Privacy Policy
Last updated: 31 May 2026
Introduction
RROWM Registry (“RROWM”, “we”, “us”) provides infrastructure for recording and verifying information about artworks. This policy describes how we collect, use, and protect personal and registry data when you use our platform as an artist, collector, gallery, or visitor.
RROWM is designed for cultural institutions, provenance continuity, and registry integrity. Where account deletion would compromise the integrity of the public record, we may retain certain registry artefacts in anonymised or pseudonymised form, as described below.
Who we serve
Accounts may be associated with different roles (artists, collectors, and galleries), each with distinct permissions and profile surfaces. We process the information needed to operate accounts, registry records, and optional public presence you choose to enable.
Data we process
Accounts and identity
We process identifiers and profile data you provide (such as name, email, and role-related fields) to authenticate you, display agreed profile information, and communicate about your account and the service.
Ownership and provenance
The registry may store ownership-related events, transfers, and claims submitted by authorised parties. This information supports the provenance record; it is not a substitute for legal title and may be subject to verification rules and visibility settings.
Value and financial metadata
Declared values, currencies, and related events may be stored where you or your collaborators submit them. Visibility can be constrained by record type and your choices; some aggregates may appear in product surfaces without exposing underlying line items.
Registry and artwork records
We process titles, identifiers, media references, verification status, certificates, and similar fields needed to operate the registry and linked public pages.
Account lifecycle and audit data
When you manage your account, including deactivation, data export, or deletion requests, we process security and audit information (such as timestamps, event types, and technical metadata like IP address and browser user agent) to protect the service, demonstrate compliance, and maintain an immutable record of account lifecycle events. This audit data is retained separately from routine activity feeds and is not deleted when your sign-in credentials are removed.
Visibility: public vs private
Certain information may appear on public registry or profile surfaces when you publish or verify content. Other data remains visible only to you, to counterparties where the product allows, or to administrators for security and compliance. Specific controls depend on feature design and your settings at the time of submission.
You can adjust many visibility preferences from My Account. Deactivating or deleting your account will hide your public profile as described in the account management section below.
Account management and self-service tools
Signed-in users can manage privacy and account data from My Account → Privacy & data. The following tools are available subject to your account status and applicable law.
Download my data (right of access / portability)
You may request a copy of personal data associated with your account, including profile information, registry records linked to you, certificates, activity history, and related metadata. Exports are generated asynchronously and delivered by email when ready. Data is provided in structured JSON, with CSV extracts where applicable. Download links expire after a limited period for security.
Deactivate account
You may temporarily deactivate your account. While deactivated, you cannot sign in and your public profile is hidden. Registry ownership and records on file are preserved. You may reactivate later by signing in and confirming your identity. Deactivation requires password confirmation for email/password accounts.
Delete account
You may request permanent deletion of your account through a multi-step confirmation flow in My Account. Deletion is not immediate: after you confirm, your account enters a 30-day recovery period during which you are signed out, access is disabled, and personal profile data is hidden. You will receive email confirmation with a link to restore your account before the scheduled deletion date.
After the recovery period, we permanently remove your sign-in credentials and private account data. We send a final confirmation email when deletion is complete.
What may be retained after account deletion
RROWM is a provenance and registry platform, not a general social network. To preserve record integrity, audit history, and the continuity of the public registry, the following may remain on file after your account is deleted, typically in anonymised or pseudonymised form:
- Provenance and ownership event history required to maintain an unbroken chronology
- Certificates, verification records, and issuance snapshots created while you participated in the registry
- Immutable audit log entries relating to account lifecycle events
- Registry records where removal would impair the integrity or reliability of the public record
Where personal identifiers would otherwise appear on retained registry artefacts, we replace them with a neutral label (such as “Deleted User”) while preserving the underlying record chain. This approach reflects our legitimate interests and, where applicable, legal obligations to maintain accurate cultural registry records.
Cookies and similar technologies
We use cookies and local storage as needed for core functionality (such as session continuity, security, and preferences). Where we rely on non-essential cookies or measurement, we will ask for your consent where required before activating those features.
Analytics
We may use privacy-conscious analytics to understand how the product is used. Non-essential measurement is gated behind your cookie preference where applicable.
Third-party services
We use infrastructure and service providers to host the platform, process authentication, deliver email, and handle payments where applicable. For example, payment processing may be provided by services such as Stripe; their use is subject to their own terms and privacy notices. We share only what is needed for the service you request.
Retention and security
We retain information for as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce our agreements. Account lifecycle audit logs may be retained for a longer period where required for compliance, security investigations, or registry integrity.
Data export files are retained only until their expiry date, after which they are removed from active systems. We apply administrative, technical, and organisational measures appropriate to the nature of the data and risk, including re-authentication for sensitive account actions, rate limiting, and access controls.
Your rights
Depending on where you live, including under the UK GDPR, EU GDPR, and comparable laws, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability.
How to exercise your rights
- Access and portability: use Download my data in My Account, or contact us if you cannot access your account
- Erasure: use Delete account in My Account (subject to the recovery period and registry retention described above)
- Correction: update profile fields in My Account, or contact us if you need assistance
- Other requests: contact us using the details below; select “Privacy or data rights” where available
We may need to verify your identity before responding. We will respond within the timeframe required by applicable law. Where we cannot fully erase data because of registry integrity requirements, we will explain our lawful basis for retention and the measures taken to minimise personal data (such as anonymisation).
You may lodge a complaint with your local data protection supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO).
International transfers
If we process data across borders, we take steps designed to ensure appropriate safeguards in line with applicable law.
Changes
We may update this policy from time to time. Material changes will be indicated by revising the date above and, where appropriate, through additional notice in the product.
Contact
For privacy-related questions or data rights requests you cannot complete in My Account, please use the contact form and select Privacy or data rights as the subject.