Privacy Policy

1. Scope

This Policy describes how INK'D handles information from people who use our website. It does not cover data handled by an Artist outside the Services, by third-party services you choose to connect, or by platforms you visit via outbound links.

2. How the Service Works Today

INK'D is in active development. Understanding what is and is not running is important for understanding what information we actually collect:

• Your account and content live on your device. Profiles, briefs, proposals, portfolio images, headshots, and booking records are written to your browser's local storage. They do not currently persist to a server we control and are not visible to other users from our systems. Clearing your browser data removes them.
• Reference images attached to briefs are not uploaded. When you add reference photos to a brief, we record only how many images you attached; the files themselves stay in your browser and are not transmitted to INK'D or to any Artist through our Services.
• Payments are not currently active in production. We have built infrastructure to process deposits and artist payouts via Stripe, but those endpoints are gated off on the live site. When we turn payments on, we will update this Policy before taking any transaction.
• We do not send transactional email today. No email delivery provider is wired into the Services, so we are not currently sending account, brief, or booking notifications by email.
• We do record product analytics. We use PostHog to capture page views, interactions, and a session replay of your usage so we can debug and improve the product. See Section 8.

3. Information We Collect

• Account data: name, email address, role (Customer or Artist), city, state or region, and country. Stored on your device; a reduced set (name, email, city, state) is sent to our product-analytics provider to associate your events with your session (see Section 8). INK'D does not store passwords; we do not currently operate a server-side account system.
• Artist profile data: studio name, bio, styles, portfolio images, hourly rate range, experience, schedule preferences, shop address, and social handles. Stored on the Artist's device. Licenses, certifications, or insurance documents are not currently captured by the Services.
• Brief & booking data: style, placement, size, budget, timeline, color preference, and any free-text description you provide. Stored on your device. Reference photos are not transmitted (see Section 2). Brief answers may be included in analytics events.
• Health-adjacent information: anything you voluntarily mention in a brief description or existing-work field (for example, pregnancy, skin conditions, medications). This is entirely optional. If you include it, it is stored on your device and may appear in our analytics events.
• Payment data (when payments are active): payment method metadata (type, last four digits, billing ZIP, and Stripe customer / account identifiers). Full card numbers are handled by Stripe and do not reach our systems.
• Device & usage data: information collected by our hosting and analytics providers, including IP address, browser type, device characteristics, pages viewed, interaction events, referring URL, and timestamps. This is collected at the provider level (Vercel hosting, PostHog analytics).
• Location data: approximate location derived from IP (by our providers) and the city / region you type into signup and city-filter fields. We do not collect precise GPS location. When you type into a city or address field, the characters you type are sent to a third-party place-autocomplete service (see Section 8).
• Referral data: the referral slug associated with your account and a local record of activity on your referral link. The client-referral credits shown on the dashboard are currently illustrative and do not yet reflect real balances.
• Inferences: style, budget, and geographic preferences derived from the above to surface matched Artists inside the Services.

4. Sources

We receive information from:

• You (when you create an account, submit a brief, or interact with the site).
• Your browser (device signals, IP-based approximate location, interaction events).
• Our service providers (for example, Stripe for future payment events, the place-autocomplete provider for address suggestions).

5. How We Use Information

• Operate the Services and match Customers with Artists.
• Process deposits and payouts, when that feature is active.
• Provide support, investigate issues, and enforce our Terms.
• Detect, prevent, and address fraud, abuse, or safety risks.
• Analyze usage through product analytics to improve the Services.
• Communicate with you about changes, issues, or inquiries you initiate.
• Comply with legal obligations.

6. Legal Bases (EU/UK)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases: performance of a contract (to operate the Services), our legitimate interests (to secure, improve, and market the Services), compliance with legal obligations, and your consent (where required, such as for certain cookies or session recording). You can withdraw consent at any time.

7. How We Share Information

We share information only as described below:

• With the other party to an interaction. When an Artist responds to a Customer brief, each party will see the information the other chooses to share. Today, because there is no server-side matching layer in production, this sharing happens only when both parties are using a backend feature that is actively running.
• With service providers that help us run the Services (see Section 8).
• For legal reasons when required by law, subpoena, or valid legal process, or to protect rights, property, or safety.
• In connection with a business transaction such as a merger, acquisition, financing, or asset sale, with notice to affected users.
• With your consent for any other purpose disclosed at the time of collection.

We do not sell personal information as that term is defined by most U.S. state privacy laws, and we do not share personal information for cross-context behavioral advertising.

8. Service Providers

We currently rely on the following third-party services:

• Vercel— hosting, edge delivery, and associated operational logs (including IP addresses and request metadata).
• Stripe— payment processing, Connect onboarding for Artists, and payouts. Active only when payment features are enabled; see Section 2. Stripe's own privacy policy governs its use of data.
• PostHog— product analytics and session replay. We enable autocapture of page views and interactions, and we enable session recording. Password and email inputs are masked; other form inputs, including free-text brief descriptions, may be captured in session replays and event properties. We associate your sessions with your account name, email, and city/state when you are signed in.
• Photon / komoot.io— open place-autocomplete provider used by the city and shop-address fields. When you type into those fields, the characters you type are sent directly from your browser to Photon to return suggestions.
• Unsplash— placeholder imagery used for some demonstration content. No user information is sent to Unsplash.

We do not currently use an email-delivery provider, an authentication provider, or an external database. If we add providers in the future, we will update this list.

9. Local Storage, Cookies & Tracking

INK'D stores most user data in your browser's localStorage. That includes your account record, briefs, proposals, bookings, portfolio images (encoded as data URIs), headshots, and referral data. Clearing site data in your browser will remove these records from your device.

Our application code does not set first-party cookies for authentication or preferences. Cookies you may observe on INK'D are set by our third-party providers:

• PostHog may set cookies or use localStorage to identify your session for analytics and session replay.
• Vercel may set cookies for edge routing, load balancing, and request handling.

You can control cookies and site data through your browser settings. Blocking them or clearing them will log you out and remove your locally stored content. We currently do not use cookies for targeted advertising.

10. Your Rights & Choices

Depending on where you live, you may have the right to request access, correction, deletion, portability, restriction, or objection to how your information is handled, and to withdraw consent where consent was the basis for processing.

Because most of what INK'D “holds” about you is actually stored in your browser, you can exercise most of these rights directly:

• To access or correct your account and content, edit them in the Services.
• To deleteeverything INK'D has stored on your device, log out and clear site data for this domain in your browser settings.
• To opt out of product analytics and session replay, enable Do Not Track or a tracker-blocking extension, block analytics cookies in your browser, or use PostHog's opt-out mechanism once we expose it in-product.

For information we may hold through our providers (for example, operational logs at Vercel or analytics records at PostHog), email privacy@inkd.design. We will verify your identity before acting on a request. You have the right to lodge a complaint with a supervisory authority.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the rights to know, access, correct, delete, limit use of sensitive personal information, and opt out of sale or sharing for cross-context behavioral advertising. INK'D does not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Categories we may collect or receive include: identifiers, customer records, commercial information, internet or network activity, approximate geolocation, visual information (portfolio and reference images you store locally), professional or employment information (for Artists), and inferences.

How to exercise your rights. Use the on-device controls described in Section 10, or email privacy@inkd.design. You may designate an authorized agent; we will require verification. We will not discriminate against you for exercising your rights.

12. EU / UK Rights

If you are in the EEA, UK, or Switzerland, you have the rights of access, rectification, erasure, restriction, objection, and portability described above, as well as the right to withdraw consent and to lodge a complaint with a supervisory authority in your country of residence. Cross-border transfers are addressed in Section 16.

13. Data Retention

Data you create in the Services lives in your browser until you clear it. We do not currently operate a server-side store of account content, so there is no centralized record for us to retain or delete.

Our providers retain data per their own retention schedules: Stripe retains transactional records as required by applicable financial regulation (generally multi-year), Vercel retains operational logs for a limited window, and PostHog retains event and session-replay data subject to the retention settings of our account. When INK'D operates its own server-side systems, we will describe retention here in detail.

14. Security

Network traffic between your browser and INK'D is encrypted via HTTPS. We rely on the security controls of our providers (Vercel, Stripe, PostHog) for the portions of the Services they handle. No system is perfectly secure; you are responsible for keeping your device secure and for notifying us at security@inkd.design of any suspected issue.

15. Children & Age

The Services are intended for adults. Tattoo services are generally regulated as an adult activity, and INK'D is not designed for use by anyone under 18. We do not currently verify age at signup; if you are under 18, please do not create an account or submit a brief. If you believe a child has provided us personal information, contact privacy@inkd.design and we will address the account and any associated data.

16. International Transfers

We are based in the United States, and our providers operate in the U.S. and other countries. If you access the Services from outside the U.S., information captured by our providers may be transferred to, stored, and processed in the U.S. or other jurisdictions. For transfers from the EEA, UK, or Switzerland, we and our providers rely on appropriate safeguards (for example, the EU Standard Contractual Clauses) where required.

17. Automated Matching

We use automated matching to surface Artists based on style, location, and budget. These matches are recommendations; you choose the Artist you engage. Automated decision-making does not produce legal or similarly significant effects on you without human involvement.

18. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted here with a new effective date. Because INK'D is actively under development, we expect this Policy to evolve as features turn on. Your continued use after changes take effect constitutes acceptance.

19. Contact

Questions about this Policy or your information? Get in touch or email privacy@inkd.design. Mailing address: INK'D, 600 Guadalupe St., Austin, TX 78701, USA.