Privacy Policy
ArtVault Inc. ("ArtVault", "we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect when you interact with artvault.fund and our related services (the "Services"), how we use and share that data, how long we keep it, and what rights you have. It applies to prospective and existing borrowers, capital providers, contacts at counterparties, and visitors to our website.
1. Scope and Controller
ArtVault is the data controller of personal data we collect through the Services. References to "personal data" mean any information that identifies, or could reasonably identify, a natural person. For questions about this Policy or to exercise the rights described below, contact us at info@artvault.fund.
2. Information We Collect
2.1 Identity and KYC data
When you submit a Loan Application or Capital Allocation form, or proceed toward a transaction, we collect identifying information about you and, where applicable, your entity and beneficial owners: legal entity name, contact name, country of residence, government-issued identifiers, date of birth, beneficial-ownership structure, accreditation status, and source-of-funds documentation.
2.2 Collateral data
For borrowers, we collect information about the proposed collateral: asset class, appraised value, provenance documentation, condition, insurance, and any descriptive narrative you provide. We may also receive third-party appraisals, condition reports, and images.
2.3 Communications data
We collect the contents of emails, calls, messages, and meeting notes exchanged with us, including any attachments you provide.
2.4 Technical and analytics data
When you visit the Services, we automatically receive limited technical data: IP address, browser type, device identifiers, referring URL, pages viewed, approximate location, and timestamps. We use only functional and basic first-party analytics cookies; we do not use third-party advertising cookies.
3. How We Use Personal Data
We process personal data for the following purposes:
- Servicing transactions — to evaluate loan applications, originate and service loans, administer capital-provider relationships and fund vehicles, and communicate with you about the foregoing.
- KYC, AML, and sanctions compliance — to verify identity, screen against sanctions and politically-exposed-person lists, conduct customer due diligence, and meet recordkeeping obligations under the Bank Secrecy Act and equivalent laws.
- Fraud prevention and security — to detect, investigate, and prevent fraud, misuse, and unauthorised access.
- Regulatory reporting — to comply with tax (W-9, W-8 series, K-1, 1099), securities, and other reporting obligations.
- Operating and improving the Services — to maintain, secure, and improve the Services and to understand how they are used.
- Legal claims and obligations — to establish, exercise, or defend legal claims, and to comply with court orders, subpoenas, and other legal process.
4. Legal Bases (EEA and UK)
Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases: performance of a contract with you or steps taken at your request prior to entering into a contract; compliance with our legal obligations; our legitimate interests in operating a regulated financial business, preventing fraud, and securing our services; and your consent where required (which you may withdraw at any time).
5. Sharing
We share personal data only as needed and only with parties bound by appropriate confidentiality and data-protection terms:
- Service providers — hosting (Vercel), email infrastructure, KYC/AML vendors, document execution, accounting, audit, and IT support.
- Custodians, appraisers, and insurers — for the limited purpose of evaluating, holding, and insuring collateral.
- Capital providers and co-lenders — to administer participations or syndications, on a need-to-know basis and subject to NDAs.
- Regulators and authorities — where required by law or in response to lawful requests.
- Professional advisers — legal, tax, and accounting counsel.
- Successors — in connection with a merger, acquisition, financing, or sale of all or part of our business.
We do not sell personal data and we do not share personal data for cross-context behavioural advertising.
6. Retention
We retain personal data only as long as necessary for the purposes for which it was collected and to comply with applicable legal, regulatory, and audit obligations. See our Data Retention Policy for the standard periods we apply.
7. Your Rights
7.1 EU / UK residents
Subject to applicable law, you may request access to your personal data, correction of inaccurate data, erasure, restriction of processing, portability, and objection to processing based on legitimate interests. You may also lodge a complaint with your local data-protection authority. To exercise these rights, contact info@artvault.fund.
7.2 California residents
If you are a California resident, you have the right under the California Consumer Privacy Act and California Privacy Rights Act to know what personal information we collect about you and how we use and disclose it; to request deletion or correction; and to opt out of any sale or sharing of personal information. ArtVault does not sell personal information for monetary consideration and does not share it for cross-context behavioural advertising. To exercise these rights, contact info@artvault.fund.
7.3 Identity verification
We may need to verify your identity before responding to a rights request and may decline requests where verification fails or an exception applies under law.
8. Cookies
We use only essential first-party cookies necessary to operate the Services and limited first-party analytics to understand aggregate usage. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings; some features may not work as a result.
9. International Transfers
ArtVault is established in the United States, and personal data we process may be transferred to and stored in the United States and other jurisdictions. Where the EU or UK GDPR applies, we rely on Standard Contractual Clauses or equivalent transfer mechanisms, and we implement additional safeguards where appropriate.
10. Security
We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. No system is fully secure, and we cannot guarantee absolute security.
11. Children
The Services are not directed to children and we do not knowingly collect personal data from anyone under 18.
12. Changes
We may update this Policy from time to time. The "Last updated" date above reflects the most recent revision. Material changes will be communicated through the Services or by email.
13. Contact and Data Protection Officer
Privacy questions, rights requests, and any other correspondence regarding personal data: info@artvault.fund.