Privacy Policy

• Artists: email, name, city, timezone, payout details via Stripe, Instagram handle if connected (Pro tier).
• Clients (booking on an artist’s mini-site): name, email, phone (optional), tattoo idea description, body placement, approximate size, reference image links.
• Operational data: bookings, payments, soft-holds, intake responses, internal artist notes.

• Date of birth (we use a self-attested 18+ checkbox).
• Medical history (we recommend artists collect this in-person on the day of the appointment).
• Government ID, social security number, or comparable identifiers.
• We don’t sell, rent, or share your data with advertisers.

Client intake submissions are visible only to the Artist they were sent to. Artists’ public mini-site fields (name, city, bio, services, availability) are public by design — that’s the point of the link.

Payments use Stripe Connect Express. We never see card numbers; Stripe handles all PCI-compliant storage.

• Supabase — database, authentication, file storage.
• Stripe — deposit payments and Connect payouts.
• Vercel — hosting + edge delivery.
• Resend — transactional email (booking confirmations, etc.).
• Meta Graph API — only for Pro-tier artists who opt in to Instagram DM integration.
• OpenAI — only for Pro-tier AI auto-reply; processes incoming DM text to generate replies; no DMs are used to train models.

• Account data: kept while the account is active. Deleted (or anonymized for billing/accounting purposes) within 30 days of account deletion.
• Intake reference images: kept in a private bucket; only the owning artist can read. Soft-holds that expire without intake submission are auto-cleaned.
• Payment records: retained per applicable tax/financial regulations (~7 years).

You can request access to, correction of, or deletion of your personal data by emailing hello@inklink.tattoo. Artists can also delete their account from settings (account deletion flow is processed within 48 hours).