tattplace logo
Tattplace

Privacy Policy

Last updated: July 2026

Information We Collect

We collect the information necessary for the operation of the Platform. This information may be directly provided by you during registration, onboarding, or editing your profile, or generated automatically through your use of the Platform.

When registering. All users must provide an email address.

During onboarding. Once registered, the account type determines the additional required data:

Artists. Required data: name, image of your Tattoo License (issued by the Department of Health), profile photo, and at least one link.

Studios. Required data: name, phone number, image of your Tattoo Establishment License (issued by the Department of Health), profile photo, physical address, geolocation of the establishment, and at least one link.

When editing your profile. All users may optionally add a description to their profile. Studios may also add a banner image.

When using the Platform. Users generate content that is stored as part of the Platform's operation:

  • portfolio — artists and studios may publish images of their work;
  • reviews — artists and studios may publish ratings;
  • booking and payment history — automatically generated with each reservation and transaction.

The categories of information we collect include:

  • identifiers — name, email address, phone number, and links;
  • professional credentials — image of your Tattoo License or Tattoo Establishment License;
  • visual information — profile photo, portfolio images, and, for studios, a banner image;
  • location data — physical address and geolocation of the studio;
  • commercial information — booking and transaction history;
  • user-generated content — profile descriptions, portfolio, and reviews.

We obtain this information directly from you through registration, onboarding, your profile settings, and your use of the Platform.

Sensitive Data

Tattplace does not intentionally collect special categories of personal data under Article 9 of the GDPR, such as biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.

Age Restriction

The Platform is intended exclusively for individuals who are at least eighteen (18) years of age. Tattplace does not knowingly collect, use, or disclose personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a person under 18, we will take reasonable steps to delete such information promptly.

Use of Information

The personal information we collect is used for the following purposes:

  • facilitating connection and contact between studios and artists — your email address and phone number are published on your public profile with your consent;
  • displaying nearby studios based on your location — artists' real-time location is not stored, only that of the studios;
  • enabling users to review and verify external portfolios outside the Platform;
  • managing and processing reservations;
  • communicating with you regarding your account, reservations, and Platform updates;
  • showcasing user-generated content, including portfolios and reviews;
  • ensuring the security and integrity of the Platform.

Cookies

We currently employ only essential technical cookies that are strictly necessary for the proper functioning of our landing page. We do not utilize tracking, analytics, or advertising cookies at this time. Should we implement such technologies in the future, this Privacy Policy will be updated accordingly, and where required by law, we will seek your prior consent.

Sharing Information

We share your email address with Stripe Connect solely to create an account on the Platform. Once created, you enter and manage your payment data directly with Stripe. Under no circumstances do credit card details reach Tattplace's servers or storage systems. We may also disclose your information if required to do so by applicable law, regulation, or legal process.

International Data Transfers

Your personal data is stored and processed in the United States of America, where our servers and those of our service providers are located.

If you reside in the European Economic Area (EEA), please note that the transfer of your personal data to the United States is based on the Standard Contractual Clauses (SCC) adopted by the European Commission, which ensure an adequate level of protection for personal data.

The payment processor Stripe Connect also transfers personal data outside the EEA under its own Standard Contractual Clauses as an independent data controller. For more information, please refer to Stripe's Privacy Policy.

You may request a copy of the safeguards applied to international transfers by contacting us at contact@tattplace.com.

Data Retention

Your personal data is retained for as long as your account remains active. Upon account deletion, the Platform employs a soft-delete mechanism to preserve relational integrity and historical data. Notwithstanding the foregoing:

  • anonymized or aggregated data that no longer identifies you may be retained indefinitely for analytical and operational purposes;
  • reviews and ratings may remain visible on the Platform after account deletion in anonymized or pseudonymized form;
  • billing and transaction records may be retained for up to seven (7) years following account deletion to comply with tax and legal obligations.

Security

We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction. Such measures include, but are not limited to:

  • HTTPS/TLS encryption for all data in transit;
  • encryption of sensitive data;
  • mandatory authentication;
  • role-based access controls; and
  • restricted access to API endpoints based on authentication and authorization protocols.

Data Breach Notification

In the event of a security breach that compromises your personal data, we will act in accordance with applicable data breach notification laws.

Notification to Authorities. In accordance with the General Data Protection Regulation (GDPR), we will notify the competent supervisory authority within seventy-two (72) hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of users.

Notification to Affected Users. If the breach poses a high risk to your rights and freedoms, we will notify you without undue delay. Such notification will include:

  • the nature of the breach, including the categories and approximate number of affected users;
  • the measures taken or proposed to remedy the breach and mitigate its possible adverse effects;
  • recommendations to mitigate the risks arising from the breach.

Means of Notification. Notifications will be sent via email, through the Platform, or by public notice if circumstances so require.

California Residents. If you reside in California and a breach of your personal data occurs, we will notify you without unreasonable delay to the extent required by the CCPA.

If you have questions about our data breach notification policy, you may contact us at contact@tattplace.com.

Your Rights

To the extent provided by applicable data protection law, you have the following rights regarding your personal data:

  • the right to access your personal data;
  • the right to rectify inaccurate or incomplete data;
  • the right to request deletion of your data (right to erasure);
  • the right to data portability;
  • the right to restrict processing under certain circumstances;
  • the right to object to processing based on legitimate interests;
  • the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
  • the right to lodge a complaint with a competent data protection authority.

To exercise any of these rights, please contact us at contact@tattplace.com. We will respond to your request within thirty (30) calendar days.

California Consumer Privacy Act (CCPA) Rights

If you reside in the State of California, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information. We describe these rights and how to exercise them below.

Right to Know. You have the right to request that we disclose:

  • the categories and specific pieces of personal information we have collected about you;
  • the categories of sources from which such information was collected;
  • the business purpose for collecting such information; and
  • the categories of third parties with whom we share such information.

The categories of personal information we collect include identifiers (name, email address, phone number, and links), professional credentials (tattoo and tattoo establishment licenses), visual information (profile photo, portfolio images, and banner image), location data (physical address and geolocation of the studio), commercial information (booking and transaction history), and user-generated content (profile descriptions, portfolio, and reviews). We obtain this information directly from you through registration, onboarding, your profile settings, and your use of the Platform. We use this data to facilitate connection and contact between studios and artists, enable users to review and verify external portfolios outside the Platform, process reservations, and maintain the security and integrity of the Platform.

No Sale of Data. Tattplace has not sold and does not sell the personal information of its users within the twelve (12) months preceding the effective date of this Policy, as "sale" is defined under the CCPA. Accordingly, there is no right to opt-out of the sale of data to exercise.

Non-Discrimination. We will not discriminate against you in any way for exercising any of your rights under the CCPA.

Methods of Request. You may exercise your CCPA rights by contacting us at contact@tattplace.com. We will respond to your request within thirty (30) calendar days. We may need to verify your identity before processing your request, for which we may request reasonable additional information.

Shine the Light and Eraser Button Rights

Shine the Light. Pursuant to California Civil Code §1798.83, California residents are entitled to request information regarding the disclosure of their personal data to third parties for direct marketing purposes. Tattplace does not share personal information with third parties for direct marketing purposes.

Eraser Button. Although the Platform is intended exclusively for individuals over eighteen (18) years of age, if a minor (as defined by California Civil Code §22581) has posted content on the Platform, such user may request the removal of such content. We will contact any third parties who may have received such content to request its deletion, to the extent required by applicable law.

Other State Privacy Laws

To the extent that other state privacy laws in the United States, including but not limited to the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), and the Connecticut Data Privacy Act (CTDPA), are applicable, Tattplace complies with such laws under the same terms described in this Privacy Policy.

In particular, Tattplace does not sell personal information of its users as "sale" is defined under such laws. Residents of these states have the right to request access, correction, deletion, and portability of their personal data, as well as the right not to be discriminated against for exercising such rights, under the terms described in the preceding sections of this Policy.

Automated Decisions

Tattplace does not currently engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. If we implement such automated decision-making capabilities in the future, we will update this Privacy Policy and, where required by applicable law, provide you with information about the logic involved and the envisaged consequences.

Data Protection Officer

Tattplace has not appointed a Data Protection Officer (DPO) as it currently does not meet the thresholds established under Article 37 of the GDPR that require such appointment.

However, you may contact us regarding any matters relating to the protection of your personal data at contact@tattplace.com. We will periodically assess whether circumstances change and, if so, will appoint a DPO and update this Policy accordingly.

Contact Information

For any inquiries, requests, or concerns regarding this Privacy Policy or our processing of your personal data, please contact us at contact@tattplace.com. You may also direct written correspondence to our physical address: "14018 SW 161 Terrace, Miami, FL 33177, United States".

Modifications

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legal requirements. Material changes will be notified through the Platform or via email. Your continued use of the Platform after the effective date of any modification constitutes your acknowledgement of the updated Privacy Policy.