Publicly available data: we aggregate public IRS Form 990 and state charity registry data, which inherently includes names, titles, and compensation of nonprofit officers. We do not alter this public record.
User-provided data: if you claim an organization profile to add narrative context, you own that data. We never sell your personal or organizational data.
Security baseline: we enforce encryption in transit and at rest, strict role-based access controls, and minimize data storage to essentials.
Overview & our role
ArtMetrics.co ("ArtMetrics," "we," "us") provides governance intelligence for the arts and culture nonprofit sector. This policy outlines our data handling practices for both the publicly sourced data we structure and the user data we collect when organizations and subscribers interact with our platform.
Processing of public IRS & state data
Sources: IRS Form 990 financials, IRS TEOS XML Part VII officer data, IRS TEOS XML Part III program narratives, and state charity registries (e.g., NM, OR, CO).
Personal data in public records: these filings legally mandate the disclosure of named officers, titles, hours worked per week, and compensation. We process this data under the legal basis of legitimate public interest and transparency.
Accuracy & latency: we display the data as filed. Because IRS releases can be delayed, we timestamp all data and do not alter the historical public record.
Information you provide to us
Account information: name, email address, organization affiliation, and role, when you register or purchase a report or subscription.
Narrative context: text or corrections you provide when managing a claimed organization profile.
Usage data: application logs, timestamps, and feature interactions, used strictly to improve the platform and maintain audit trails.
How we use information
User-provided data is used exclusively to provide and improve the ArtMetrics platform: authenticating users, fulfilling report and subscription orders, facilitating profile claims, and communicating service updates. We do not sell your personal data to third parties or data brokers.
Data security & retention
Encryption: data is encrypted in transit (TLS) and at rest.
Access controls: we use role-based access control; only authenticated, authorized personnel can access infrastructure systems.
Retention: we practice data minimization. User account data is retained only as long as the account is active; upon deletion, user-provided data is purged within 30 days, though audit logs may be retained for security compliance.
Your rights (CCPA / GDPR)
If you are a resident of California or the European Economic Area, you may request access to, correction of, or deletion of the personal data you have provided to us. To correct errors in public IRS filings, you must file an amended return with the IRS — we cannot overwrite the public historical record. To exercise these rights, contact us at privacy@artmetrics.co.