Privacy Policy

Last updated: April 26, 2026

1. Introduction

Opusfolio Art Advisors LLC ("Opusfolio," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at opusfolio.com (the "Service").

2. Information We Collect

Account Information

When you register, we collect your name, email address, business name, phone number, and address. This information is necessary to provide the Service.

Client Data

You may upload client information, artwork details, documents, proposals, invoices, and other business data ("Client Data"). We process this data solely to provide the Service.

Payment Information

All payment processing is handled exclusively by Stripe, Inc., which is PCI-DSS Level 1 compliant, the highest level of certification in the payment industry. We never store credit card numbers, CVVs, or full payment card details on our servers. Stripe's privacy policy governs how they handle your payment information.

Banking and Invoice Information

When you add banking details for invoice payments (e.g., wire transfer instructions), that information is encrypted at rest using AES-256 encryption. This data is only decrypted when displayed to authorized users within the Service.

Usage Data

We automatically collect certain information when you use the Service, including your IP address, browser type, operating system, access times, and pages viewed.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your subscription payments
  • Send you service-related communications (e.g., event reminders, password resets)
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share your information with:

  • Service Providers: Third parties who help us operate the Service (e.g., Stripe for payments, cloud hosting providers)
  • Legal Requirements: When required by law, subpoena, or other legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We take the security of your data seriously and implement multiple layers of protection:

  • Encryption in transit: All connections use HTTPS/TLS encryption
  • Encrypted database connections: All communication between our application servers and database is encrypted
  • AES-256 encryption at rest: Sensitive financial data (banking details, wire instructions) is encrypted using AES-256
  • Secure authentication: Passwordless magic-link authentication and session-based access controls
  • PCI-DSS Level 1: Payment processing handled by Stripe, the industry's highest compliance standard
  • Access controls: Role-based permissions ensure users only access data they're authorized to view

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. However, we continuously review and improve our security practices.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access and download your data at any time through the Service
  • Update or correct your personal information through your profile
  • Delete your account and associated data
  • Opt out of non-essential communications

8. Google Calendar Integration and Google User Data

If you connect your Google Calendar to Opusfolio, we request access to the following Google API scopes:

  • https://www.googleapis.com/auth/calendar.events.readonly to read your existing calendar events. We use this only to determine which time slots are available on your public Opusfolio scheduling page so clients cannot book over existing commitments.
  • https://www.googleapis.com/auth/calendar.events to create, update, and cancel calendar events on your behalf when consultations are booked, rescheduled, or cancelled inside Opusfolio. Created events include a Google Meet link and invitations to the booking parties.

Limited Use

Opusfolio's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We do not use Google user data for advertising purposes.
  • We do not sell, rent, or share Google user data with third parties for marketing or advertising.
  • We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine learning models. We do not transfer Google user data to any AI tools.
  • We do not allow humans to read your Google user data unless (a) we have your affirmative consent for specific events, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data has been aggregated and anonymized for internal operations.
  • We transfer Google user data to third parties only as necessary to provide or improve the Service (for example, our cloud hosting and database providers), to comply with applicable law, or as part of a merger, acquisition, or sale of assets where the receiving party agrees to honor this Privacy Policy.

Storage and security

OAuth tokens issued by Google are encrypted at rest. Calendar event data is processed only as needed to render your scheduling availability and synchronize bookings. We do not retain copies of your full calendar history beyond what is required to operate the Service.

Revoking access

You may disconnect Google Calendar at any time from your Opusfolio Settings page. You may also revoke Opusfolio's access directly from your Google Account at https://myaccount.google.com/permissions. Upon revocation, we delete the associated OAuth tokens and stop accessing your Google Calendar data.

9. Cookies

We use essential cookies to maintain your session and preferences. We do not use tracking cookies or third-party advertising cookies.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or your data, contact us at support@opusfolio.com.

© 2026 Opusfolio Art Advisors LLC. All rights reserved.