This Privacy Policy explains how SfumatoART handles personal information and app data. It is written for users in Australia and other regions where the app may be accessed.
SfumatoART collects the minimum data needed to provide the feature the user chooses. Where possible, app data remains on the user's device unless the user chooses a feature that requires upload — such as an AI-assisted feature, support request, cloud sync, or account feature.
Depending on the features used, the app may handle:
| Category | Examples | Handling |
|---|---|---|
| Contact details | Email from support or feedback | Collected only when user contacts support or creates account |
| Artwork / images | Uploaded painting photos, colour samples | Processed only for the selected feature |
| Paint data | Paints owned, stock levels, palettes | Stored locally on device by default |
| Teacher data | Class names, student count, lesson notes, order records | Avoid student names; local by default |
| Device / technical data | Browser, device, error logs, IP address | Minimal — for security/debugging only |
| AI prompts / outputs | User prompt, image if submitted, AI response | Sent only when user triggers an AI feature |
| Purchase data | Plan, subscription status, receipts | Usually handled by App Store / payment provider |
| Sensitive information | Health, veteran, trauma, student info | Avoid collecting unless strictly necessary and consented |
Users should avoid entering:
Information may be collected when users:
Information may be used to:
When a user chooses an AI feature, relevant prompts, images or app context may be sent to an AI service provider to generate the requested output. The app does not send images or prompts to an AI provider unless the user intentionally uses an AI feature.
Current AI features use an Anthropic Claude model via a secure server-side proxy (/.netlify/functions/ai-proxy). The AI provider's own terms and data handling policies apply to data processed by the provider.
Most app data (paints, palettes, stocktake, class records, project notes) is stored locally on the user's device or browser. Local storage is not a permanent backup — it can be lost if the user clears browser data, changes devices, or uses private browsing. Users should export important data.
If cloud storage, accounts or sync are added in future, this Privacy Policy will be updated before launch.
Information may be disclosed to:
The app does not sell personal information.
The app is not intended to collect personal information directly from children without appropriate adult, school or parental authority. Teachers and schools should use anonymous labels wherever possible. If student personal information is accidentally provided, contact feedback@sfumatoart.com to request deletion.
The app does not intentionally collect sensitive information such as health information, mental health information, religious information, biometric information or detailed veteran/trauma information unless a specific feature clearly requires it, the user is informed, and express consent is obtained.
Reasonable technical and organisational steps are used to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Security controls include least-privilege access, API key protection via server-side proxy, secure hosting, and prompt incident response.
Information is kept only as long as reasonably needed for the purpose collected, unless legal obligations require longer retention. Local device data remains under user control and can be deleted by clearing app or browser data.
Users may contact feedback@sfumatoart.com to request access to, correction of, or deletion of personal information held by the app operator. Some data stored only locally on the user's device may not be accessible to the app operator — the user controls that data directly.
If the app is used outside Australia, local privacy laws may apply. If the app is intentionally offered to users in the EU, UK, US or other regions, the operator will review local requirements before launch.
Privacy questions or complaints can be sent to feedback@sfumatoart.com. The operator aims to respond within [INSERT RESPONSE TIME, e.g. 10 business days]. Users may also have the right to complain to the relevant privacy regulator — in Australia, the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
This Privacy Policy may be updated. Material changes will be announced in-app or on the website where practical. Continued use of the app after a policy change constitutes acceptance of the revised policy.