a quiet document · binding
Privacy Notice
last updated · February 2026
This Privacy Notice for TattooProof ("we", "us" or "our") describes how and why we may access, collect, store, use and/or share ("process") your personal information when you use our services (the "Services"), including when you:
- — Visit our website, web app, or any other property of ours that links to this Privacy Notice.
- — Use TattooProof. TattooProof is an AI-assisted tattoo-discovery service that helps you describe what a tattoo means to you, answer guided questions, refine style, size, body placement and color preferences, generate concept images and on-body mockups, and export an artist-ready brief.
- — Engage with us in other related ways, including any marketing or events.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use the Services. Contact us at privacy@tattooproof.com.
summary of key points
The short version
What information do we process? The personal details you give us (name, email, profile picture from your Google sign-in), the tattoo descriptions, memories, stories and prompts you enter, photos of existing tattoos you upload, the body-placement and style preferences you choose, the AI-generated concepts and mockups we produce for you, your PDF / shareable brief exports, and your payment and subscription status. See section 1.
Do we process sensitive information? No.
Do we collect information from third parties? We receive profile data from your Google sign-in (and, in the future, Apple Sign-In) and transaction status from Stripe — nothing else.
How do we process your information? To run the discovery conversation, generate your tattoo concepts and brief, process payments, keep your account secure, and comply with law. We never sell your data. See section 2.
Who do we share with? Only the service providers we need to deliver the product: authentication (Google), AI processing (OpenAI via Emergent's managed integration), payments (Stripe), and our hosting infrastructure. See section 4.
What are your rights? Depending on where you live, you have the right to access, correct, port, restrict, or delete your personal data — and to permanently delete your account from your studio with one click. See sections 12, 14 and 17.
1.
What information do we collect?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you sign in, when you participate in the discovery conversation, when you upload a photo of an existing tattoo, when you generate concepts and briefs, when you purchase a paid unlock, or when you otherwise contact us.
Personal information you provide may include:
- — Account data: name, email address and profile picture (received from Google when you sign in).
- — Tattoo descriptions, memories, stories, intentions and prompts you type into the discovery flow.
- — Photos of existing tattoos and reference images you upload (for redesign projects).
- — Body-placement preferences (forearm, ribs, etc.), chosen style, size and color preferences.
- — AI-generated outputs we produce for you: tattoo concept images, on-body mockups and the synthesized brief. You own everything you put into TattooProof and everything we generate for you — TattooProof claims no ownership over your intellectual property.
- — PDF exports and shareable-brief URLs you create.
- — Contact preferences.
Sensitive information. We do not process sensitive information (racial or ethnic origin, religious or political beliefs, health, biometric or sexual-orientation data).
Payment data. When you upgrade we collect data necessary to process your payment. All card data is handled and stored by Stripe; we never see or store your full card number, CVV or bank details. Stripe's privacy notice is at https://stripe.com/privacy. We store the Stripe session ID, the package purchased, the amount, the payment status and timestamps.
Social media login data. You sign in to TattooProof using your Google account (and, in the future, with Apple Sign-In). We receive from the provider only your name, email address and profile picture. We never receive your password. See section 7.
All personal information you provide must be true, complete and accurate, and you must notify us of any changes.
Information automatically collected
In Short: Some information — such as your IP address and device characteristics — is collected automatically when you visit the Services.
This information does not reveal your specific identity but may include:
- — Log & usage data. Server-side request logs (IP address, browser, timestamps, request paths, response codes) used to debug errors, detect abuse and keep the service running.
- — Device data. Browser type, operating system, hardware model and similar diagnostic data sent by your browser.
Google API
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
2.
How do we process your information?
In Short: We process your information to provide, improve and administer the Services, generate your tattoo concepts and brief, process payments, communicate with you, prevent abuse, and comply with law.
We process your personal information for the following reasons:
- — To create and authenticate accounts. So you can sign in, save projects, and return to them.
- — To deliver the Service. To run the discovery conversation, generate tattoo concept images, on-body mockups and the artist-ready brief, and to make those outputs available to you across devices.
- — To process payments. To take your payment via Stripe and apply your unlock entitlements to your projects or subscription.
- — To respond to support requests. To resolve any issues you may have.
- — To send administrative messages. Receipts, security alerts, deletion confirmations and material changes to our Terms or this Notice.
- — To prevent fraud and abuse. To detect misuse of generation quotas, payment fraud, and content that violates our Acceptable Use rules.
- — To protect vital interests. Where strictly necessary to prevent harm.
Limited-purpose AI processing. Your inputs — the words you write and the photos you upload — are sent over encrypted connections to our AI processing partner solely to produce your tattoo concept and brief. They are not used to train any third-party model. See section 6.
3.
What legal bases do we rely on?
In Short: We only process your personal information when we have a valid legal basis to do so under applicable law — your consent, the performance of our contract with you, a legitimate interest, a legal obligation, or to protect vital interests.
If you are in the EU or UK:
- — Consent. Where you have given us permission to use your information for a specific purpose. You can withdraw consent at any time.
- — Performance of a contract. Where processing is necessary to provide the Services you have asked for.
- — Legitimate interests. Where processing is necessary for our legitimate interests (e.g. fraud prevention, keeping the service running) and not overridden by your rights.
- — Legal obligations. Where processing is needed to comply with our legal obligations, cooperate with a law-enforcement body, or defend our legal rights.
- — Vital interests. Where processing is needed to protect your vital interests or those of a third party.
If you are in Canada:
We process your information under your express or implied consent, which you may withdraw at any time. In limited cases (e.g. fraud investigations, legal obligations, journalistic purposes), Canadian law permits processing without consent.
6.
Do we offer AI-based products?
In Short: Yes. The discovery conversation, brief synthesis, concept image generation and on-body mockups are powered by AI.
We provide our AI features through third-party AI service providers ("AI Service Providers"), currently OpenAI, accessed via Emergent's managed integration. Your inputs, outputs and personal information shared with the AI Service Provider are processed transiently and only to deliver the requested output to you. Our AI providers contractually agree not to use your data to train their general-purpose models on your behalf.
Our AI features include:
- — Conversational discovery (text generation).
- — Brief synthesis (structured text generation).
- — Tattoo concept image generation.
- — On-body realistic mockup generation.
- — Vision-based description of uploaded existing tattoos (redesign flow).
You must not use our AI features in any way that violates the terms or policies of our AI Service Providers, or in any way prohibited by our Terms of Service.
8.
Is your information transferred internationally?
In Short: Our servers are located in the United States. Your information may be transferred to, stored and processed in countries other than your own.
If you reside in the European Economic Area (EEA), the United Kingdom or Switzerland, these countries may not have data-protection laws as comprehensive as your own. Where personal data is transferred out of the EEA or UK, we rely on the European Commission's Standard Contractual Clauses and equivalent safeguards with our sub-processors. Copies of the relevant clauses are available on request from privacy@tattooproof.com.
9.
How long do we keep your information?
In Short: We keep your personal information only for as long as it is necessary, or as long as you have an account with us.
Account data, project content, uploaded photos, generated concepts and briefs are retained for as long as your account exists. If you delete an individual project, its contents are permanently removed from our active database.
Payment-transaction records are retained for up to seven (7) years to satisfy tax and accounting obligations, after which they are anonymized.
When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or — where this is not possible (for example because it has been stored in backups) — isolate it from further processing until deletion is possible. Backups roll over within 30 days.
10.
How do we keep your information safe?
In Short: We protect your information with organizational and technical security measures.
All traffic to TattooProof is encrypted in transit (TLS). Sessions use httpOnly, Secure cookies. Photos and generated artwork are stored on managed infrastructure with access restricted to the application. Despite our safeguards, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. Transmission of personal information to and from the Services is at your own risk; please only access TattooProof within a secure environment.
11.
Do we collect information from minors?
In Short: We do not knowingly collect data from anyone under 18.
TattooProof is not directed at and may not be used by anyone under 18 (or the equivalent age of majority in your jurisdiction). By using the Services you represent that you meet this age requirement. If we learn that we have collected information from a minor we will promptly deactivate the account and delete the data. If you believe we may hold data from a minor please contact us at privacy@tattooproof.com.
12.
What are your privacy rights?
In Short: Depending on where you live, you may have the right to access, correct, port, restrict or delete your personal data. You may review, change or terminate your account at any time from your studio.
In regions including the EEA, the UK, Switzerland and Canada, you have the right to (i) request access to and obtain a copy of your personal information; (ii) request rectification or erasure; (iii) restrict the processing of your information; (iv) where applicable, data portability; and (v) not be subject to solely automated decision-making producing legal or similarly significant effects. You may exercise these rights by emailing privacy@tattooproof.com.
If you are in the EEA or UK and believe we are unlawfully processing your personal information, you also have the right to lodge a complaint with your Member State data-protection authority or the UK Information Commissioner's Office. If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing consent. Where we process your personal information based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Account information
To review or change your information you can sign in to your account settings, or contact us at privacy@tattooproof.com. To permanently delete your account, use the Delete my account button in your studio (see section 17). We may retain a minimal set of records — such as payment-transaction history — where law requires.
13.
Controls for Do-Not-Track features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference. No uniform technology standard for recognizing and implementing DNT signals has been finalized; therefore we do not currently respond to DNT browser signals. If a future standard is adopted, we will update this Notice.
14.
Do United States residents have specific privacy rights?
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights regarding your personal information.
Categories of personal information we collect
The table below shows the categories of personal information we have collected in the past twelve (12) months.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email, IP address, online identifier, profile picture, account name. | YES |
| B. Personal information (Cal. Customer Records statute) | Name, contact information, payment information. | YES |
| C. Protected classifications | Race, ethnicity, gender, marital status. | NO |
| D. Commercial information | Subscription / unlock purchase history, Stripe transaction status. | YES |
| E. Biometric information | Fingerprints, voiceprints. | NO |
| F. Internet activity | Diagnostic logs, app interactions. | YES |
| G. Geolocation | Precise device location. | NO |
| H. Audio / sensory / visual | Photos of existing tattoos you upload for redesign; AI-generated concept and mockup images we produce for you. | YES |
| I. Professional / employment | Job-related contact details. | NO |
| J. Education information | Student records. | NO |
| K. Inferences | Profiles built from collected data. | NO |
| L. Sensitive personal information | — | NO |
We retain collected personal information as long as you have an account with us, except for payment-transaction records (see section 9).
Your rights
Depending on the state where you live, you have rights including:
- — Right to know whether we are processing your personal data.
- — Right to access your personal data and obtain a copy.
- — Right to correct inaccuracies.
- — Right to delete your personal data.
- — Right to opt out of targeted advertising, sale of personal data, or significant profiling — none of which we perform.
- — Right to non-discrimination for exercising your rights.
How to exercise your rights
Email privacy@tattooproof.com or use the Delete my account button in your studio. We will verify your identity using information already on file. If we decline a request, you may appeal by replying to our decision; an unresolved appeal may be referred to your state attorney general.
California "Shine The Light" law
California Civil Code §1798.83 permits California residents to request information about categories of personal information disclosed to third parties for direct-marketing purposes. We do not share personal information for third-party direct marketing.
15.
Do we make updates to this Notice?
In Short: Yes — we will update this Notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top. For material changes we will post a prominent in-app notice at least 14 days before they take effect, or notify you by email. We encourage you to review this Notice regularly.
16.
How can you contact us about this Notice?
For questions, requests or concerns: privacy@tattooproof.com.
(A postal contact address will be published once the TattooProof business registration is finalized. Updates will be reflected in this Notice.)
17.
How can you review, update or delete the data we collect from you?
You can review and edit your profile from your studio settings. To permanently delete your account and every project, photo, concept, mockup and brief associated with it, sign in and click Delete my account in the Danger Zone of your studio. The action is immediate and irreversible. Backups are purged within 30 days. Payment-transaction records may be retained for up to seven (7) years to satisfy tax and accounting obligations, after which they are anonymized.
You may also submit a written request to privacy@tattooproof.com and we will respond within 30 days.
also read
Terms of Service →
7.
How do we handle your social logins?
In Short: If you sign in using a third-party account (Google today; Apple in the future), we receive limited profile information from that provider.
When you sign in with Google we receive your name, email address and profile picture. We use this information only for the purposes described in this Privacy Notice. We do not control, and are not responsible for, the independent practices of your social login provider — please review their privacy notice to understand how they handle your data.