Artifeye Studio
Effective Date: 25 February 2026
Last Updated: 25 February 2026
Welcome to Artifeye Studio (“we,” “us,” or “our”). We are committed to protecting your privacy and handling your personal information with care and transparency.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services. Artifeye Studio operates as a UK-based e-commerce business providing AI-enhanced iris photography art services.
Important Note on Iris Images: We process iris images exclusively for artistic purposes to create personalised artwork. We do not use iris images for biometric identification, verification, or any other purpose that would classify them as special category biometric data under UK GDPR.
By using our website and services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.
2.1 Personal Information You Provide
When you use our services, we collect the following personal information:
- Contact Information: Name, email address, phone number (if provided), billing address, and shipping address
- Payment Information: Payment card details, billing address, and transaction information (processed securely through our payment processors)
- Account Information: Username, password (encrypted), and account preferences if you create an account
- Order Information: Product selections, customisation choices (art styles, effects, text overlays), and order history
- Iris Images: Photographs of your eye(s) uploaded to our website for the purpose of creating personalised iris artwork
- Communications: Any messages, feedback, or correspondence you send to us
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain information:
- Technical Information: IP address, browser type and version, operating system, device information, screen resolution
- Usage Information: Pages visited, time spent on pages, links clicked, referring website, date and time of visits
- Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your browsing experience (see Section 9 for details)
2.3 Information from Third Parties
We may receive limited information from our service providers:
- Payment Processors: Transaction confirmation and payment status from Stripe and PayPal
- Delivery Partners: Shipping status and delivery confirmation from our print fulfilment partner
- Analytics Providers: Aggregated website usage statistics from Google Analytics 4
3. How We Use Your Information
We use your personal information for the following purposes:
- Processing and fulfilling your orders
- Creating personalised iris artwork using AI-assisted editing workflows
- Arranging print production and delivery through our fulfilment partner
- Sending order confirmations, digital artwork files, and delivery updates
- Providing customer support and responding to your inquiries
Legal Basis: Performance of contract (UK GDPR Article 6(1)(b))
3.2 To Improve and Personalise Your Experience
- Analysing website usage to improve functionality and user experience
- Remembering your preferences and settings
- Developing new products, features, and services
- Conducting internal research and development
Legal Basis: Legitimate interests (UK GDPR Article 6(1)(f)) – improving our services and website functionality
3.3 For Marketing Communications (With Your Consent)
- Sending promotional emails about new products, special offers, and seasonal campaigns
- Sharing tips on photographing your eye and using our services
- Sending abandoned cart reminder emails
- Inviting you to participate in surveys or provide feedback
Legal Basis: Consent (UK GDPR Article 6(1)(a)) – you can withdraw consent at any time by clicking “unsubscribe” in any marketing email or contacting us directly
3.4 For Legal and Security Purposes
- Complying with legal obligations and responding to lawful requests from authorities
- Protecting against fraud, unauthorised access, and security threats
- Enforcing our Terms and Conditions
- Resolving disputes and investigating complaints
Legal Basis: Legal obligation (UK GDPR Article 6(1)(c)) and legitimate interests (UK GDPR Article 6(1)(f)) – protecting our business and customers
4. Iris Images and Biometric Data
Important: Artifeye Studio processes iris images exclusively for artistic purposes – to create personalised artwork for you. We do not use iris images for:
- Biometric identification or verification
- Authentication or access control
- Identity confirmation or matching against databases
- Any purpose that would uniquely identify you based on your iris pattern
Because we use iris images solely for artistic creation and not for identification purposes, the images are not classified as special category biometric data under UK GDPR Article 9.
4.2 How We Handle Your Iris Images
- Upload: You upload iris photographs directly through our secure website
- Processing: We use AI-assisted tools to enhance, crop, and apply artistic effects to create your personalised artwork
- Storage: Images are stored securely on our servers for 12 months to facilitate reorders and customer service
- Security: Images are stored in non-public directories with restricted access and encrypted transmission
- No Sharing: Your iris images are never sold, shared for marketing purposes, or used for any purpose other than creating your artwork
4.3 Your Rights Regarding Iris Images
You have complete control over your iris images:
- Request deletion at any time (see Section 7 for details)
- Request access to your images and artwork files
- Object to further processing beyond your original order
- Withdraw consent for storage beyond order completion
5. How We Share Your Information
We only share your personal information with trusted third parties necessary to provide our services:
| Provider | Purpose | Data Shared |
| Print On Demand | Print production and fulfilment | Name, shipping address, order details, finished artwork files (not original iris images) |
| Stripe / PayPal | Payment processing | Payment card details, billing address, transaction amount |
| Mailchimp | Email marketing (with your consent) | Email address, name, order history (for personalisation) |
| Google Analytics | Website analytics (anonymised) | Anonymised usage data, IP address (anonymised) |
| Hostinger | Website hosting and storage | All website data including uploaded images |
Table 1: Third-party service providers and data processing
Data Processing Agreements: All service providers are bound by data processing agreements that comply with UK GDPR requirements. They may only process your data according to our instructions and must implement appropriate security measures.
We may disclose your information if required by law, court order, or governmental authority, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
- Enforce our Terms and Conditions
If Artifeye Studio is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
We may share your information with third parties when you explicitly consent, such as:
- Featuring your artwork in our marketing materials (with permission)
- Sharing testimonials or reviews you provide
- Participating in promotional collaborations or contests
Your personal information is stored on secure servers provided by Hostinger, located in the United Kingdom and European Economic Area (EEA). Some of our service providers may process data in other countries, but only where adequate safeguards are in place.
6.2 How Long We Keep Your Data
| Data Type | Retention Period |
| Iris images | 12 months from order date (or until deletion requested) |
| Order information | 7 years (for tax and accounting purposes) |
| Account information | Until account deletion requested |
| Marketing consent | Until consent withdrawn |
| Website analytics | 14 months (Google Analytics default) |
| Customer communications | 3 years or until resolved |
Table 2: Data retention periods
Why 12 months for iris images? We retain images to enable you to easily reorder prints in different sizes or styles without re-uploading. You may request earlier deletion at any time.
We implement industry-standard security measures to protect your information:
- Encryption: SSL/TLS encryption for data transmission (HTTPS)
- Secure Storage: Images stored in non-public directories with access controls
- Payment Security: PCI-DSS compliant payment processors (we do not store full payment card details)
- Access Controls: Restricted access to personal data on a need-to-know basis
- Regular Backups: Daily automated backups with secure storage
- Security Monitoring: Firewall protection and security monitoring (Wordfence)
- Password Protection: Encrypted password storage using industry-standard hashing
While we take reasonable steps to protect your information, no system is completely secure. If we become aware of a data breach that poses a risk to your rights, we will notify you and the Information Commissioner’s Office (ICO) as required by UK GDPR.
You have the following rights regarding your personal information:
You have the right to request a copy of the personal information we hold about you, including your iris images and order history.
You can request correction of any inaccurate or incomplete personal information.
7.3 Right to Erasure (“Right to be Forgotten”)
You can request deletion of your personal information, including your iris images, in certain circumstances:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent (where consent was the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Note: We may need to retain some information for legal obligations (e.g., tax records for 7 years) even after erasure request.
7.4 Right to Restriction of Processing
You can request that we limit how we use your information in certain circumstances, such as:
- While we verify the accuracy of your data following a correction request
- When processing is unlawful but you don’t want erasure
- When you need the data for legal claims
You can request a copy of your personal information in a structured, commonly used, and machine-readable format (e.g., CSV or JSON) to transfer to another service provider.
You can object to:
- Processing based on legitimate interests (including profiling)
- Direct marketing (including profiling for marketing purposes)
- Processing for research or statistical purposes
7.7 Rights Related to Automated Decision-Making
We use AI-assisted tools to enhance iris images, but all final creative decisions are made by a human. We do not make automated decisions that significantly affect you without human involvement.
7.8 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: contact@artifeyestudio.com
- Subject Line: “Data Subject Request” followed by the specific right (e.g., “Data Subject Request – Erasure”)
- Verification: We may ask for identification to verify your identity before processing your request
We will respond to your request within one month of receipt. If your request is complex, we may extend this by two additional months and will notify you.
If you are unhappy with how we handle your personal information, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
8. Marketing and Communications
We will only send you marketing communications if you have opted in by:
- Checking the marketing consent box during checkout
- Subscribing to our email list through our website popup or newsletter form
- Providing explicit consent during customer service interactions
Separate from Terms: Marketing consent is always separate from accepting our Terms and Conditions. You can use our services without receiving marketing emails.
8.2 Types of Marketing Communications
With your consent, we may send:
- New product announcements and style launches
- Special offers, discounts, and seasonal promotions
- Tips and tutorials on photographing your eye
- Customer showcase features and inspiration
- Referral program invitations
8.3 Automated Emails (Not Marketing)
Some emails are transactional and essential to our service (you will receive these regardless of marketing preferences):
- Order confirmations and receipts
- Digital artwork delivery emails
- Shipping notifications and tracking updates
- Customer support responses
- Account security notifications
- Important service updates or policy changes
If you add items to your cart but don’t complete checkout, we may send reminder emails within 72 hours. These are considered part of our service (not marketing), but you can opt out by contacting us.
You can opt out of marketing communications at any time by:
- Clicking the “Unsubscribe” link at the bottom of any marketing email
- Logging into your account and updating email preferences
- Contacting us directly at contact@artifeyestudio.com
Unsubscribing from marketing will not affect transactional emails related to your orders.
9. Cookies and Tracking Technologies
Cookies are small text files stored on your device when you visit our website. They help us remember your preferences, understand how you use our site, and improve your experience.
| Cookie Type | Purpose | Examples |
| Strictly Necessary | Essential for website functionality | Shopping cart, session management, security |
| Functional | Remember your preferences | Language, currency, account settings |
| Performance | Analyse site usage anonymously | Google Analytics (anonymised) |
| Marketing | Track conversions (if you consent) | Facebook Pixel, Google Ads (future) |
Table 3: Cookie categories used on our website
Current Status: We currently use only Strictly Necessary, Functional, and Performance cookies. We do not use Marketing cookies at this time (100% organic marketing strategy), but will update this policy and seek consent if we introduce them.
Some cookies are set by third-party services we use:
- Google Analytics: Anonymised usage statistics (IP address anonymised)
- Stripe/PayPal: Payment processing and fraud prevention
- Mailchimp: Email signup forms and preference management
When you first visit our website, you will see a cookie consent banner. You can:
- Accept all cookies
- Reject non-essential cookies
- Customise your cookie preferences
You can also manage cookies through your browser settings:
- Google Chrome: Settings
Privacy and Security
Cookies
- Firefox: Settings
Privacy & Security
Cookies and Site Data
- Safari: Preferences
Privacy
Cookies and Website Data
- Edge: Settings
Cookies and Site Permissions
Note: Blocking strictly necessary cookies may prevent some website features from functioning properly (e.g., shopping cart, checkout).
Some browsers include a “Do Not Track” (DNT) signal. Our website does not currently respond to DNT signals, but you can control tracking through cookie preferences and browser settings.
Artifeye Studio services are intended for users aged 18 and over. We do not knowingly collect personal information from children under 18 without parental consent.
Photographing Children: While we photograph children’s eyes (with parental/guardian consent) during family packages, the parent or guardian must:
- Place the order and provide consent on the child’s behalf
- Upload images and complete checkout as the responsible adult
- Exercise data rights on behalf of the child
If we become aware that we have collected information from a child under 18 without proper parental consent, we will delete it immediately.
Parents/guardians can contact us to:
- Review personal information we hold about their child
- Request deletion of their child’s iris images
- Withdraw consent for processing
11. International Data Transfers
Artifeye Studio is based in the United Kingdom. While we primarily store data within the UK/EEA, some service providers may process data internationally:
- Print on Demand: Fulfils print orders globally (UK, EU, US, Canada, Australia) – transfers based on contractual necessity and adequacy decisions
- Payment Processors: Stripe and PayPal may process payment data internationally under standard contractual clauses
- Cloud Services: Hostinger uses UK/EEA data centres with EU-US Data Privacy Framework compliance
When we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- UK GDPR-compliant data processing agreements
- Additional security measures as required
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in:
- Our data processing practices
- Legal or regulatory requirements
- New products, services, or features
- Technological developments
12.1 How We Notify You of Changes
- Last Updated Date: The date at the top of this policy will be updated
- Website Notice: Significant changes will be highlighted with a banner on our website
- Email Notification: For material changes affecting your rights, we will email registered users
- Continued Use: Your continued use of our services after changes indicates acceptance
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Previous versions of this Privacy Policy are available upon request.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
Artifeye Studio
Privacy Enquiries
- Email: contact@artifeyestudio.com
- General Enquiries: contact@artifeyestudio.com
- Website: www.artifeyestudio.com
- Response Time: We aim to respond to all privacy enquiries within 2 business days
For data subject rights requests (access, erasure, rectification, etc.), please use the subject line “Data Subject Request” and include:
- Your full name and registered email address
- Specific request type (e.g., erasure, access, rectification)
- Order number(s) if applicable
- Proof of identity (if requested by us for verification)
Business Registration Information:
Artifeye Studio
Registered in the United Kingdom
Operating as a sole trader (or limited company registration details once incorporated)
Our website may contain links to third-party websites, social media platforms, or services (e.g., Instagram, TikTok, Pinterest, payment processors). This Privacy Policy applies only to Artifeye Studio.
We are not responsible for the privacy practices of third-party websites. We encourage you to read their privacy policies before providing any personal information.
When you interact with us on social media platforms:
- Your interactions are governed by the platform’s privacy policy
- We may view publicly available information you post or share
- If you send us direct messages, we may retain them for customer service purposes
- We may feature your content (with permission) in our marketing materials
If you share photos of your finished iris artwork on social media and tag us, or submit content for our customer showcase:
- We may repost or feature your content with attribution
- You retain ownership of your content
- We will remove featured content upon request
- You grant us a non-exclusive licence to use the content for promotional purposes
As a small business, we are not currently required to appoint a Data Protection Officer (DPO). All privacy enquiries should be directed to contact@artifeyestudio.com, which is monitored by the founder.
If our business grows to require a DPO, we will update this policy with their contact details.
For transparency, here is a summary of our lawful bases for processing:
| Processing Activity | Lawful Basis (UK GDPR) |
| Order processing and fulfilment | Performance of contract (Article 6(1)(b)) |
| Iris image processing for artwork creation | Performance of contract (Article 6(1)(b)) |
| Payment processing | Performance of contract (Article 6(1)(b)) |
| Website analytics and improvement | Legitimate interests (Article 6(1)(f)) |
| Marketing communications | Consent (Article 6(1)(a)) |
| Fraud prevention and security | Legitimate interests (Article 6(1)(f)) |
| Legal compliance (tax records) | Legal obligation (Article 6(1)(c)) |
| Customer service | Legitimate interests (Article 6(1)(f)) |
Table 4: Lawful bases for data processing activities
Thank you for trusting Artifeye Studio with your personal information and iris artwork creation.
Last Updated: 25 February 2026
Version: 1.0