ARCHFORMLIBRARY

PRIVACY

Privacy Policy

This privacy policy describes how ArchForm Library collects, uses, and stores personal data, in accordance with the General Data Protection Regulation (GDPR).

Data Controller

ArchForm Library is a personal, non-commercial project. For questions about this privacy policy, you can contact us via the contact details available through the project.

Collected Data

ArchForm Library collects minimal personal data:

  • Email address: Only for administrators who log in to the admin section. This email address is used for authentication and is not shared with third parties.
  • Session data: During a logged-in session, technical data is stored to manage the session (via NextAuth session cookies).
  • Browser storage (localStorage): Filter preferences (such as selected categories, search queries, and view settings) are stored locally in your browser to improve user experience. This data is stored only on your device and is not transmitted to our servers. You can clear this data at any time through your browser settings.

For regular visitors who only browse the library, no personal data is collected. Only technical preferences (filter settings) are stored locally in your browser.

Purpose of Data Processing

Personal data is used exclusively for:

  • Authentication and access control for administrators
  • Management of the asset library and projects
  • Technical operation of the website

Retention Period

Session data is automatically deleted when you log out or when the session expires. Email addresses used for authentication are retained as long as access to the admin section is needed.

Sharing with Third Parties

Personal data is not shared with third parties. The website uses external services for technical hosting (Vercel), database (MongoDB Atlas), and file storage (Cloudinary), but these services only have access to technical data necessary for the operation of the service.

External APIs (Admin use only): When administrators use certain features in the admin section, the following external APIs may be accessed:

  • Pexels API: Used for searching and downloading stock photos. Search queries are sent to Pexels, but no personal data is shared. See Pexels Privacy Policy.
  • Unsplash API: Used for searching and downloading stock photos. Search queries are sent to Unsplash, but no personal data is shared. See Unsplash Privacy Policy.
  • Iconify API: Used for searching and downloading icons. Search queries are sent to Iconify, but no personal data is shared. Iconify is a public API service. See Iconify Privacy Information.
  • AI Metadata Services (Optional): If configured, administrators may use optional AI services (such as Replicate, HuggingFace, or OpenAI) to generate image metadata. When used, image data is sent to these services for processing. This feature is optional and only used when explicitly enabled by administrators. Please refer to the privacy policies of the respective AI service providers if this feature is used.

These external APIs are only accessed when administrators actively use the corresponding features. Regular visitors do not interact with these services.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You have the right to know what data about you is being processed.
  • Rectification: You have the right to have incorrect data corrected.
  • Erasure: You have the right to have your data deleted.
  • Objection: You have the right to object to the processing of your data.
  • Data Portability: You have the right to receive your data in a structured format.

To exercise these rights, you can contact us via the contact details available through the project.

Filing a Complaint

If you believe that the processing of your personal data is not in accordance with the GDPR, you have the right to file a complaint with the Data Protection Authority (GBA):

Gegevensbeschermingsautoriteit / Autorité de protection des données
Drukpersstraat 35 / Rue de la Presse 35, 1000 Brussels
Tel: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.gegevensbeschermingsautoriteit.be

Changes

This privacy policy may be updated. The date of the last update is indicated at the bottom of this page. We advise you to consult this page regularly.

Last updated: January 29, 2026

See also: Cookie Policy · Legal & copyright · Back to ArchForm Library