Privacy Policy
Last updated: 14 May 2026
Who we are
Meridian's Fine Art Marketplace operates the online art marketplace at meridians.art. This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform.
How we use your information
We use your data to operate the marketplace, send transactional emails (verification, password resets, offer notifications), moderate listings, improve the platform through anonymised analytics, and protect against fraud. We do not sell your personal data to third parties. We do not use your data for advertising.
Data retention
We retain your account data for as long as your account is active. If you close your account, we will delete your personal information within 30 days, except where we are required by law to retain it. Artwork images are deleted when a listing is removed.
Security
We implement reasonable technical and organisational measures to protect your data, including password hashing (bcrypt), HTTPS, rate limiting on sensitive endpoints, and JWT-based session management. No method of transmission over the internet is 100% secure.
Cookies
Meridian's uses a single session cookie to keep you logged in. We do not use third-party tracking cookies or advertising pixels. No cookie consent banner is required for purely functional cookies.
Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of Meridian's after changes take effect constitutes acceptance of the revised policy.
Contact
For privacy questions or data requests, contact us at andrew.kassatly@meridians.art.
Information we collect
Information you provide directly:
- Account: name, email address, and password (stored as a bcrypt hash).
- Profile: display name, bio, location, website URL, and gallery avatar.
- Listings: artwork title, description, images, provenance, dimensions, and asking price.
- Transactions: offer amounts and messages exchanged between buyers and sellers.
Collected automatically:
- Log data: IP addresses, browser type, pages visited — used for security and rate-limiting.
- Session data: a JWT session cookie to keep you logged in.
Data sharing
- Buyers and sellers: when a buyer enquires, their name and email are visible to the seller.
- Service providers: Neon (PostgreSQL), Vercel (infrastructure and storage), Resend (transactional email).
- Legal requirements: we may disclose information if required by law or valid public authority requests.
Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Object to or restrict certain processing.
- Data portability.
To exercise any of these rights, contact us at andrew.kassatly@meridians.art.