Privacy Policy

Last Updated: October 2, 2025

1. Introduction

Grimdark Artifacts ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our custom 3D miniature commission services.

2. Information We Collect

2.1 Information You Provide

  • Contact Information: Email address for order communications
  • Order Details: Miniature configuration, preferences, complexity selections
  • Creative Briefs: Written descriptions, reference images, and specifications you submit
  • Payment Information: Processed securely through Lemon Squeezy (we do not store credit card details)
  • Support Communications: Messages sent through our live chat or email support

2.2 Automatically Collected Information

  • Usage Data: Pages visited, time spent, clicks, and interactions with our configurator
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies: Session cookies for site functionality and analytics cookies for tracking
  • Analytics Data: Collected through Google Analytics 4 (GA4) and Meta Pixel

3. How We Use Your Information

We use collected information for:

  • Order Fulfillment: Processing orders, creating custom miniatures, delivering files
  • Communication: Sending order confirmations, delivery notifications, and support responses
  • Service Improvement: Analyzing usage patterns to enhance user experience
  • Marketing Analytics: Understanding conversion funnels and ad campaign effectiveness
  • Customer Support: Responding to inquiries and resolving issues
  • Legal Compliance: Meeting legal obligations and enforcing our terms

4. Third-Party Services

We use the following third-party services that may collect or process your data:

4.1 Payment Processing

Lemon Squeezy: Handles all payment transactions. Your payment information is processed securely by Lemon Squeezy and subject to their privacy policy. We receive only transaction confirmation and customer email.

4.2 Analytics & Tracking

Google Analytics 4 (GA4): Tracks website usage, page views, and user behavior. Data is anonymized and aggregated. We use both client-side and server-side tracking (Measurement Protocol) for accurate conversion tracking.

Meta Pixel (Facebook): Tracks conversions for advertising optimization. Includes both browser-side pixel and server-side Conversions API. Email addresses are hashed (SHA-256) before transmission for privacy.

4.3 Email Communications

Resend: Delivers transactional emails (order confirmations, delivery notifications, review requests). Subject to Resend's privacy policy.

4.4 Customer Support

Crisp Chat: Provides live chat support. Conversations may be stored for quality and training purposes. Subject to Crisp's privacy policy.

4.5 Hosting & Storage

Vercel: Hosts our application and provides edge infrastructure. Subject to Vercel's privacy policy.

Upstash Redis: Stores order data and configuration cache securely. Data is encrypted at rest and in transit.

Vercel Blob Storage: Securely stores reference files and deliverables with access-controlled signed URLs.

5. Cookies & Tracking Technologies

We use cookies for:

  • Essential Cookies: Required for site functionality (admin authentication, session management)
  • Analytics Cookies: GA4 and Meta Pixel for tracking user behavior and conversions
  • Support Cookies: Crisp chat widget for maintaining conversation context

You can control cookies through your browser settings, but disabling essential cookies may impact site functionality.

6. Data Retention

We retain your information for different periods based on data type:

  • Order Data: Retained indefinitely for business records and customer support
  • Reference Files: Deleted 90 days after order completion unless retention requested
  • Deliverable Files: Available for 7 days after delivery, then archived for 1 year
  • Analytics Data: Retained according to GA4 and Meta platform policies (typically 14-26 months)
  • Support Conversations: Retained for 2 years for quality assurance

7. Data Security

We implement industry-standard security measures:

  • HTTPS encryption for all data transmission
  • Encrypted storage for files and order data
  • Access-controlled signed URLs for file downloads
  • Regular security audits and updates
  • Restricted admin access with session-based authentication

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Request transfer of your data to another service
  • Opt-Out: Unsubscribe from marketing communications
  • Restrict Processing: Request limitation of data processing

To exercise these rights, contact us through our live chat support.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Using service providers with adequate data protection standards
  • Implementing standard contractual clauses where applicable
  • Ensuring compliance with GDPR and other relevant regulations

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact us through our website's live chat support.

13. Data Processing Legal Basis (GDPR)

For users in the EU/EEA, we process your data based on:

  • Contract Performance: Processing orders and delivering services
  • Legitimate Interests: Analytics, fraud prevention, service improvement
  • Consent: Marketing communications and non-essential cookies
  • Legal Obligations: Tax records, dispute resolution
Terms of ServiceRefund PolicyBack to Home