Cookie and Privacy Policy.

Mostra is operated by The Holy Art Gallery Ltd, a company registered in England and Wales. For any privacy question, write to us at privacy@mostra.art. We act as data controller for the personal data we handle through this site.

• Account data you give us when you sign up: email, display name, handle, role, and any profile fields you choose to publish.
• Artist content you upload: artwork images, descriptions, prices, shipping settings.
• Transaction metadata when you buy or sell: order id, amounts, and shipping address that you share with the other party.
• Messages you send through the on-site inbox.
• Basic technical data: IP address, browser, referrer, and pages viewed. Used to run the site and prevent abuse.
• Cookie choices you make in the preferences panel.

Mostra does not handle card details. Payments are processed by Stripe acting as the artist's payment provider. We do not store bank account or card numbers.

• To operate your account and show your profile and works.
• To connect buyers and artists for sales, shipping, and customer support.
• To prevent fraud and enforce our terms.
• To send transactional emails about your account and orders.
• To send marketing emails only when you have opted in, and you can unsubscribe at any time.

• Contract: to provide the service you signed up for.
• Legitimate interests: to keep the site safe and improve it, balanced against your rights.
• Consent: for non-essential cookies and marketing emails. You can withdraw it at any time.
• Legal obligation: to keep records required by law, such as tax and accounting.

• Stripe: to take payments on behalf of the artist and pay them out.
• Supabase: managed database, authentication, and storage for the site.
• Cloudflare: hosting and content delivery.
• Email provider: to send transactional and opt-in marketing emails.
• Other Mostra members only when you choose to: messages, follows, orders.

We do not sell your personal data and we do not share it with advertisers.

Some providers process data outside the UK and EEA. When that happens we rely on the UK International Data Transfer Agreement or EU Standard Contractual Clauses and equivalent safeguards.

Account data is kept for as long as your account is active. If you delete your account we remove your profile and unpublished content within 30 days. We may keep limited records of completed sales for tax and accounting for up to 7 years.

You have the right to access, correct, port, restrict, object to, and delete your personal data. You can also lodge a complaint with the UK Information Commissioner's Office (ICO) or your local EU supervisory authority. To exercise a right, email privacy@mostra.art and we will reply within 30 days.

We use a small set of cookies, grouped into four categories.

• Strictly necessary. Sign-in session and security. Always on, cannot be turned off.
• Functional. Remembering your currency, theme, and preferences. On by default, can be turned off.
• Performance and analytics. Aggregated, privacy-respecting usage stats. Off until you opt in.
• Marketing. We do not run third-party advertising trackers on Mostra.

You can change your choices at any time from the Cookie preferences link in the footer.

Mostra is not directed to children under 16. If you believe a child has given us personal data, contact us and we will remove it.

We will update this page when our practices change and revise the date at the top. Material changes will be announced by email or in-app banner.

The Holy Art Gallery Ltd, London, United Kingdom. privacy@mostra.art. See also our Terms.