Privacy Policy

 

Welcome to Cinder Street!

We’re excited to have you!

Cinder Street’s self-service platform is composed of a community for Contemporary Artists, Art Organizations, and Art Lovers!

The services (“Services”) on Cinder Street are provided by Cinder Studio Inc. Any application, interface, or website that is produced by Cinder Studio Inc., and provides a link to this Terms of Service document, is in-scope as “Services” governed by this Privacy Policy.

We take your data seriously

We understand that when you use these Services you are trusting us to be excellent stewards of the information you put into the system. For this reason, we have created these policies and share them with you.

Service changes

Cinder Studio Inc. is regularly engaged in changing the Services frequently. As the Services change there may be times when the Privacy Policy may also need to change. We will attempt to notify you when major changes are made to the Privacy Policy. However, the lack of notification does not exempt you from the requirement to periodically review the most up-to-date version. If you use the service, it is your duty to understand the most up-to-date version of this policy.

If you continue to use the Services after any Privacy Policy change, you agree to terms of the updated Privacy Policy.

Your options

If you do not agree with this data policy you may choose to not use our Services. 

Authentication data policies

Credentials

Your passwords are safe with us. When you create an account with the Services you may be asked to authenticate using an email address (and occasionally a password). This information is transmitted over an encrypted channel to a system that stores the password in a one-way cryptographic form that cannot reasonably be reversed by modern computers.

Your email address is not made public. The primary use of your email address is for authentication and communication from Cinder Studio Inc. about your account. This information is stored privately.

You may change your email and/or password at any time. Follow instructions on the Settings page.

Authentication Cookies

An authentication cookie will be used in each client to keep track of who you are so that we may more accurately know what you are authorized to do in the Services. This cookie only contains enough information to identify your user but does not contain your password or any personally identifiable information.

Personal profile data policies

Your profile is public. The only required piece of information in your profile is a name and username. All other information you provide in the profile is optional. Optional data includes a profile picture, headline, link urls, and other content of your own creation. Other optional information may be added to the profile without changes to this policy. If any new profile information becomes required, this policy will be updated and you will be notified.

You may edit your profile information at any time. Follow the instructions on your profile page.

Device and usage data

Information regarding the device and client you use will be recorded and aggregated with all other users to provide us visibility in how our users access the Service. This includes information about the model of your device, the browser you use, and possibly the generalized location from which you contacted our Services.

Information regarding the performance of your client will be recorded and aggregated with all other users to provide us visibility into the quality of the Services we provide you. This will allow us to detect errors you encounter as well as identify when the quality of our Services is not where we expect it to be.

Specific events or actions you perform will trigger logging on our systems. Such logging may include information about the action you performed. the time, and other internal notices about how our system handled your request. We strive to ensure no sensitive information is recorded in these logs.

User-created content

Cinder Street is first, always a Marketing Platform.

When you create content on Cinder Street for public viewing, that content will be made public to all other visitors. Public content includes profiles, artwork, articles, items for sale, public messages, and other public content.

We now also offer the capability to direct-message other users. The contents of those messages are restricted such that the general public may not read personalized messages. Regardless, we do not encourage the messaging features of our platform to be used to communicate about sensitive topics or be used to convey sensitive information. Do not transmit credit card or any sensitive information over direct messages.

User-uploaded images

Images uploaded by users are expected to be appropriately licensed by the users for the purpose of uploading to Cinder Street. These images will be made public to the broader audience of the platform. Please obey all rules with relation to image uploads found in our Terms of Service document.

All images pass through various alterations before they are presented to the end-users. These alterations include, but may not be limited to:

1) Content metadata extraction - The image may be processed by any number of systems or services to identify metadata about the content. We are looking for things such as :

  • Is the content relevant to the site

  • Is the content adult in nature

  • What might the subject of the image be

  • What colors are in the image

  • Are there images similar to the content in the image

  • The dimensions and other properties of the source image

  • etc…

A few examples of how we might use this information would be:

  • This image contains a "buffalo". When people search for "buffalo" we will show it to them.

  • This image contains potential nudity, we may need to place a filter over the image for some users.

2) Metadata base filtering - Some content may be deemed unsuitable for the Services for any number of reasons. If the content is deemed unsuitable it will be removed from the index or moved to a more specific index better catered to the content.

3) Image resizing and storage - The Services will then resize the image to an appropriate set of rendition sizes for the index and store them on a public CDN for delivery to the end-user.

Payment and Order Information

Cinder Studio Inc. and the Services, as provided, are fully PCI Compliant. In fact, your credit card information never touches Cinder Studio Inc. servers. Cinder Studio Inc. has enlisted Stripe to operate the credit card vaulting technologies that we use to collect and store payment information. Stripe is a very reputable brand in the space with many years of experience.

Each Seller utilizing the Services has a personal and separate merchant account from Cinder Studio Inc. Thus each purchase you make using the Services is usually a transaction directly between yourself and the Seller. Cinder Studio Inc. is not a party to the transaction (except as an “application facilitator”).

When a buyer makes a purchase from a seller, the buyer’s shipping information, name, email, and personally uploaded content are shared with the Seller. Stripe continues to vault and protect all cardholder information, ensuring that the cardholder information is never revealed directly to the Seller or Cinder Studio Inc.

Stripe and Data Privacy

Sellers utilizing the Services will create a merchant account with our payments provider Stripe. At no time during this merchant account setup will Cinder Studio Inc. gain access to any of the information you provide Stripe. Sellers will be required to provide sufficient information to pass a KYC (“Know Your Customer”) Regulation verification before any money can be received by Stripe in your name. KYC regulations are targeted at identifying and preventing Money Laundering. Stripe has been engaged in these services for many years and we believe them to be a reputable and secure custodian of the information they collect for KYC purposes.

Stripe also maintains a private relationship with each Seller to maintain configurations and contracts related to payments, payouts, refunds, etc…

Sellers are personally responsible for the financial liabilities surrounding refunds, chargebacks, and other payment-related disputes. While the Services offer helpful tools in the resolution of these challenges, the ultimate responsibility of handling disputes likes with the seller. Stripe will work directly with each seller in each of these situations.

Invitation emails

From time to time you may have the opportunity to invite other individuals to the platform. We allow invitations by the entering of the other party's email address. They may then use the link in their email to accept the invitation and create an account (or connect their existing account).

We do not use invitation emails for any purposes outside of delivering the invitation. This means we do not use these emails for marketing purposes nor do we share those emails with any third parties.

We have our own email list for marketing and the only email your invitee will receive after you send them an invitation will be the invitation email.

If the invitee receives other emails from our organization, it will be due to a separate relationship they have with us.

Search engine data

Cinder Studio Inc. has a general web search engine service in addition to the standard social network components you may be familiar with. As our search engine crawler explores your domain it will only attempt to access public information it can find without authenticating or bypassing any paywalls. It will also obey robots.txt configuration files and certain bits of code you may place within your web pages to instruct the engine. Learn more about how to use these configurations in the help documentation.

The search engine has two classifications of data that it indexes:

Web Pages

On domains where there is limited or non-existent structured data to guide the engine towards higher quality content, the crawler falls back to indexing web pages much as other search engines do. The content it indexes includes the title, current URL, canonical URL, meta description, structured data, metadata, keywords, image alt-tags, and images found on the page. The images are then added to the index referencing the webpage discovered. 

The page title, description, URL, and image alt-tags are revealed to users browsing the index. The remaining content stored is not directly revealed. However, a user searching through the index may locate your pages using keywords that are stored in the other indexed content.

Structured Data

Our structured data program is in development at this time. This policy will be updated once that program has been finalized.

Images discovered by the search engine

Stated again, as our search engine crawler explores your domain it will only attempt to access public information it can find without authenticating or bypassing any paywalls. When it finds an image to add to the index that image passes through various systems before it is delivered to the end-users of the Service.

These images may be altered as they enter the Cinder Street ecosystem. These alterations can be found above in the section on user-uploaded images.

Copyright Sensitivity

We respect your copyrights and believe that only the owner of the intellectual property of these images should be able to choose how their images are distributed. If your images have been discovered and delivered by our search engine and would like your images delisted from our index: check the help documentation to signal to our crawler to remove your domain from the index. This can be done without ever creating a login using our Services.

Images from Search Engine crawlers are stored in the smallest possible format

To further protect your intellectual property and copyright rights, the search index resizes and stores indexed images at the smallest possible size for our use. At this time the maximum size of an image is 478 pixels in width by default. That makes any professional-quality, high-resolution printed material from the work only 1.6 inches wide. (300dpi) 

You may signal to our services that you are comfortable with a larger size using structured data. See the help documentation for more information.

As stated before, you may also signal to have your images delisted from the index. Check the help documentation to learn how to signal this request to our crawlers.

On advertising and customized search indexes

Some of the information we collect about your usage of the service will eventually allow us to provide you more relevant search index results. Some of these results may be sponsored and are considered advertisements. In such cases, the advertisement will be made clearly identifiable to you through graphical signals on the search interface. We do our very best to limit the types of information we share with advertising partners but given that we are a new service we do not yet have the resources to fully control the dataflow. We also, cannot control what these services may know about you from a data source unassociated with our platform.

At this time we make use of the following advertising technology partners:

  • None

As we enable more advertising partners or capabilities we will update these policies.

On cloud services

The Services operate on and store information on cloud providers. Such providers may include Google, Amazon, Microsoft, and potentially other such providers. They provide us with services such as Server hosting, Database hosting, Logging, Telemetry, Error Handling, Customer Service, Machine Learning Infrastructure, CDN services, Authentication Services, Denial of Service defenses, Firewall and security services, etc...

Google Authentication

Users may choose to authenticate and log in using Google OAuth authentication. During authentication, we request only the information from Google that is required for sign in:

  • email - View your email address

  • profile - View your basic profile info

  • openid - Authenticate using OpenID Connect

This information is used in the verification, authentication, and creation of your user account. Of the information provided during Google authentication, we store only your email address to complete the account configuration.

We may use your email from time to time to send notifications and other business communications.

On the geographical location of our data

Given that we have just begun our journey, all of our primary data and systems are located in the United States of America. However, our cloud providers do provide CDN services and data transmission services that may carry our content and even temporarily store our content outside of the geographical United States. Such storage and transmission is only in cached form and is limited to no more than 7 days of caching for all user and index sourced content.

If we actively move primary storage or processing overseas we will change these policy documents to reflect such a change.

Questions

You may direct questions to our feedback page