Privacy Policy

Last updated: March 13, 2026

1. Introduction

Welcome to TARZ. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

2. Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location.
  • Profile Data includes your username and password, purchases or orders made by you, portfolios, your interests, preferences, feedback and survey responses.
  • AI Interaction Data includes messages sent to our AI assistant, AI-generated responses, and session metadata (see Section 6).

3. How We Store Your Data & Blockchain Interaction

TARZ operates a hybrid infrastructure incorporating centralized and decentralized technologies. Personally Identifiable Information (PII) such as real names, email addresses, underlying private messages, and timestamps of consent are securely stored in our centralized database infrastructure.

Crucially, we do not store PII on the decentralized network or blockchain. Data synchronized to the decentralized structure is strictly anonymous and stripped of identifying factors (e.g., anonymized user hashes and artwork data). This structure ensures that we operate fully within the bounds of GDPR guidelines while still utilizing cutting-edge decentralized infrastructure.

4. Your Legal Rights (Right To Be Forgotten)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. This includes the right to request erasure of your personal data ("Right to be Forgotten").

If you invoke your right to be forgotten via the "Delete Account" mechanic on TARZ, all your associated PII will be permanently wiped from our centralized database. Due to the immutable nature of the decentralized ledgers we use for artwork hashes, orphaned data uploaded to the decentralized network will instantly fall back to rendering an anonymous "Deleted User" state, breaking any association with your former identity.

5. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

5.1 Affiliate Links & Shoppable Tags

TARZ participates in the Amazon Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. When you click on a Shoppable Tag or affiliate link on TARZ, you will be redirected to Amazon where Amazon's own Privacy Policy applies.

TARZ receives anonymized purchase data (such as product category and commission amounts) from Amazon for the purpose of tracking affiliate commissions. We do not receive your personal Amazon account details, payment information, or order specifics. Commission data is used solely to attribute earnings to creators and the platform.

6. AI Assistant & Automated Processing

TARZ provides an AI-powered assistant ("Jessica") for platform guidance and support. When you interact with Jessica, we collect and process the following data:

  • Chat Messages: Your messages and Jessica's responses are stored in our database to maintain conversation history, enable session continuity, and allow administrative review for quality assurance.
  • IP Address Hashing: Your IP address is cryptographically hashed (one-way, irreversible) using SHA-256 with a private salt before storage. We do not store your raw IP address. The hash is used only for rate limiting, session management, and abuse prevention.
  • User Agent: Your browser's user agent string is stored alongside chat sessions for security and analytics purposes.
  • Semantic Caching: Common questions may be cached along with their AI-generated responses. Cached data includes the query text, a SHA-256 hash of the normalized query, and the response. This caching improves performance and reduces costs. No personal data is included in cached entries.
  • Third-Party AI Processing: Your messages are transmitted to Google's Gemini API for response generation. Google's own privacy policy applies to data processed by their API. We do not send your personal identity, email, or account data to the AI model — only the conversation messages and platform context.

Legal Basis: We process AI interaction data based on our legitimate interest in providing platform support and improving the user experience (GDPR Art. 6(1)(f)). You may request deletion of your chat history by contacting us.

7. Bot Protection & Security Verification

TARZ uses Cloudflare Turnstile, an invisible challenge-response service, to protect the platform from bots and automated abuse. Turnstile may collect technical data such as your browser fingerprint and interaction patterns to determine whether you are a human user. This data is processed by Cloudflare under their privacy policy. We do not receive or store the raw data collected by Turnstile — only the verification result (pass/fail).

Additionally, we employ heuristic bot detection that analyzes request headers, user agent strings, and message patterns. These checks are performed in real-time and no additional personal data is stored as a result of these checks.

8. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact our Data Protection Officer implicitly through the platform helpdesk.