The [(In)Visible] Million Project
Privacy Notice

Privacy Notice

Controller: The [(In)Visible Million Project info@theinvisiblemillion.com

What we process

  • Public contribution: your chosen grid coordinates (X/Y), your selected color (hex), and a server timestamp — shown on the public mosaic.
  • Payment verification data: minimal metadata needed to confirm a payment (e.g., amount and currency; Stripe session ID and/or PayPal order/transaction ID; payment status; verification timestamp). Card or bank details never touch our servers and are handled directly by Stripe/PayPal.
  • Technical & security artefacts: IP address, user-agent, and anti-abuse identifiers (e.g., a hashed device fingerprint for guest redemptions), single-use token IDs (JWT jti) and session map entries, and invite code use timestamps.
  • On-device storage (browser): in-progress choices (e.g., selected coordinates/color and flow state) saved in your own browser via localStorage/sessionStorage; this stays on your device unless you complete a payment and lock a square.

What we do not store

  • Card numbers, bank credentials, or payment instrument details.
  • Names, emails, postal addresses, or phone numbers from payment providers.
  • Analytics/advertising identifiers (we do not run analytics or ads).

Why we use your data

To process your payment and let you lock one square in the mosaic; to operate, secure, and improve the site; and to prevent fraud/abuse.

Legal basis (EU/EEA)

  • Performance of a contract (process the payment and lock your square).
  • Legitimate interests (operate the service, provide security, and prevent abuse — we perform a balancing test).
  • Legal obligations (resolve disputes, prevent fraud, comply with financial rules where applicable).

Sharing

We share data only with essential service providers:

  • Stripe and PayPal for payments. On their hosted checkout pages they act as independent controllers and may set cookies or use device signals for fraud prevention. See their privacy notices.
  • Hosting (e.g., Render.com + managed PostgreSQL) to run our infrastructure.

We do not sell personal data.

Retention

  • Public mosaic data (X/Y, color, timestamp): kept indefinitely as part of the artwork.
  • Payment verification artefacts (session/order IDs, token/jti records linked to a payment, payment status): deleted within 7 days unless required longer to resolve a support, dispute, chargeback, or fraud issue.
  • Security & anti-abuse artefacts:
    • single-use token IDs (jti) and invite code use: up to 30 days;
    • temporary session token map entries: about 1 day;
    • server security logs (IP, user-agent, timestamps): up to 30 days and then deleted or aggregated.
  • On-device storage: remains in your browser until you clear it (we cannot access it).

International transfers

Our servers and providers (including hosting in Oregon, USA) may process data outside your country. Where personal data from the EU/EEA is transferred to third countries, we rely on Standard Contractual Clauses and, where the provider participates, the EU–US Data Privacy Framework, together with supplementary measures following EDPB Recommendations 01/2020. See our providers’ privacy notices for details.

Your rights

EU/EEA users have the right to access, rectification, erasure, restriction, portability, and objection. You can contact us to exercise these rights (subject to identity verification). Currently our website is managed in Italy. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante): garanteprivacy.it.

Note: the mosaic is a public artwork; removing already-published coordinates/colors may not be feasible without harming the integrity of the artwork. This does not affect your rights for payment/technical data.

Cookies & similar technologies

We do not set first-party analytics or advertising cookies. Stripe/PayPal may place cookies or use device fingerprinting on their pages to enable payments and prevent fraud.

Children

This site is not directed to children. If you believe a child has submitted information, please contact us.

Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

Last updated: 6 November 2025