Last updated: 22 May 2026
Privacy Policy
Artistia is a booking, payment, and client-management platform for independent beauty professionals in India, operated from Chennai, India. This Privacy Policy explains what personal data we collect through the Artistia mobile app (iOS and Android) and the public booking site at artistia.app, how we use it, and the rights you have under the Digital Personal Data Protection Act, 2023 ("DPDP Act").
Who this applies to
We handle two kinds of users. Artists sign in to the Artistia mobile app to run their business. Clients reach Artistia through a booking link an artist shares (usually over WhatsApp) and use the public web page to send a booking request — clients do not create an account.
Information we collect
From artists, when you sign up and use the app: - Identity and contact details: full name, business name, phone number (used as your sign-in), city, service areas. - Profile content you choose to upload: profile photo, cover photo, gallery photos (up to 8 on Pro), service descriptions, prices, policies, tagline. - Payment account details required to receive payouts: UPI VPA for the optional Express Menu, bank account details captured by Razorpay for subscription and settlement (we do not see or store your card or full bank credentials — Razorpay does). - Device and diagnostic data: Firebase Cloud Messaging token (for booking notifications), app version, OS version, anonymous crash logs. - Activity inside the app: services you create, bookings you accept, settings you change. This is the data that makes the product work for you.
From clients, when you book through an artist's public link: - Name and phone number (used to identify the booking and send confirmations). - Event date, time, and venue address — including the place ID, latitude/longitude, and formatted address returned by Google Places when you pick a venue. - Acceptance of the artist's booking policies (timestamp + policy version).
How we use this information
- To run the service: create and manage bookings, generate digital contracts, maintain the artist's CRM (booking history per client).
- To communicate transactionally: booking confirmations, contract PDFs, and subscription receipts. We send these via in-app push notifications and email on the artist's behalf.
- To keep the service safe: detect fraud, abuse, and policy violations; enforce caps (5 active bookings on Free); honour security rules.
- To meet legal obligations: tax invoices, financial records, lawful requests from authorities.
- To improve the product: aggregate, de-identified analytics about feature use and stability. We do not run third-party advertising trackers.
We rely on your consent for messaging channels (push notifications, email) and on the necessity of performing the booking contract for everything else.
Who we share information with
We share only the minimum needed, with vetted processors, under contract: - Google Firebase / Google Cloud (India) — authentication, Firestore database, Cloud Storage for photos, Cloud Functions, App Hosting, App Check, Cloud Messaging, Crashlytics. Data is stored in the Mumbai (asia-south1) region. - Razorpay — to process Pro subscription billing for artists. - Google Maps Platform — Places Autocomplete and Static Maps API when you pick a venue address. Google's terms apply to the data they handle. - Law-enforcement and regulators — only when legally compelled, and only the specific records required.
We do not sell your personal data, rent it to marketers, or share it for cross-context behavioural advertising.
Where your data lives, and for how long
All personal data is stored on Google Cloud in the Mumbai (asia-south1) region, encrypted in transit (TLS) and at rest. We keep your data for as long as your account is active. If you close your artist account, we delete personal data within 30 days, except records we are legally required to retain (for example, financial and tax records — typically up to 8 years under Indian law). Client booking records are retained as part of the artist's CRM until the artist deletes them or closes their account.
Your rights under the DPDP Act
You have the right to: - Access the personal data we hold about you. - Correct or update inaccurate data. - Erase your personal data, subject to legal retention obligations. - Withdraw any consent you have given (this may limit your use of features that depend on that consent). - Nominate another person to exercise these rights on your behalf in case of incapacity or death. - File a grievance with us, and escalate to the Data Protection Board of India if unresolved.
To exercise any of these rights, write to support@artistia.app from the phone-linked email you use with us, or call +91 90255 31705 during Indian business hours. Artist accounts can also request deletion in-app under Settings → Account.
Children
Artistia is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will delete it.
Security
We protect data with Firebase App Check, Firestore security rules, server-only writes for sensitive collections (bookings, payments, contracts), least-privilege access for our team, and encrypted backups. No system is perfectly secure — please use a strong device passcode and keep your phone updated.
Changes to this policy
If we make material changes, we will notify artists in-app and update the "last updated" date above. Continued use of Artistia after the effective date means you accept the revised policy.
Contact us
Grievance Officer: Artistia Support Team Email: support@artistia.app Phone: +91 90255 31705 (Monday to Friday, 10:00 to 18:00 IST)