of these rights, contact us at the address below. We will respond within 30 days. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

Data retention and deletion

You can delete your account and all associated personal data by contacting us. We will process deletion requests within 30 days. Upon deletion, all personal data including order history, account details, and uploaded content is permanently removed from our systems. We may retain anonymized transaction records as required for tax and accounting compliance.

Data breach notification

In the event of a breach of security safeguards involving personal information that poses a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as soon as feasible, in accordance with PIPEDA breach notification requirements.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.

Contact

Shorpo Research Inc.
Email: [email protected]