InkOps
Privacy Policy
This Privacy Policy describes how InkOps ("InkOps," "we," "us," or "our") collects, uses, and shares information when you use the InkOps mobile application and related services (collectively, the "Service"). InkOps is a software platform built for tattoo artists, tattoo studios, and the clients those studios serve.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Who we are
The Service is operated by InkOps. For privacy questions, data-access requests, or account deletion requests, contact us at privacy@inkops.studio.
Postal address: [BUSINESS_ADDRESS — fill in before public launch]
2. Information we collect
The categories below mirror the data declarations in our App Store privacy manifest (PrivacyInfo.xcprivacy). We collect only what we need to operate the Service. None of the categories below are used to track you across other apps or websites; we do not contact tracking domains.
Contact information
| What | Why |
|---|---|
| Name | Display in your account, on bookings, and in client records. |
| Email address | Account login, transactional notifications, customer support. |
| Phone number | Optional booking reminders by SMS (only if you opt in). |
| Physical address | Studio address (public on your studio profile); client billing address only when you enter one for payment. |
Health and tattoo metadata
If you choose to use the touch-up reminder feature, the app stores tattoo-related attributes you enter — Fitzpatrick skin type, sun-exposure level, ink-color palette — to estimate when a tattoo may need a touch-up. We treat this as health-adjacent information, not clinical health information. We do not sell or share this data, and we do not act as a HIPAA-covered entity.
Financial information
When a payment is processed through the Service, we record the amount, tip, status, and the last four digits of the card used. Full card numbers never touch our servers — payments are tokenized through Stripe (PCI DSS Level 1 service provider) under the SAQ-A merchant scope.
Identifiers
| What | Why |
|---|---|
| User ID | Server-generated UUID assigned to your account. |
| Device ID (APNs token) | Required to deliver push notifications to your specific device. Apple controls the underlying token; we store only the version Apple gives us. |
User content
| What | Why |
|---|---|
| Photos and videos | Reference photos for bookings, artist portfolios, in-progress and final session photos, end-of-session captures. |
| Customer-support submissions | Bug reports, feature requests, and feedback you send through the in-app feedback form. App version and device model are auto-attached for diagnostic context. |
| Other content you author | Tattoo story field, session notes, booking notes, and artist bio. |
Diagnostics
| What | Why |
|---|---|
| Crash data | Standard iOS crash reports — only when you have system-level diagnostic sharing enabled with Apple. |
| Performance data | Aggregated server-side metrics (latency, error rates). Not linked to specific users at the metric level. |
3. How we use your information
- To provide, maintain, and operate the Service.
- To process payments and refunds.
- To send transactional notifications (booking confirmations, reminders, aftercare prompts, account-security messages).
- To respond to your support requests.
- To diagnose, fix, and improve the Service.
- To enforce our Terms of Service and protect the rights, safety, and property of users.
- To comply with legal obligations.
We do not use your information for advertising, profile-building for third-party sale, or any form of cross-app tracking.
4. How we share information
We share information only with service providers who help us operate the Service, and only the minimum information necessary. Today's sub-processors are:
| Provider | Purpose | Data shared |
|---|---|---|
| Apple, Inc. | App distribution, push-notification delivery (APNs), in-app sign-in (Sign in with Apple, when enabled). | Device push token; account email if Sign in with Apple is used. |
| Stripe, Inc. | Payment processing. | Card data (entered directly into Stripe-hosted UI), payment amount, currency, customer email. |
| Cloud hosting providers | Application hosting, database, file storage. | All collected data, encrypted in transit and at rest. |
We do not sell your personal information, and we do not share it with advertisers or data brokers.
We may disclose information if required by law, valid legal process (subpoena, warrant), to protect rights or safety, or in connection with a merger, acquisition, or sale of assets — in which case any successor entity will be bound by this Privacy Policy or notify you of any change.
5. How long we keep your information
We retain your information for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or de-identify your personal information within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes (typically up to 7 years for financial records).
6. How we protect your information
- All data in transit is encrypted with TLS 1.2 or higher.
- Sensitive client fields (email, phone, legal name) are encrypted at rest.
- Authentication tokens are stored in the iOS Keychain on your device.
- We follow the NIST Cybersecurity Framework (CSF) for security program design.
- Card data is tokenized by Stripe and never stored on our servers.
No system can guarantee absolute security. If we discover a security incident affecting your information, we will notify you in accordance with applicable law.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information (subject to retention obligations described above).
- Export your information in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, email privacy@inkops.studio from the email address on your account. We will respond within 30 days. If you are in the European Economic Area, the United Kingdom, or California, you also have the right to lodge a complaint with your local data-protection authority.
8. Children
The Service is not intended for users under 18. The app enforces an age gate at signup. We do not knowingly collect information from children under 13 (or under 16 in the EEA). If you believe a child has given us their information, contact us and we will delete it.
9. International users
InkOps is operated from the United States. If you use the Service from outside the United States, your information will be transferred to and processed in the United States. We use standard contractual clauses or equivalent safeguards where required by law.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top and, for material changes, give you reasonable advance notice (in-app or by email). Your continued use of the Service after the effective date of an update means you accept the updated policy.
11. Contact us
Questions, complaints, or rights requests: privacy@inkops.studio.