Privacy Policy
Last updated: July 2026
Information We Collect
We collect the information necessary for the operation of the Platform. This information may be directly provided by you during registration, onboarding, or editing your profile, or generated automatically through your use of the Platform.
When registering. All users must provide an email address.
During onboarding. Once registered, the account type determines the additional required data:
Artists. Required data: name, image of your Tattoo License (issued by the Department of Health), profile photo, and at least one link.
Studios. Required data: name, phone number, image of your Tattoo Establishment License (issued by the Department of Health), profile photo, physical address, geolocation of the establishment, and at least one link.
When editing your profile. All users may optionally add a description to their profile. Studios may also add a banner image.
When using the Platform. Users generate content that is stored as part of the Platform's operation:
- portfolio — artists and studios may publish images of their work;
- reviews — artists and studios may publish ratings;
- booking and payment history — automatically generated with each reservation and transaction.
The categories of information we collect include:
- identifiers — name, email address, phone number, and links;
- professional credentials — image of your Tattoo License or Tattoo Establishment License;
- visual information — profile photo, portfolio images, and, for studios, a banner image;
- location data — physical address and geolocation of the studio;
- commercial information — booking and transaction history;
- user-generated content — profile descriptions, portfolio, and reviews.
We obtain this information directly from you through registration, onboarding, your profile settings, and your use of the Platform.
Sensitive Data
Tattplace does not intentionally collect special categories of personal data under Article 9 of the GDPR, such as biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.
Age Restriction
The Platform is intended exclusively for individuals who are at least eighteen (18) years of age. Tattplace does not knowingly collect, use, or disclose personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a person under 18, we will take reasonable steps to delete such information promptly.
Use of Information
The personal information we collect is used for the following purposes:
- facilitating connection and contact between studios and artists — your email address and phone number are published on your public profile with your consent;
- displaying nearby studios based on your location — artists' real-time location is not stored, only that of the studios;
- enabling users to review and verify external portfolios outside the Platform;
- managing and processing reservations;
- communicating with you regarding your account, reservations, and Platform updates;
- showcasing user-generated content, including portfolios and reviews;
- ensuring the security and integrity of the Platform.
Legal Basis for Processing (GDPR)
To the extent that the General Data Protection Regulation (GDPR) applies, we process your personal data on the following legal bases:
- Contract performance — registration, account administration, and reservation processing are necessary for the performance of our agreement with you;
- Consent — location data is processed based on your express consent, which you may withdraw at any time;
- Legitimate interest — displaying reviews and ratings serves our legitimate interest in enabling informed decision-making by Platform users;
- Legal obligation — retention of billing and transaction records is necessary to comply with applicable tax and regulatory obligations.
Third-Party Links
The Platform may contain links to third-party websites or services, including but not limited to social media, external artist and studio portfolios, and the payment processor Stripe.
Tattplace does not control and is not responsible for the privacy practices, terms, or content of such third parties. We recommend that you review the privacy policies and terms of service of any third-party website or service you visit.
The inclusion of any link to a third-party website or service on the Platform does not imply endorsement, affiliation, or warranty by Tattplace with respect to such third party.
International Data Transfers
Your personal data is stored and processed in the United States of America, where our servers and those of our service providers are located.
If you reside in the European Economic Area (EEA), please note that the transfer of your personal data to the United States is based on the Standard Contractual Clauses (SCC) adopted by the European Commission, which ensure an adequate level of protection for personal data.
The payment processor Stripe Connect also transfers personal data outside the EEA under its own Standard Contractual Clauses as an independent data controller. For more information, please refer to Stripe's Privacy Policy.
You may request a copy of the safeguards applied to international transfers by contacting us at contact@tattplace.com.
Data Retention
Your personal data is retained for as long as your account remains active. Upon account deletion, the Platform employs a soft-delete mechanism to preserve relational integrity and historical data. Notwithstanding the foregoing:
- anonymized or aggregated data that no longer identifies you may be retained indefinitely for analytical and operational purposes;
- reviews and ratings may remain visible on the Platform after account deletion in anonymized or pseudonymized form;
- billing and transaction records may be retained for up to seven (7) years following account deletion to comply with tax and legal obligations.
Security
We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction. Such measures include, but are not limited to:
- HTTPS/TLS encryption for all data in transit;
- encryption of sensitive data;
- mandatory authentication;
- role-based access controls; and
- restricted access to API endpoints based on authentication and authorization protocols.
Data Breach Notification
In the event of a security breach that compromises your personal data, we will act in accordance with applicable data breach notification laws.
Notification to Authorities. In accordance with the General Data Protection Regulation (GDPR), we will notify the competent supervisory authority within seventy-two (72) hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of users.
Notification to Affected Users. If the breach poses a high risk to your rights and freedoms, we will notify you without undue delay. Such notification will include:
- the nature of the breach, including the categories and approximate number of affected users;
- the measures taken or proposed to remedy the breach and mitigate its possible adverse effects;
- recommendations to mitigate the risks arising from the breach.
Means of Notification. Notifications will be sent via email, through the Platform, or by public notice if circumstances so require.
California Residents. If you reside in California and a breach of your personal data occurs, we will notify you without unreasonable delay to the extent required by the CCPA.
If you have questions about our data breach notification policy, you may contact us at contact@tattplace.com.
Your Rights
To the extent provided by applicable data protection law, you have the following rights regarding your personal data:
- the right to access your personal data;
- the right to rectify inaccurate or incomplete data;
- the right to request deletion of your data (right to erasure);
- the right to data portability;
- the right to restrict processing under certain circumstances;
- the right to object to processing based on legitimate interests;
- the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
- the right to lodge a complaint with a competent data protection authority.
To exercise any of these rights, please contact us at contact@tattplace.com. We will respond to your request within thirty (30) calendar days.
California Consumer Privacy Act (CCPA) Rights
If you reside in the State of California, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information. We describe these rights and how to exercise them below.
Right to Know. You have the right to request that we disclose:
- the categories and specific pieces of personal information we have collected about you;
- the categories of sources from which such information was collected;
- the business purpose for collecting such information; and
- the categories of third parties with whom we share such information.
The categories of personal information we collect include identifiers (name, email address, phone number, and links), professional credentials (tattoo and tattoo establishment licenses), visual information (profile photo, portfolio images, and banner image), location data (physical address and geolocation of the studio), commercial information (booking and transaction history), and user-generated content (profile descriptions, portfolio, and reviews). We obtain this information directly from you through registration, onboarding, your profile settings, and your use of the Platform. We use this data to facilitate connection and contact between studios and artists, enable users to review and verify external portfolios outside the Platform, process reservations, and maintain the security and integrity of the Platform.
No Sale of Data. Tattplace has not sold and does not sell the personal information of its users within the twelve (12) months preceding the effective date of this Policy, as "sale" is defined under the CCPA. Accordingly, there is no right to opt-out of the sale of data to exercise.
Non-Discrimination. We will not discriminate against you in any way for exercising any of your rights under the CCPA.
Methods of Request. You may exercise your CCPA rights by contacting us at contact@tattplace.com. We will respond to your request within thirty (30) calendar days. We may need to verify your identity before processing your request, for which we may request reasonable additional information.
Shine the Light and Eraser Button Rights
Shine the Light. Pursuant to California Civil Code §1798.83, California residents are entitled to request information regarding the disclosure of their personal data to third parties for direct marketing purposes. Tattplace does not share personal information with third parties for direct marketing purposes.
Eraser Button. Although the Platform is intended exclusively for individuals over eighteen (18) years of age, if a minor (as defined by California Civil Code §22581) has posted content on the Platform, such user may request the removal of such content. We will contact any third parties who may have received such content to request its deletion, to the extent required by applicable law.
Other State Privacy Laws
To the extent that other state privacy laws in the United States, including but not limited to the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), and the Connecticut Data Privacy Act (CTDPA), are applicable, Tattplace complies with such laws under the same terms described in this Privacy Policy.
In particular, Tattplace does not sell personal information of its users as "sale" is defined under such laws. Residents of these states have the right to request access, correction, deletion, and portability of their personal data, as well as the right not to be discriminated against for exercising such rights, under the terms described in the preceding sections of this Policy.
Automated Decisions
Tattplace does not currently engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. If we implement such automated decision-making capabilities in the future, we will update this Privacy Policy and, where required by applicable law, provide you with information about the logic involved and the envisaged consequences.
Data Protection Officer
Tattplace has not appointed a Data Protection Officer (DPO) as it currently does not meet the thresholds established under Article 37 of the GDPR that require such appointment.
However, you may contact us regarding any matters relating to the protection of your personal data at contact@tattplace.com. We will periodically assess whether circumstances change and, if so, will appoint a DPO and update this Policy accordingly.
Contact Information
For any inquiries, requests, or concerns regarding this Privacy Policy or our processing of your personal data, please contact us at contact@tattplace.com. You may also direct written correspondence to our physical address: "14018 SW 161 Terrace, Miami, FL 33177, United States".
Modifications
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legal requirements. Material changes will be notified through the Platform or via email. Your continued use of the Platform after the effective date of any modification constitutes your acknowledgement of the updated Privacy Policy.
