TA

Tattoo Agent

AI-powered business management

Privacy Policy

Last updated: April 3, 2026

Tattoo Agent ("we," "us," or "our") operates the tattooagent.art platform (the "Platform"). This privacy policy explains how we collect, use, store, and share your personal information when you use our services.

This privacy policy is provided as a general guide and does not constitute legal advice. We recommend consulting with a legal professional for compliance with your specific jurisdiction.

1. Information We Collect

Account Information

  • Full name, email address, and password
  • Business name, phone number, and physical address
  • Profile photo or business logo

Payment Information

  • Credit/debit card details (processed securely by Stripe — we do not store card numbers)
  • Billing address and transaction history

Business Content

  • Images you upload (tattoo photos, portfolio work, flash designs, logos)
  • Website content, email templates, and marketing copy
  • Client/contact information you enter into the CRM
  • Appointment and booking data

AI Conversation Data

  • Messages you send to the AI assistant within the dashboard
  • AI-generated responses, drafts, and tool actions taken on your behalf

Automatically Collected Data

  • IP address, browser type, and device information
  • Pages visited and features used (usage analytics)
  • Cookies and local storage data (see Section 7)

2. How We Use Your Information

  • Provide our services: manage your business, build your website, process bookings, and send communications on your behalf
  • AI processing: your conversations and business data are sent to our AI provider to generate responses, draft content, and execute actions you request
  • Email and SMS delivery: send emails and text messages that you compose or approve through the platform
  • Payment processing: charge subscription fees, process client payments, and track usage-based billing
  • Calendar sync: read and write calendar events to keep your appointments in sync
  • Improve our platform: analyze usage patterns to fix bugs and build better features
  • Customer support: respond to your questions and resolve issues

3. Third-Party Services We Share Data With

We use the following third-party services to operate the Platform. Each processes data according to their own privacy policies:

  • Supabase — database hosting and authentication. Stores your account data, business content, and files.
  • Anthropic (Claude AI)— AI processing. Your conversations and relevant business context are sent to Anthropic's API to generate AI responses. Anthropic may process this data in accordance with their usage policies.
  • Stripe — payment processing. Handles subscription billing, client payments, and payouts. Stripe receives your billing information and transaction data.
  • Resend — email delivery. Sends transactional and marketing emails on your behalf. Receives recipient email addresses and email content.
  • Twilio — SMS delivery. Sends and receives text messages. Receives phone numbers and message content.
  • Google Calendar / Microsoft Outlook — calendar sync. Reads and writes events to your connected calendar. Receives appointment details.
  • Vercel — web hosting. Serves the Platform and your business website. May process request logs including IP addresses.

4. Data Retention

  • Active accounts: we retain your data for as long as your account is active and your subscription is current.
  • After cancellation: we retain your data for 90 days after subscription cancellation to allow for reactivation. After 90 days, your business data (website, contacts, messages, templates) is permanently deleted.
  • Account deletion: if you request account deletion, we will remove your personal data within 30 days. Some anonymized usage data may be retained for analytics.
  • Billing records: transaction and billing records are retained for 7 years as required by tax and accounting regulations.

5. Data Security

We use industry-standard security measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS) for all connections
  • Encrypted storage for sensitive credentials (calendar tokens, API keys)
  • Row-level security (RLS) in our database to ensure businesses can only access their own data
  • Secure payment processing through Stripe (PCI DSS compliant)

While we take reasonable precautions, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you
  • Right to correction: request that we correct inaccurate personal data
  • Right to deletion: request that we delete your personal data (subject to legal retention requirements)
  • Right to data portability: request your data in a machine-readable format
  • Right to opt out: opt out of marketing communications at any time
  • Right to restrict processing: request limits on how we process your data

CCPA (California Residents)

California residents have the right to know what personal information is collected, to request deletion of personal information, and to opt out of the sale of personal information. We do not sell your personal information.

GDPR (European Residents)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation including the right to lodge a complaint with a supervisory authority. Our legal basis for processing is contract performance (to provide our services) and legitimate interest (to improve the Platform).

7. Cookies and Local Storage

We use cookies and local storage for:

  • Authentication: keeping you signed in to your account (essential)
  • Session management: maintaining your preferences and application state (essential)
  • Chat widget sessions: identifying returning visitors to the public chat widget (functional)

We do not use third-party advertising or tracking cookies.

8. Children's Privacy

The Platform is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a notice on the Platform. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this privacy policy or want to exercise your data rights, contact us at:

Email: garrett.tattooagent@gmail.com

← Back to Tattoo Agent