Effective: May 21, 2026
This Privacy Policy describes how ControvArt Labs Inc. ("we", "us", "our") collects, uses, and shares personal information when you use Conart ("the platform"). It is governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the laws of British Columbia.
1. What we collect
We collect personal information in the following categories:
Account information
Email address, username, display name, optional avatar image, and the timestamp when you accepted our Terms of Service.
Content you create
Posts (title, description, images), comments, votes, likes, bookmarks, and follow relationships.
Activity data
Login timestamps, notification preferences, and account settings.
Technical data
IP addresses and browser information recorded in server logs. We do not use tracking pixels, third-party analytics scripts, or advertising identifiers.
Cookies and local storage
We use a single session cookie to keep you logged in and browser local storage for your theme preference. No third-party cookies are set.
Moderation data
Content reports you file or receive, moderation decisions, warnings, suspensions, and audit log entries associated with your account.
2. How we use it
We use personal information only for the following purposes:
- Providing and operating the service (authentication, content delivery)
- Sending login links and notification emails you have opted into
- Moderating content and enforcing our Terms of Service
- Complying with legal obligations, including mandatory reporting of CSAM, NCII, and trafficking content to the relevant authorities
- Diagnosing technical problems using server logs
We do not use your personal information for advertising, profiling, or automated decision-making, and we do not sell it to third parties.
3. Who we share it with
Hosting provider
Our servers are operated by a US-based cloud provider. Your data is stored on their infrastructure under a data processing agreement. See section 4 for cross-border transfer details.
Law enforcement and regulatory authorities
We disclose information when required by Canadian law, a court order, or to comply with a mandatory reporting obligation — for example, reporting child sexual abuse material (CSAM) to the Canadian Centre for Child Protection (Cybertip.ca) and NCMEC, or referring trafficking content to the RCMP. We will notify you of any such disclosure where permitted by law.
We share no personal information with any other third party.
4. Cross-border data transfer
ControvArt Labs Inc. is based in British Columbia, Canada, and this platform is subject to PIPEDA. However, our servers are located in the United States. By creating an account, you acknowledge that your personal information is transferred to and processed in the US, where privacy protections may differ from those in Canada.
We take reasonable contractual steps with our hosting provider to protect your information in transit and at rest.
5. Data retention
Retention periods by data category:
Account data
Retained for as long as your account is active. When you delete your account, your public content is removed and your personal information is de-identified within 30 days, except where retention is required by law or an ongoing moderation matter.
CSAM, NCII, and trafficking content
Posts reported as child sexual abuse material (CSAM), non-consensual intimate imagery (NCII), or human trafficking content are hidden immediately on filing and preserved indefinitely as evidence for law enforcement. This content is not accessible on any public or user-facing surface and is never automatically deleted.
Removed posts
When a post is removed — by you or by a moderator — it is immediately hidden from all public surfaces. The post content (title, description, image, and tags) is retained during a grace period, then permanently deleted from the database and cloud storage: 7 days for posts you remove yourself, 90 days for posts removed by a moderator. Posts with an outstanding moderation report are excluded from automatic deletion and held until the report is resolved.
Server logs
IP addresses and request logs are retained for up to 90 days for security and diagnostic purposes, then deleted.
Moderation records
Reports, warnings, suspensions, and audit log entries are retained indefinitely to support consistent enforcement and dispute resolution.
6. Your rights
Under PIPEDA (and, for Quebec residents, Loi 25), you have the right to:
- Know what personal information we hold about you and request a copy
- Correct inaccurate or incomplete information
- Withdraw consent for uses beyond operating your account
- Request deletion of your account and associated personal data
- Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca)
Quebec residents: Loi 25 grants additional rights, including the right to data portability and to be informed of automated decision-making that significantly affects you. We do not engage in automated decision-making based on personal information.
To exercise any of these rights, contact us through our legal contacts page . We will respond within 30 days.
7. Users in the European Union
The platform is accessible to EU residents. ControvArt Labs Inc. acts as the data controller. Our legal basis for processing is the performance of a contract (operating your account) and, where applicable, compliance with a legal obligation. EU residents have the same rights listed in section 6 and may also contact their local data protection authority.
8. Changes to this policy
We will post any material changes to this page and notify registered users before they take effect. The effective date at the top of this page reflects the most recent revision. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
9. Contact
For privacy questions or to exercise your rights, visit our legal contacts page . You may also write to us at the mailing address listed there.