Privacy Policy

Last Updated: October 8, 2025

1. Introduction

Extratemporary Limited ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and share information when you use our website and services.

2. Information We Collect

2.1 Account Information

  • Email Address: Required for account creation and authentication
  • Password: Securely hashed and never stored in plaintext
  • Name: Optional, used for personalization

2.2 Payment Information

  • Stripe Customer ID: Created when you make a purchase or subscribe
  • Subscription Status: Active, canceled, past due, etc. (if subscribed)
  • Billing History: Dates and amounts of transactions
  • Payment Details: Processed and stored exclusively by Stripe (we never see your card information)

2.3 Usage Data

  • Artwork Interactions: Which artworks you view, time spent viewing
  • Audio Playback: Transmissions you listen to, language preferences
  • Cart Activity: Items added to cart (stored locally in your browser)
  • Purchase History: Artworks and prints purchased

2.4 Technical Data

  • IP Address: Used for rate limiting and fraud prevention
  • Browser Information: Type, version, and settings
  • Device Information: Device type, screen size, operating system
  • Location Data: Country and city (derived from IP address)

2.5 Cookies and Tracking

  • Google Analytics Cookies: _ga, _ga_*, _gid, _gat
  • Local Storage: Cart data, authentication tokens, language preferences

3. How We Use Your Information

  • Provide Services: Account management, content access, order processing
  • Process Payments: Handle subscriptions and purchases
  • Communicate: Send order confirmations, password resets, and important updates
  • Improve Services: Analyze usage patterns to enhance user experience
  • Security: Prevent fraud and protect against abuse
  • Legal Compliance: Meet regulatory and tax requirements

4. Third-Party Services

We share data with the following trusted service providers:

4.1 Supabase (Database & Authentication)

  • Data Shared: Email, name, user ID, subscription metadata
  • Purpose: User authentication and data storage
  • Privacy Policy: supabase.com/privacy

4.2 Stripe (Payment Processing)

  • Data Shared: Email, user ID, subscription tier
  • Purpose: Payment processing and subscription management
  • Privacy Policy: stripe.com/privacy

4.3 Google Analytics (Analytics)

  • Data Collected: Page views, user interactions, device information
  • Purpose: Understand usage patterns and improve services
  • Privacy Policy: policies.google.com/privacy

4.4 ProtonMail (Email Delivery)

  • Data Shared: Email addresses for order confirmations
  • Purpose: Transactional email delivery
  • Privacy Policy: proton.me/legal/privacy

5. Data Retention

  • Account Data: Until you delete your account, then 30 days
  • Authentication Tokens: Access tokens expire after 1 hour
  • Subscription Data: 12 months after cancellation
  • Transaction Records: 7 years (legal/tax requirements)
  • Analytics Data: 14 months (Google Analytics default)
  • Server Logs: 30 days (if enabled)

6. Your Rights

Under GDPR and CCPA, you have the following rights:

6.1 Access

Request a copy of your personal data

6.2 Correction

Update incorrect or incomplete information in your account settings

6.3 Deletion

Delete your account via the settings panel. Note: Some data may be retained for legal compliance (e.g., transaction records for 7 years)

6.4 Data Portability

Request your data in a machine-readable format

6.5 Opt-Out

Opt out of analytics tracking using your browser settings or cookie consent preferences

6.6 Exercise Your Rights

To exercise these rights, contact us at: I@extratemporary.com

7. Security

We implement industry-standard security measures:

  • Encryption: HTTPS/TLS for all data transmission
  • Password Security: Passwords are hashed using bcrypt
  • Access Control: JWT authentication and row-level security
  • Rate Limiting: Protection against brute force attacks
  • Input Validation: Protection against XSS and SQL injection

8. Cookies

We use cookies for analytics and functionality:

  • _ga, _ga_*: Google Analytics (2 years)
  • _gid: Google Analytics session (24 hours)
  • _gat: Google Analytics throttling (1 minute)

You can disable cookies in your browser settings, but this may affect site functionality.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) and adequacy decisions.

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last Updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related questions or to exercise your rights:

← Back to Portal