Privacy Policy

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

2. Data Controller

The party responsible for data processing on this website is:

Norman Schütt
Gerbereistr. 14
69168 Wiesloch
Germany

Email: [email protected]

3. Data Collection on This Website

Waitlist / Email Notification

When you register for our waitlist, we store your email address.

Purpose: We use your email address exclusively to notify you about the launch of Artifacture.

Legal Basis: Processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. By submitting the form, you consent to the storage and processing of your email address.

Storage Duration: Your email address will be stored until you withdraw your consent or until the product launch. After that, it will be deleted within 30 days, unless you provide further consent to use the product.

Database Storage: Your email address is stored in a PostgreSQL database provided by Neon.tech.

Database Provider:
Neon, Inc.
2261 Market Street #4008
San Francisco, CA 94114
USA

Data Location: Your email address is stored on servers located in Frankfurt, Germany (EU). The physical infrastructure is provided by Microsoft Azure. While Neon is a US-based company, your personal data remains within the European Union and is subject to EU data protection law (GDPR).

More information: Neon Privacy Policy

Third-Party Disclosure: Your data will not be shared with third parties for marketing purposes. However, your data is technically stored with our infrastructure providers (Neon for database, Railway for hosting, Cloudflare for CDN) as described in this policy.

Withdrawal: You can withdraw your consent at any time by sending an email to [email protected]. After withdrawal, we will delete your data immediately from all systems.

AI-Powered Code Transformation

When you use our service to deploy your Claude Artifact, we process your HTML code using artificial intelligence to transform it into a production-ready application.

AI Provider:
Anthropic PBC
San Francisco, CA
USA

Data Processed: Your uploaded HTML artifact code is sent to Anthropic's Claude API for transformation. This may include any code, comments, or sample data contained in your artifact.

Purpose: The AI processes your code to add authentication, database integration, and other production features as part of the core service functionality.

Legal Basis: Processing is based on Art. 6 para. 1 lit. b GDPR (performance of contract) as this AI transformation is essential to provide the service you requested.

Data Retention: According to Anthropic's policy, API inputs and outputs are not used for training and are retained for a maximum of 30 days for abuse monitoring, then permanently deleted.

Security & Compliance: Anthropic is SOC 2 Type II certified and maintains enterprise-grade security standards. Data transfer to the USA is protected by appropriate safeguards including Standard Contractual Clauses (SCCs).

Important: Do not include sensitive personal data, passwords, or confidential information in your artifacts. You are responsible for ensuring your uploaded code does not contain data that should not be processed by third-party services.

More information: Anthropic Privacy Policy | Commercial Terms

Code Storage & Version Control

After AI transformation, your code is automatically stored in a private GitHub repository. This repository is created specifically for your deployment and contains the transformed application code.

Code Hosting Provider:
GitHub, Inc. (a Microsoft subsidiary)
88 Colin P Kelly Jr Street
San Francisco, CA 94107
USA

Data Processed: Your complete application code including:

• Your original artifact code (HTML, CSS, JavaScript)
• AI-transformed production code
• Any sample data, comments, or content within your code
• Configuration files and deployment settings

Purpose: GitHub storage is essential for:

• Version control and deployment pipeline
• Automatic deployment to Railway hosting
• Providing you with access to your source code
• Enabling future updates and modifications

Legal Basis: Processing is based on Art. 6 para. 1 lit. b GDPR (performance of contract) as GitHub storage is essential to deliver the deployment service you requested.

Repository Privacy: All repositories are created as private repositories. Only you and our service account have access. Your code is not publicly visible.

Intellectual Property: You retain full ownership of your original artifact code and intellectual property. The transformed code includes our proprietary transformation logic and infrastructure templates. Repository access or ownership transfer can be requested and will be subject to our terms of service and applicable fees.

Data Retention & Deletion: Your repository remains active as long as your deployment exists. You can request repository deletion at any time by contacting us at [email protected]. We will delete the repository within 7 days of your request.

Security & Compliance: GitHub is SOC 2 Type II certified, ISO 27001 certified, and GDPR-compliant. Data transfer to the USA is protected by Standard Contractual Clauses (SCCs).

Important Note: While we create private repositories, GitHub (as a Microsoft service) has technical access to all data stored on their platform. Do not include highly sensitive information, trade secrets, or confidential data that should not be stored on third-party infrastructure.

More information: GitHub Privacy Statement | GitHub Terms

Server Log Files

Our hosting provider automatically collects and stores information in server log files that your browser automatically transmits. This includes:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR to ensure IT security.

4. Your Rights

You have the right at any time to:

• Request information about your data stored with us (Art. 15 GDPR)
• Request correction of inaccurate data (Art. 16 GDPR)
• Request deletion of your data (Art. 17 GDPR)
• Request restriction of processing (Art. 18 GDPR)
• Object to processing (Art. 21 GDPR)
• Receive your data in a structured format (Art. 20 GDPR)
• File a complaint with a supervisory authority

For all inquiries, please contact: [email protected]

5. Hosting

This website is hosted by:

Railway Corp.
548 Market St PMB 43956
San Francisco, CA 94104-5401
USA

Server Location: Our application servers are located in Amsterdam, Netherlands (EU). While Railway is a US-based company, the physical hosting infrastructure for this website is within the European Union.

Data processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable and secure provision of the website).

6. Content Delivery Network (CDN) and DDoS Protection

We use Cloudflare as a Content Delivery Network (CDN) and for DDoS protection. All connections to this website are proxied through Cloudflare.

Provider:
Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107
USA

Data Processed: When you visit this website, your IP address and other connection data (browser type, operating system, time of access) are processed by Cloudflare to provide CDN services and protect against malicious attacks.

Legal Basis: Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in fast delivery, availability, and security of our website).

Data Transfer: Cloudflare may process data in the USA. Cloudflare is certified under the EU-U.S. Data Privacy Framework.

More information: Cloudflare Privacy Policy

7. Cookies

This website uses only technically necessary cookies (session cookies) for Blazor Server functionality. These cookies are automatically deleted after your browser session ends. No personal data is stored in this process.

Note: Cloudflare may set its own cookies for security and performance purposes (e.g., __cf_bm). These are technically necessary for the operation of the CDN and DDoS protection.