MONOCHRONICLE

GNV URBAN ART LLC d/b/a Monochronicle | Florida, United States

Privacy Policy

Effective Date: July 6, 2026 | Last Updated: July 6, 2026

1. Introduction

Welcome to Monochronicle, operated by GNV URBAN ART LLC out of Florida, United States. We serve artists, arts administrators, jurors, and arts organizations globally. This Privacy Policy explains how we collect, use, store, protect, and share your information in connection with our platform and professional services.

Monochronicle is committed to responsible and transparent data practices. Our AI systems are governed by the NIST AI Risk Management Framework (AI RMF 1.0). Our privacy practices comply with the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR), and other applicable laws.

The Platform is intended for users who are at least 18 years of age. By using the Platform or engaging our services, you agree to the practices described in this Policy.

2. Our Role: Data Controller and Data Processor

Monochronicle acts in two distinct capacities depending on how your data reaches us:

•       When you interact with us directly — for example, by creating an account, building an artist profile, subscribing to the Knowledge Base, or contacting us — Monochronicle is the data controller (the "business" under CCPA/CPRA) of your personal information, and this Policy applies in full.

•       When an arts organization engages our services — for example, by submitting artist application materials for Pay-Per-Review processing — the arts organization is the data controller of those materials, and Monochronicle acts as a data processor (a "service provider" under CCPA/CPRA), processing the materials solely on the organization’s documented instructions to deliver the commissioned service.

Artists whose materials were submitted to us by an arts organization should direct questions and data-rights requests to that organization. Where we act as a processor, we will forward any request we receive to the relevant organization and assist it in responding as required by law. A Data Processing Agreement (DPA) is available to organization clients upon request at [email protected].

3. What Data We Collect

3.1 Personal Information

•       Name, email address, phone number, and mailing address

•       Demographic data voluntarily provided (such as age, race, gender, and location) to support our diversity and equity goals — this data is never used for automated decision-making. Where such data constitutes "sensitive personal information" under applicable law, we use it only for the limited purposes permitted without triggering a right-to-limit obligation, and you may exercise your right to limit its use at any time (see Section 11)

•       Professional information including artist statements, bios, portfolio materials, CVs, proposals, and cover letters

•       Account credentials (username and encrypted password)

3.2 Usage and Technical Data

•       IP address, browser type and version, operating system, and device identifiers

•       Pages visited, time spent, clicks, search queries, and other behavioral metrics

•       Session data and referral sources

3.3 Service-Related Data

•       Artist application materials submitted by arts organizations for AI-assisted evaluation, including portfolios, resumes, cover letters, images, and project proposals

•       Knowledge base queries submitted through the platform

•       Consulting engagement information including program documentation, criteria briefs, and scoring rubrics shared with us for review

•       Juror ratings and evaluation notes associated with applications

•       Survey responses and platform feedback

3.4 Data Received from Arts Organizations

When arts organizations engage Monochronicle for AI-assisted evaluation services, we receive artist materials — including portfolios, resumes, cover letters, and personal contact information — from that organization. By engaging our services, arts organizations represent and warrant that they have lawful authority to provide such materials for professional review and AI processing. As described in Section 2, Monochronicle processes these materials as a service provider on the organization’s behalf. Artists whose data is provided in this context should contact the relevant arts organization with questions about how their data was shared.

3.5 Payment Data

Payments are processed by third-party payment processors (such as PayPal) or by check or wire transfer. We do not store full payment card numbers. Payment processors receive only the information necessary to complete the transaction and handle it under their own privacy policies.

3.6 Cookies and Tracking Technologies

We use cookies and similar technologies. See Section 12 for details.

4. How We Use Your Data

•   Open Call Platform services: To publish and administer open call listings, facilitate artist applications, deliver submitted materials to the sponsoring organization, enable communications between artists and organizations, provide application management and rating tools, and operate related platform features.

•       Pay-Per-Review service delivery: To process artist application materials through our AI summarization system, generate evaluation reports, and layer professional expert commentary for delivery to arts organizations and jurors 

•       Knowledge Base service: To respond to queries submitted through the knowledge base platform and improve the accuracy and coverage of our curated content

•       AI Consulting services: To analyze program documentation, draft criteria and eligibility language, and develop evaluation frameworks for arts organization clients

•       Platform operation: To maintain artist profiles, marketplace features, and account management

•       Payment processing: To process transactions, artist payouts, and billing through our payment providers

•       Communications: To respond to inquiries and, with your consent, send service and promotional communications

•       Legal compliance and security: To comply with applicable laws, enforce our Terms and Conditions, prevent fraud, and protect platform security

•       Analytics: To understand how users interact with the Platform in order to improve our services

5. Legal Basis for Processing (GDPR — EU/UK Users)

•       Contract performance (Art. 6(1)(b)): Processing necessary to deliver the services you have engaged

•       Legitimate interests (Art. 6(1)(f)): Platform security, analytics, fraud prevention, and service improvement

•       Legal obligation (Art. 6(1)(c)): Compliance with applicable law

•       Consent (Art. 6(1)(a)): AI training data use, marketing communications, and non-essential cookies — you may withdraw consent at any time

6. AI-Powered Features — Disclosures

Monochronicle uses artificial intelligence to power several core features. In accordance with applicable law — including the EU AI Act (Articles 13, 50, and 86), California CCPA/CPRA ADMT regulations, the Utah AI Policy Act, and other transparency requirements — we provide the following disclosures.

6.1 AI Systems in Use

•       Artist Application Summary System: Uses a large language model (LLM) to analyze artist submission materials and generate structured evaluation summaries. All summaries are reviewed, annotated, and curated by a Monochronicle professional before delivery. Outputs are labeled as AI-assisted and are professional consulting deliverables, not autonomous automated decisions.

•       Knowledge Base (RAG system): A retrieval-augmented generation system that answers user queries based on curated, Monochronicle-maintained content covering public art procurement, grant guidance, open call best practices, and jury selection methodology.

•       AI-Assisted Consulting Tools: AI tools including custom prompt frameworks are used internally by Monochronicle professionals to assist in drafting program assessments, eligibility criteria, scoring rubrics, and evaluation frameworks for consulting clients.

6.2 AI Provider — Google Gemini via Vertex AI

Our AI processing is powered by Google Gemini accessed through Google Cloud’s Vertex AI enterprise platform. Google’s commitments include:

•       Google will not use your data to train or fine-tune AI models without prior explicit permission (Google Service Specific Terms, Section 17 "Training Restriction")

•       All data is encrypted in transit (TLS) and at rest (AES-256)

•       Vertex AI holds SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001, FedRAMP, and HIPAA certifications

•       Google provides IP indemnification for outputs generated through the Vertex AI enterprise platform

•       Data residency is configured to the United States

For EU users: Google Cloud is covered under the Google Cloud Data Processing Addendum, incorporating Standard Contractual Clauses for GDPR-compliant data transfers.

6.3 Human Expert Review — No Automated Decisions

Monochronicle does not use automated decision-making to make consequential decisions about artists or arts programs without human expert review. All AI-generated outputs delivered to clients are reviewed, annotated, and curated by a qualified Monochronicle professional before delivery. Our Pay-Per-Review service is a professional consulting deliverable, not an autonomous AI output. This design means that standard ADMT compliance obligations under CCPA/CPRA and GDPR Article 22 do not apply to our current service delivery model.

6.4 AI Accuracy Disclaimer

AI-generated content used in our services may contain errors or inaccuracies. All final deliverables incorporate professional human review, but clients should independently verify information before relying on it for consequential decisions. This is consistent with Google’s own guidance that AI outputs can be plausible-sounding but factually incorrect and that users should validate outputs before use.

6.5 Ownership and Permitted Use of Deliverables

Ownership, licensing, and permitted uses of Monochronicle’s AI-assisted reports and consulting deliverables are contractual matters governed by our Terms and Conditions of Use (see Sections 3, 4, and 7 of the Terms), not by this Privacy Policy.

6.6 AI Training — Opt-In Required

We will not use your submitted content or personal data to train or fine-tune AI models without your separate, explicit, affirmative opt-in consent. This applies equally to artist materials submitted by arts organizations. Consent is voluntary, not required to use any service, and revocable at any time.

6.7 Training Data and Third-Party IP Risk

While Google provides IP indemnification to Monochronicle for Vertex AI outputs, Monochronicle makes no independent warranty that AI-assisted outputs are free from third-party intellectual property claims. AI training data transparency information, as required under California AB 2013 (effective January 1, 2026), is published at monochronicle.com/ai-transparency. Arts organizations that provide artist materials for AI processing represent and warrant that they have lawful authority to do so.

6.8 AI Governance — NIST AI RMF

Monochronicle’s AI systems are governed by an internal AI Risk Management Framework based on the NIST AI Risk Management Framework 1.0 (Govern, Map, Measure, Manage), covering risk classification, bias monitoring, human oversight requirements, incident response, and regulatory compliance. The framework is reviewed annually.

7. AI Training Consent

We will not use any content you submit — including artist portfolios, application materials, consulting documents, or personal data — to train, fine-tune, or improve AI models without your separate explicit opt-in consent. Consent is voluntary, granular, revocable at any time, and documented with timestamps.

8. How We Store and Protect Your Data

•       Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)

•       Access controls: Role-based access limiting data exposure to authorized personnel only

•       Data minimization: Only data necessary for each AI processing task is included in prompts sent to the AI system

•       Security audits: Regular security assessments and vulnerability reviews

•       Incident response: Documented breach response procedures consistent with GDPR (72-hour notification) and applicable US state breach notification laws

8.1 Data Retention Schedule

Data Type

Retention Period

Account and profile data

Duration of account + 30 days after deletion (residual copies may persist in routine encrypted backups for up to 90 days)

Artist materials (Pay-Per-Review)

Deleted within 60 days of report delivery

Consulting engagement documents

Duration of engagement + 90 days

Knowledge base query logs

90 days; aggregated anonymized data longer

Transaction and billing records

7 years (legal and tax obligation)

Consent records

Duration of account + 5 years

9. Sharing Your Data

We do not sell your personal information. We share data only as follows:

•       Client delivery: AI-assisted evaluation reports are delivered to the arts organization that commissioned the service

•       Service providers: Trusted vendors including our AI infrastructure provider (Google Cloud / Vertex AI) under Data Processing Agreements prohibiting secondary use

•       Payment processors: Payment providers such as PayPal, which receive only the information necessary to process transactions and payouts

•       Legal compliance: Where required by law, court order, or regulatory authority

•       Business transfers: With prior notice and equivalent privacy protections in connection with a merger or acquisition

•       With your consent: For any purpose not described above

Our primary AI subprocessor is Google Cloud (Vertex AI) under Google’s Cloud Data Processing Addendum. Current subprocessor list: monochronicle.com/subprocessors.

10. International Data Transfers

Monochronicle is headquartered in the United States. Data transferred from the EU, EEA, or UK is protected via Standard Contractual Clauses (SCCs), including the UK Addendum where applicable, supported by Transfer Impact Assessments.

11. Your Privacy Rights

To exercise any right, contact [email protected]. We respond within 45 days (CCPA/CPRA) or 30 days (GDPR). Where Monochronicle acts as a data processor for an arts organization (see Section 2), we will forward your request to that organization and assist it in responding.

11.1 California Residents (CCPA/CPRA)

•       Right to know what personal information we collect and how it is used

•       Right to delete your personal information

•       Right to correct inaccurate information

•       Right to opt out of sale or sharing of personal information (we do not sell data)

•       Right to limit the use and disclosure of sensitive personal information

•       Right to opt out of AI training data use at any time

•       Right to non-discrimination for exercising your rights

We honor opt-out preference signals, including the Global Privacy Control (GPC), as required by California law. When our systems detect a GPC signal from your browser, it is treated as a valid request to opt out of the sale or sharing of personal information for that browser.

11.2 EU/UK Residents (GDPR)

•       Right of access (Article 15)

•       Right to rectification (Article 16)

•       Right to erasure (Article 17)

•       Right to restrict processing (Article 18)

•       Right to data portability (Article 20)

•       Right to object to processing based on legitimate interest (Article 21)

•       Right to withdraw consent at any time without affecting prior lawful processing

•       Right to lodge a complaint with your national Data Protection Authority

12. Cookies

•       Strictly Necessary: Required for platform functionality. Cannot be disabled.

•       Analytics: Aggregate usage patterns. Opt-out available.

•       Preference: Settings and personalizations. Opt-out available.

•       Marketing: Only with your explicit consent.

Manage preferences through our Cookie Consent Manager. EU/UK users receive consent prompts before non-essential cookies are placed. We also honor Global Privacy Control (GPC) browser signals as described in Section 11.1.

13. Children’s Privacy

The Platform is intended for users who are at least 18 years of age, and accounts may not be created by anyone under 18. The Platform is not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 for users in the EU/EEA/UK). If you believe we have inadvertently collected data from a child, contact [email protected] and we will delete it promptly.

14. Third-Party Links

The Platform may contain links to external websites. We are not responsible for the privacy practices of third-party sites.

15. Policy Updates

For material changes, we will provide at least 30 days advance notice via email or in-Platform notice. Continued use after the effective date constitutes acceptance.

16. Contact Us

•       General: [email protected]

•       Website: monochronicle.com

•       Mailing address: GNV URBAN ART LLC d/b/a Monochronicle, 3800 SW 20th Ave, APT. 608, Gainesville, Florida, United States 32607

GNV URBAN ART LLC d/b/a Monochronicle | Florida, United States | Patent Pending

Effective July 6, 2026 | This Privacy Policy supersedes all prior versions.