Last updated — May 4, 2026
VisualArtsDB is committed to being transparent about your privacy. This policy explains what information we collect, how we use it, and your rights regarding that information. The site has no user accounts and we do not collect personal information directly. We do use Google Analytics, which sets cookies and collects pseudonymous usage data, as described below.
VisualArtsDB does not collect, store, or process:
When you visit VisualArtsDB, our hosting infrastructure may automatically collect standard server log information, including:
This data is used solely for maintaining the security, stability, and performance of the platform. It is not linked to any individual identity and is not used for profiling, targeted advertising, or any commercial purpose. Server logs are automatically rotated and deleted according to our hosting provider's retention schedule.
VisualArtsDB itself does not set any first-party cookies. The Google Analytics script we load sets _ga and _ga_<property-id> cookies in your browser, used to distinguish unique visitors and persist a session identifier (typically valid for two years). We do not run any advertising, personalization, or third-party tracking cookies beyond these.
You can block, clear, or restrict these cookies through your browser settings. You can also opt out of Google Analytics specifically using Google's browser opt-out add-on.
VisualArtsDB may use your browser's local storage to persist non-personal preferences such as recent search queries within the command palette. This data remains entirely on your device, is never transmitted to our servers, and can be cleared at any time through your browser settings.
VisualArtsDB uses Google Analytics 4 to understand aggregate usage patterns — for example, which pages are most visited, which search terms are most common, and how users navigate the site. Google Analytics collects:
IP addresses are not stored or logged by Google Analytics 4 — they are used transiently to derive approximate location and then discarded. We do not link this data to any personal identity, and we do not attempt to re-identify individual visitors. Data is retained in our Google Analytics account for up to 14 months.
We also use Vercel Web Analytics, which provides aggregate, cookieless traffic measurement on top of our hosting platform.
Google's handling of analytics data is governed by the Google Privacy Policy.
VisualArtsDB does not currently display advertising. If this changes in the future, this policy will be updated to disclose the advertising network in use and any associated data practices before ads go live.
VisualArtsDB loads artwork images directly from external museum servers and CDNs. When your browser requests these images, the hosting institution may log that request according to their own privacy policies. VisualArtsDB has no control over these third-party logs. Institutions whose image servers may receive requests include:
Our platform is hosted on infrastructure provided by Vercel (application hosting) and Neon (database). These services may process server-level data in accordance with their respective privacy policies. We also use Google Fonts to serve typefaces, which means your browser may make requests to Google's servers. Google's privacy policy governs any data they collect from these font requests.
In addition to the services above, VisualArtsDB loads scripts from Google Analytics (analytics measurement) and Vercel Analytics (cookieless traffic measurement). See sections 4 and 6 for details on what these services collect.
VisualArtsDB stores only artwork metadata (titles, dates, artist names, classifications, medium, dimensions) and image URLs in its database. No user data of any kind is stored. All connections to our database and APIs are encrypted using TLS/SSL. Our database is hosted in a SOC 2 compliant environment with encryption at rest.
VisualArtsDB itself does not store personal data, so we have no first-party personal data retention period to define. Artwork metadata in our database is retained indefinitely. Analytics data collected by Google Analytics is retained in our account for up to 14 months (the configured data retention setting). Server logs managed by our hosting providers are retained according to their standard retention policies and are not accessible to VisualArtsDB.
VisualArtsDB's infrastructure is distributed across multiple regions. Data collected by Google Analytics is processed by Google on its global infrastructure, which includes servers in the United States and other countries. Google offers Standard Contractual Clauses and other transfer mechanisms to address cross-border transfer requirements under GDPR; details are available in Google's privacy and data processing documentation.
VisualArtsDB does not knowingly collect any personal information from anyone, including children under the age of 13 (or the applicable age of digital consent in your jurisdiction). Since we do not collect personal data, no special provisions for children's data are required under COPPA or equivalent regulations. The platform is suitable for educational use by users of all ages.
Because VisualArtsDB does not collect personal data directly, we hold no first-party records to access, correct, export, or delete. For data processed by Google Analytics, your rights (access, deletion, opt-out, etc.) are exercised through Google. Useful starting points:
Regardless of your location, you are entitled to the protections of applicable privacy laws. For users in the European Economic Area (EEA) and the United Kingdom, this includes the GDPR / UK GDPR. For California residents, this includes the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
VisualArtsDB does not currently respond to Do Not Track (DNT) browser signals, because there is no industry-standard interpretation for how DNT applies to third-party analytics. To limit data collection, you can use the opt-out and cookie-blocking options described in sections 4, 6, and 12.
In the unlikely event of a security breach affecting any data processed by VisualArtsDB, we will investigate promptly and, where required by applicable law, notify relevant authorities within the mandated timeframe (72 hours under GDPR). Because we do not store user data ourselves, breach risk on our infrastructure is limited to artwork metadata. Breaches affecting third-party services (Google, Vercel, Neon) are governed by their respective notification obligations.
We may update this privacy policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes — such as introducing analytics, user accounts, or new data collection practices — will be clearly noted. Continued use of VisualArtsDB constitutes acceptance of the current policy.