Legal
Privacy Policy
Last updated: January 2026
The short version
Studio Card is a tool for artists. Privacy is central to how it works, not an afterthought. Here is what we do and don't do:
- Anonymous scans are anonymous. When a QR code is scanned, we count it. We don't know who scanned it.
- Named interactions are opt-in. Collectors only share their details when they choose to submit a request.
- Artist data stays with the artist. Collector contact information is stored on our servers but belongs to the artist. We never sell it.
- No advertising. No tracking. No social graph.
What we collect
From artists
When you create a Studio Card account, we store:
- Your name and email address (for account management)
- The content of your cards (profile data, exhibition details, etc.)
- Subscription status (free or Pro)
- Scan counts and collector request data (if Pro)
From collectors (anonymous scans)
When someone scans a QR code and views a card, we record:
- That the card was viewed (a scan count increment)
- The country of the request (from Cloudflare's CDN headers, not GPS)
- The date and approximate time
We do not collect the scanner's IP address, device identifier, or any other personally identifying information for anonymous scans.
From collectors (named requests)
When a collector chooses to submit a save, enquiry, RSVP, or other request:
- Their email address (required)
- Their name (optional)
- A message (optional, for artwork enquiries)
- Which card they interacted with, and when
This information is shared with the artist whose card was scanned, and only that artist. It is never shared with other artists, third parties, or used for advertising.
How we use data
- To operate the service (display card pages, route requests)
- To show artists their scan counts and collector activity
- To send transactional emails (account-related only)
- To improve the product (aggregated, never individual)
We do not use your data to train AI models.
Data retention
- Artist accounts: retained until deletion requested
- Card data: retained until card is deleted by artist
- Scan records: retained for 24 months, then anonymised further (country and month only)
- Collector request data: retained for the duration of the artist's account, or 90 days after downgrade from Pro, whichever is longer
Data deletion
Artists can delete their account and all associated data at any time from the iOS app (Settings → Delete Account) or by emailing hi@studiocard.art. Deletion is permanent and processed within 14 days.
Collectors can request deletion of their submitted data by emailing hi@studiocard.art with the email address they used.
Cookies
We use a single session cookie to prevent duplicate scan counts within a 24-hour window. We do not use advertising cookies, tracking pixels, or analytics cookies.
Third parties
Studio Card uses the following infrastructure providers:
- Cloudflare — hosting, CDN, and database. Data is stored in the EU where possible.
- Apple — in-app purchases and Sign in with Apple. Apple's own privacy policy applies.
We do not use Google Analytics, Meta Pixel, or any advertising SDK.
GDPR
Studio Card is operated from Europe. We process personal data in compliance with the General Data Protection Regulation (GDPR). Your rights include:
- Right of access — request a copy of your data
- Right to rectification — correct inaccurate data
- Right to erasure — delete your data
- Right to data portability — receive your data in CSV format
- Right to object — opt out of processing
To exercise any of these rights, email hi@studiocard.art. We respond within 30 days.
Children
Studio Card is not directed at children under 13. We do not knowingly collect data from children.
Changes to this policy
We will notify active artists by email before making material changes to this policy.
The current version is always at studiocard.art/privacy.
Contact
Questions about privacy: hi@studiocard.art