Art Metadata (AMD) is an integrated collection management and art market price database. Our platform allows art collectors and their advisors to easily manage and track collection assets with our robust inventory management and reporting capabilities.

     ●         Manage your collection from anywhere – desktop, mobile phone, tablet

     ●         Robust collection management tools to track purchase, location, appraisal history and more

     ●         Store documents related to specific assets and your collection

     ●         Stay informed of upcoming and recent sales for the artists you own or are interested in with automated alerts

     ●         Print custom reports, tear sheets, and more

Art Metadata also simplifies art market research with our robust auction price database containing over 6MM records. Our price database allows you to:

     ●         View instant auction price comparables for past or upcoming sales

     ●         Assess the strength of an artist’s auction market using AMD’s summary statistics

     ●         Easily discover and share auction results

     ●         Save and share artworks of interest

Privacy and security are top priority. The Art Metadata application and data are hosted with Amazon Web Services(AWS), leveraging their best-in-industry security and 24/7 security monitoring. This document details our security and privacy practices. For more information please email info@artmetadata.io

‍

Data Security                  

Art Metadata’s infrastructure, application, and data are hosted with Amazon Web Services (AWS). AWS has received the highest rating of Strong in Gartner’s 2022 Cloud Infrastructure and Platform Services.

‍

‍

We leverage best-in-industry security and 24/7 security monitoring. Our servers require two-factorauthentication and 256-bit SSL certificates. With AWS, we have granular access controls combined with continuous monitoring so both the application and your data is highly secure.

AMD data is stored using ​Amazon Web Services (AWS) ​Relational Database Service (RDS). We employMulti-availability zone architecture and automated backups. Files and images are stored using AWS ​Simple Storage Service (S3) which offers durability of 99.999999999% and redundant storage across multiple facilities.                                                                                  

Data Backup                                                          

We create a backup of our databases on a daily basis and store the last 5 days of backups. In the highly unlikely event that the primary database fails, AWS automatically switches to the backup database, and this backup includes the entire database.
                                                                     

Data Removal Upon Deletion of Account                                                                  

All data is deleted from the Art Metadata database upon receipt of a request from the Account Owner. Art Metadata has a secure process in place for any requests of this nature. We will not restore an account once it has been deleted.
                                                                     

No On-Site Storage of Data                                                                  

Absolutely no data is stored on site at any Art Metadata office. Please see ​Data Storage for further information.                                                                                                                                                              

Secure Access to AWS

System Administrators connect to all AWS services using secure HTTPS/TLS 1.2connections. Their AWS accounts require 2FA and highly secure passwords. Identity and Access Management is a service offered by AWS that is used to control the level of access users have to AWS. Developer access to AWS is logged and monitored.
                                                         

Key Management                                                    

Permission keys used by AMD System Administrators to access or modify AWS are managed in a highly secure fashion. Keys are never shared over a digital network and are only stored on encrypted devices which meet United States government security standards.                                                          

AWS Firewalls

Images, documents and other assets that are stored using AWS S3 are securely accessed and served directly from the firewall-protected VPC or using the AWS Cloud front service, which is a global content delivery network that transfers encrypted asset data to your device from the nearest AWS S3 data center.

Data Center Compliance

All AWS data centers are compliant with multiple audit and review protocols. These include:                  

●SOC1: A Service Organization’s Control 1 (SOC 1) is a report on controls which are relevant to user entities’ internal control over financial reporting.                                                    

●SSAE 16/ISAE 3402 (formerly SAS 70): Statement on Standards for Attestation Engagements 16 (SSAE16) is an American Institute of Certified Public Accountants (AICPA) auditing standard intended to provide customers and prospective customers with third-party validated visibility of a service provider’s controls. SSAE 16 is an American standard consistent with the international standard, ISAE 3402.                                                              

●SOC2Type2:  A Service Organization’s Control 2 (SOC 2) Type 2 is an additional report specifically designed for organizations such as software as a service (SaaS) vendors, data centers and other technology and cloud computing-based businesses. A Type 2 report includes the auditor’s opinion on whether the service’s internal controls are operating effectively and describes the test of the controls performed by the auditor to form that opinion.                                            

●SOC3: A Service Organization’s Control 3 (SOC 3) is an additional report which outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy.                                                    

●FIPS 140-2: The Federal Information Processing Standard Publication 140-2,(FIPS PUB 140-2), is a U.S. government computer security standard used to accredit cryptographic modules.    

●MTCS Level 3: The Multi-Tier Cloud Security (MTCS) is an operational Singapore security management Standard (SPRING SS 584:2013), based on ISO 27001/02Information Security Management System (ISMS) standards.

AWS Facilities / Data Center Security

All AWS data centers are built with robust physical security. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled, both at the perimeter and at building ingress points, by professional security staff utilizing video surveillance, intrusion detection systems and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification, and are signed in and continually escorted by authorized staff. AWS provides data center access and information only to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, access is immediately revoked, even if he or she continues to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.

Payment Processing Compliance

AMD utilizes Stripe for our payment processor.  

We leverage Stripe’s expertise to ensure we are Payment Card Industry (PCI)compliant annually (https://stripe.com/guides/pci-compliance).The Payment Card Industry Data Security Standard (PCI-DSS) is administered and managed by the ​Payment Card Industry Security Standards Council (PCI-SCC), an independent body created jointly by the major credit card brands. The PCI-DSS​is a set of requirements designed to ensure that all companies which process, store or transmit credit card information maintain a secure environment.

Their Privacy Policy can be viewed at https://stripe.com/us/privacy

Art Metadata Account Security  

 AMD client data security is top priority. All data is encrypted in transit. All connections to Art Metadata servers are through ​Hypertext Transfer Protocol Secure ​(HTTPS). HTTP is the protocol over which data is sent between your web browser and the majority of websites and apps on the Internet. The HTTPS protocol adds security by encrypting your data while it is being transferred, through the use of TLS 1.2 protocols. TLS 1.2 is the global standard for encrypting Internet data transfers.    

Art Metadata is optimized for Chrome on iOS, OS X, and Windows. We also offer iOS and Android apps which have been vetted by Apple and Google’s application teams.

‍

‍

Accounts are locked after 5 failed login attempts for additional safeguarding.

Two Factor Authentication

For added security, we offertwo-factor authentication as an additional account security option. You can opt into 2FA on the account setting page.

‍

You can use your phone number (SMS), email, or Google Authenticator. If 2FA is turned on you must provide your username, password, and one-time security code sent by SMS, email, or generated in Google Authenticator at the time ofsign-in.

Data Privacy

Art Metadata, a Delaware C-Corp, is an independent, wholly-owned subsidiary of Gurr Johns. There is no data sharing between Art Metadata and Gurr Johns. Art Metadata will not share your personal information or collection with Gurr Johns without your explicit consent.

From a technology perspective, Art Metadata’s technology and cloud infrastructure are entirely separate and neither has access to one another’s servers.

‍
If you have been given access to Art Metadata in conjunction with services rendered by Gurr Johns, your account is housed within the Gurr Johns company account and Gurr Johns has access to your collection data. Otherwise, Gurr Johns cannot see or access user data.

‍
All of our client data is segregated from our auction data and is housed in a separate, highly secure database.  

Art Metadata does not have access to your password or payment information.

Client Support                                                  

If an Art Metadata user requests support, our customer success team may need access to the account to provide service / resolve the issue.                                        
                                     

Importing Collection Data                                                          

If you’ve contracted with Art Metadata to receive collection on-boarding support, the Customer Success team will securely store the files provided. Once the uploading process is complete, all documents pertaining to the Account Owner’s collection are permanently deleted.

Authorized Users                                                              

The Account Owner may create additional authorised users within the account, specifying the level of view-only access for each of these users. Any additional user may have their access revoked at any time.

Further references

For further information, refer to Art Metadata’s Terms & Conditions and Privacy Policy.

‍