Last updated: March 7, 2026
manywalls ("we", "us") is a digital exhibition platform for artists. This policy explains what data we collect, why, and how we protect it when you use manywalls.art or the manywalls mobile app.
manywalls is operated by SAS Basaltbytes, 23 rue des Foucherolles, 97490 Saint-Denis, La Réunion, France (SIRET 982 529 638 00016).
What we collect
When you reserve a space (marketing site)
- Artist name and email address — to register your handle and contact you when we launch.
When you create an account (mobile app)
- Email and name — via Google Sign-In or Apple Sign-In.
- Artist profile — handle, display name, bio, avatar image, location (optional), and social media links (optional) you provide.
When you build exhibitions
- Artwork images — photos you upload from your camera or photo library.
- Exhibition content — titles, descriptions, wall arrangements, and text you write.
When you subscribe to optional paid features (mobile app)
- Subscription records — product identifier, store, subscription status, purchase, renewal, expiration, cancellation, grace-period, or billing-issue dates, transaction identifiers, and a subscription management URL provided by the relevant app store.
- App account identifier — an internal identifier we share with RevenueCat so purchases can be linked to your manywalls account and restored on your device.
- Payment details — Apple or Google processes your payment. We do not receive your full card number or bank account details.
Automatically
- Device preferences — theme setting (light/dark), stored locally on your device only.
- Product analytics (PostHog, mobile app) — event data about how key features are used (for example sign-in, onboarding completion, exhibition creation/publishing/sharing, artwork saving, paywall presentation/conversion, sign-out, and account deletion), plus screen names derived from sanitized route segments (without query parameters).
- Analytics identity — after sign-in, we may associate analytics events with an internal manywalls account identifier to understand account lifecycle over time.
- Error reporting (Sentry, mobile app) — technical diagnostics needed to detect and fix failures, such as stack traces, app version, OS/device metadata, timestamps, and related technical context.
- Sentry is used for error reporting only (no ad tracking, no session replay, and no behavioral analytics).
- In the mobile app, Sentry is configured with
sendDefaultPii: falseand PostHog withdisableGeoip: true. - We do not use advertising SDKs or tracking pixels.
- We do not use PostHog session replay, touch autocapture, or form capture. We also avoid sending artwork text, exhibition titles/slugs, raw authentication error messages, or payment card details in analytics events.
- If the PostHog API key is not configured in the app environment, PostHog analytics is disabled and no analytics events are sent.
When you report content
- Your name and email address — provided by you in the report form, used to acknowledge receipt and inform you of the outcome.
- Report details — the reason you selected, any additional comment you provided, and the exhibition you reported.
How we use your data
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the manywalls service — store your exhibitions, display your artworks, manage your account | Performance of a contract |
| Send transactional emails — reservation confirmations and account verification | Performance of a contract |
| Process optional subscriptions — present paywalls, validate purchases, restore purchases, and sync premium access | Performance of a contract |
| Understand product usage — measure key product flows using minimal PostHog event data | Legitimate interests |
| Monitor reliability and fix bugs — capture technical errors and crash diagnostics through Sentry | Legitimate interests |
| Process artwork images — optional background removal using Google Gemini, after which temporary processing data is deleted | Your consent (user-initiated) |
| Process content reports — acknowledge receipt, investigate, and communicate decisions | Legal obligation (DSA, EU Regulation 2022/2065) |
| Comply with legal obligations — respond to lawful requests, enforce our Terms | Legal obligation |
We do not sell your data. We do not use it for advertising.
Third-party services
We share the minimum data necessary with these services:
| Service | Data shared | Purpose |
|---|---|---|
| Convex | Account, profile, exhibition data | Database and backend |
| Cloudflare R2 | Artwork images | Image storage |
| Resend | Email address | Transactional emails |
| Google Gemini | Artwork images (temporarily) | Background removal |
| RevenueCat | App account identifier, subscription status, product ID, store, transaction and renewal metadata | Subscription processing and entitlement sync |
| Apple App Store / Google Play | The purchase is processed through your store account; we receive subscription and transaction status metadata, not full payment details | In-app billing and subscription management |
| Google / Apple | OAuth tokens and basic profile information | Authentication |
| PostHog | Minimal product analytics events, screen names, internal account identifier (when signed in) | Product analytics |
| Sentry | Technical error and crash diagnostics | Error monitoring |
No data is shared with advertisers or data brokers. Analytics and monitoring processors are limited to the providers listed above.
Data transfers
Your account, profile, exhibition, and subscription metadata is stored in the EU (Convex EU region). Artwork images and certain services (Cloudflare R2, Resend, Google, Apple, RevenueCat, PostHog, Sentry) may involve transfers to the United States. These transfers are protected by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs), as applicable per provider.
Device permissions
The mobile app may request:
- Camera — to photograph artworks directly from the app.
- Photo library — to select existing photos of your work.
These permissions are only used when you actively choose to add an artwork. We never access your camera or photos without your action.
Data storage and security
- Cloud data is stored on Convex (database) and Cloudflare R2 (images), both encrypted at rest.
- Subscription metadata we store (for example plan, store, renewal status, and transaction references) is kept in Convex. Payment card details are processed by Apple or Google, not stored by manywalls.
- Authentication tokens are stored in your device's secure storage (iOS Keychain / Android EncryptedSharedPreferences).
- All connections use HTTPS encryption in transit.
Data retention
- Your account and exhibition data are kept as long as your account exists.
- Subscription metadata associated with your account is kept while your account exists and is deleted with your account, subject to backup retention and any legal obligation to preserve limited records.
- When you delete an artwork, its images are removed from storage.
- Reservation data is kept until you convert to a full account or request deletion.
- Product analytics and error-monitoring records are retained for limited periods defined in PostHog and Sentry project settings, then deleted or aggregated according to those settings.
- You can delete your account and all associated data at any time:
- From the mobile app: Settings → Delete Account
- From the web: manywalls.art/account/delete
- Account deletion is immediate and permanent. All exhibitions, artworks, and profile data are removed at the moment of deletion. Uploaded image files are queued for removal from external storage and are purged within minutes.
- Report data (reporter name, email, reason, comment) is retained for 12 months after the report is resolved, then reporter contact details are anonymized.
Your rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your account and associated data ("right to be forgotten") — available self-service in the app and at manywalls.art/account/delete, or by contacting us
- Restrict processing of your data
- Object to processing based on legitimate interests
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing
Contact us at the address below to exercise these rights. We will respond within 30 days.
You also have the right to lodge a complaint with the CNIL (cnil.fr) or your local data protection authority.
Children
manywalls is not directed at children under 13. We do not knowingly collect data from children.
Changes
We may update this policy. Material changes will be communicated through the app or by email.
Contact
For privacy questions or data requests: privacy@manywalls.art