Privacy Policy

Last updated: November 1, 2025

Quick Summary: We respect your privacy. We collect only what's necessary to provide our AI tattoo generation service. We never sell your data. You control your information. We're GDPR compliant.

1. Who We Are

TattooRed is operated by AI Innovate Solutions, a company registered in England and Wales (Company Number: 15908901).

We are the data controller responsible for your personal information. If you have any questions about this privacy policy or how we handle your data, please contact us at privacy@tattoored.com.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Payment Information: Processed securely through Stripe (we never store your full card details)
  • Tattoo Generation Data: Text prompts, style preferences, images you generate
  • Communication: Messages sent through our contact forms or chat support

2.2 Information Automatically Collected

  • Usage Data: Pages visited, features used, generation history
  • Device Information: Browser type, device type, IP address, operating system
  • Cookies: Essential cookies for authentication and preferences (see Section 6)
  • Analytics: Aggregated, anonymized usage statistics

2.3 AI Chat Data

  • Conversations with Red (our AI assistant) are temporarily stored to improve your experience
  • Chat history is linked to your account for continuity
  • We analyze conversations to improve Red's responses (anonymized)
  • You can delete your chat history anytime from your dashboard

3. How We Use Your Information

We use your personal information to:

  • Provide Services: Generate tattoo designs, process subscriptions, save your creations
  • Improve AI: Train and enhance our AI models for better tattoo generation
  • Communication: Send service updates, respond to inquiries, provide support
  • Security: Prevent fraud, abuse, and unauthorized access
  • Analytics: Understand usage patterns to improve features
  • Legal Compliance: Meet legal obligations and enforce our Terms

⚠️ Important:

We NEVER sell your personal information to third parties. We NEVER use your tattoo designs for marketing without explicit permission.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract: Necessary to provide our services (tattoo generation, account management)
  • Consent: Marketing emails, optional features (you can withdraw anytime)
  • Legitimate Interest: Fraud prevention, service improvement, analytics
  • Legal Obligation: Tax compliance, law enforcement requests

5. Sharing Your Information

We share your information only in these limited circumstances:

5.1 Service Providers

  • Payment Processing: Stripe (PCI-DSS compliant)
  • Hosting & Database: Vercel, Supabase (encrypted storage)
  • AI Services: OpenAI (for chat), ModelsLab (for image generation)
  • Email: Email service providers for transactional emails
  • Analytics: Privacy-focused analytics (anonymized)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

  • Comply with legal processes
  • Enforce our Terms of Service
  • Protect rights, property, or safety of TattooRed, users, or public
  • Prevent fraud or security threats

5.3 Business Transfers

If TattooRed is acquired or merged, your information may be transferred to the new owner (you'll be notified and can delete your account).

6. Cookies & Tracking

We use cookies to:

  • Essential: Keep you logged in, remember preferences
  • Analytics: Understand how you use TattooRed (anonymized)
  • Performance: Improve loading times and user experience

You can control cookies through your browser settings. Note: Disabling essential cookies may limit functionality.

We do NOT use cookies for advertising or third-party tracking.

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Delete your account and data ("right to be forgotten")
  • Portability: Export your data in a readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw Consent: Stop marketing emails or optional features

To exercise your rights, email us at privacy@tattoored.com or use your account settings.

Right to Complain: You can lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

8. Data Retention

  • Active Accounts: Data retained as long as your account is active
  • Deleted Accounts: Data permanently deleted within 90 days
  • Chat History: Stored for 1 year, then automatically deleted
  • Generated Images: Stored indefinitely unless you delete them
  • Legal Requirements: Some data may be retained longer for compliance (e.g., payment records for tax purposes)

9. Data Security

We take security seriously. Measures include:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls (only authorized personnel)
  • Secure third-party providers (SOC 2 compliant)

Note: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed in countries outside the UK/EU (e.g., USA for cloud hosting). We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers certified under Privacy Shield or equivalent frameworks
  • Encryption and security measures exceeding GDPR standards

11. Children's Privacy

TattooRed is not intended for users under 18. We do not knowingly collect information from minors. If we discover we've collected data from someone under 18, we will delete it immediately.

Parents/guardians: If you believe your child has provided us with personal information, contact privacy@tattoored.com.

12. Marketing & Communications

  • Transactional Emails: Account confirmations, password resets (cannot opt-out)
  • Marketing Emails: Product updates, tips, offers (opt-out anytime via unsubscribe link)
  • Push Notifications: Optional (disable in browser/device settings)

We will NEVER spam you. Unsubscribe anytime with one click.

13. Third-Party Links

TattooRed may contain links to external websites (e.g., social media). We are not responsible for the privacy practices of these sites. Please review their privacy policies before providing any information.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "Last Updated" date.

Material changes: We'll notify you via email or prominent notice on the website.

15. Contact Us

Questions about privacy? Reach out to us:

Summary: Your privacy matters. We collect only what's needed, protect it seriously, and give you full control. Questions? We're here: privacy@tattoored.com 🔒

Need tattoo inspiration? 🔥