T
TattooForm
← TattooForm

Privacy Policy

Last updated: 1 March 2026

TattooForm (“we”, “us”, or “our”) is a B2B SaaS platform that enables tattoo artists and studios to create and manage client inquiry forms. This Privacy Policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.

TattooForm acts as a data processor on behalf of tattoo artists and studios (our customers, who are the data controllers) with respect to their clients' personal data. For data about our own customers (artists and studios), TattooForm acts as the data controller.

1. Data We Collect

For tattoo artists and studio accounts

  • ·Name and email address (registration and profile)
  • ·Profile photo (optional)
  • ·Business name and public URL slug
  • ·Billing information processed via Stripe (we do not store card numbers)
  • ·Form configuration: branding, fields, text content
  • ·Micro-site content: bio, portfolio images, social links
  • ·Usage data: IP address, browser type, pages visited

For clients submitting tattoo inquiry forms

  • ·Name and email address
  • ·Phone number (if provided)
  • ·Tattoo preferences: placement, size, style, description
  • ·Reference images uploaded during form submission
  • ·GDPR consent timestamp
  • ·IP address and user agent at time of submission
  • ·Preferred appointment date (if provided)

Client data is collected on behalf of the tattoo artist or studio whose form the client is completing. The artist/studio is responsible for their clients' data under GDPR.

2. Why We Process Your Data

  • ·To provide the TattooForm service and maintain your account
  • ·To process payments and manage subscriptions (legitimate interest / contract)
  • ·To send transactional emails (submission notifications, password resets)
  • ·To improve the platform and diagnose technical issues
  • ·To comply with our legal obligations

For artist/studio accounts, the legal basis for processing is contract performance (providing the service you signed up for) and legitimate interests.

For client data collected via inquiry forms, the legal basis is the consent provided by the client via the GDPR consent checkbox on the form, as well as the legitimate interests of the tattoo artist/studio in processing booking inquiries.

3. Data Storage & Security

All data is stored within the European Union (Frankfurt, Germany) using Supabase, which provides a PostgreSQL database and encrypted object storage for files.

  • ·Database: encrypted at rest, access controlled via Row Level Security
  • ·File storage: uploaded images stored in private buckets, served via signed URLs
  • ·Connections encrypted in transit via TLS
  • ·Payment data processed and stored by Stripe (PCI DSS Level 1 certified)
  • ·Email delivery via Resend

4. Data Sharing

We do not sell your personal data. We share data only with the following sub-processors as necessary to operate our service:

SupabaseDatabase and file storage (EU — Frankfurt)
StripePayment processing and subscription management
ResendTransactional email delivery

Client submission data is accessible to the tattoo artist or studio who owns the form. It is not shared with any other third parties.

5. Data Retention

  • ·Artist/studio account data: retained until account deletion
  • ·Client submission data: retained until the artist deletes the submission or their account
  • ·Uploaded images: deleted immediately when the artist deletes the submission or account
  • ·Payment records: retained as required by applicable tax and accounting law (typically 7 years)
  • ·Server logs: retained for up to 30 days

6. Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

Right of access

You can request a copy of all personal data we hold about you. Tattoo artists can use the 'Export all data' feature in their account settings.

Right to rectification

You can update your profile information at any time via your account settings.

Right to erasure

You can delete your account and all associated data via Settings → Danger Zone. Tattoo artists can also delete individual client submissions upon client request.

Right to data portability

Tattoo artists can export their data as a structured JSON file from account settings.

Right to restrict processing

You may request that we restrict processing of your data in certain circumstances. Contact us at the address below.

Right to object

You may object to processing based on legitimate interests. Contact us to exercise this right.

Note for clients: If you submitted a tattoo inquiry form and want to exercise your GDPR rights (e.g., request deletion of your data), you should contact the tattoo artist or studio directly. Alternatively, contact us and we will facilitate the request.

7. Cookies

TattooForm uses only essential cookies required for authentication (session token). We do not use advertising, tracking, or analytics cookies. No cookie consent banner is displayed because we do not use non-essential cookies.

8. Contact & Data Protection Inquiries

For any questions about this Privacy Policy, to exercise your GDPR rights, or to report a data protection concern, please contact us at:

TattooForm

Email: privacy@tattooform.app

You also have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have not handled your data in compliance with GDPR.

© 2026 TattooForm. All rights reserved.

Home·Privacy Policy