Skip to main content
INK'D

Legal

Privacy Policy

Last updated April 15, 2026

This Privacy Policy explains how INK'D (“INK'D,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our website and related services (collectively, the “Services”). Using the Services means you agree to the practices described here. This Policy is part of our Terms of Service.

1. Scope

This Policy describes how INK'D handles information from people who use our website. It does not cover data handled by an Artist outside the Services, by third-party services you choose to connect, or by platforms you visit via outbound links.

2. How the Service Works Today

INK'D is in active development. Understanding what is and is not running is important for understanding what information we actually collect:

  • Your account and content are server-backed. Profiles, requests, proposals, portfolio images, headshots, booking records, notification preferences, and account lifecycle records are stored in our Supabase-backed systems so the service can work across sessions and devices.
  • Reference images attached to requests may be uploaded. When you add reference photos to a request, the files may be stored in Supabase Storage and associated with that request so eligible artists and INK'D operators can review the request context.
  • Payments use Stripe when active for a booking. We use Stripe to process deposits, balances, tips, refunds, and artist payouts. INK'D stores transaction status, amounts, and Stripe reference identifiers, but not full payment card numbers.
  • We send transactional email where configured. Account, request, proposal, booking, review, aftercare, referral, and account-delete emails may be sent through our email provider. Optional email categories can be managed from account settings.
  • We do record product analytics. We use PostHog to capture page views, interactions, and a session replay of your usage so we can debug and improve the product. See Section 8.

3. Information We Collect

  • Account data: name, email address, role (Customer or Artist), city, state or region, and country. Account records are stored in our Supabase database and may be cached locally in your browser for faster loading. INK'D does not store full payment card numbers, and passwordless authentication is handled through our authentication provider.
  • Artist profile data: studio name, bio, styles, portfolio images, hourly rate range, experience, schedule preferences, shop address, visibility settings, and social handles. Artist profile records and related media paths are stored in our Supabase database and storage system. Licenses, certifications, or insurance documents are not currently captured by the Services.
  • Request & booking data: style, placement, size, budget, timeline, color preference, and any free-text description you provide. Request records, drafts, proposals, bookings, messages, approvals, disputes, referrals, reviews, and aftercare records are stored in our Supabase database. Reference photos and design files may be stored in Supabase Storage when you upload them.
  • Health-adjacent information: anything you voluntarily mention in a request description, message, or existing-work field (for example, pregnancy, skin conditions, medications). This is entirely optional. If you include it, it may be stored with the request, booking, message, or project record.
  • Payment data (when payments are active): payment method metadata (type, last four digits, billing ZIP, and Stripe customer / account identifiers). Full card numbers are handled by Stripe and do not reach our systems.
  • Device & usage data: information collected by our hosting and analytics providers, including IP address, browser type, device characteristics, pages viewed, interaction events, referring URL, and timestamps. This is collected at the provider level (Vercel hosting, PostHog analytics).
  • Location data: approximate location derived from IP (by our providers) and the city / region you type into signup and city-filter fields. We do not collect precise GPS location. When you type into a city or address field, the characters you type are sent to a third-party place-autocomplete service (see Section 8).
  • Referral data: the referral slug associated with your account, referral link activity, referral event records, and related credit or eligibility calculations where referral features are active.
  • Inferences: style, budget, and geographic preferences derived from the above to surface matched Artists inside the Services.

4. Sources

We receive information from:

  • You (when you create an account, submit a request, or interact with the site).
  • Your browser (device signals, IP-based approximate location, interaction events).
  • Our service providers (for example, Stripe for payment events, the place-autocomplete provider for address suggestions).

5. How We Use Information

  • Operate the Services and match Customers with Artists.
  • Process deposits and payouts, when that feature is active.
  • Provide support, investigate issues, and enforce our Terms.
  • Detect, prevent, and address fraud, abuse, or safety risks.
  • Analyze usage through product analytics to improve the Services.
  • Communicate with you about changes, issues, or inquiries you initiate.
  • Comply with legal obligations.

6. Legal Bases (EU/UK)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases: performance of a contract (to operate the Services), our legitimate interests (to secure, improve, and market the Services), compliance with legal obligations, and your consent (where required, such as for certain cookies or session recording). You can withdraw consent at any time.

7. How We Share Information

We share information only as described below:

  • With the other party to an interaction. When an Customer submits a request, an Artist responds, or a booking moves forward, each party may see the information needed for that interaction through server-backed request, proposal, booking, messaging, review, and account-lifecycle features.
  • With service providers that help us run the Services (see Section 8).
  • For legal reasons when required by law, subpoena, or valid legal process, or to protect rights, property, or safety.
  • In connection with a business transaction such as a merger, acquisition, financing, or asset sale, with notice to affected users.
  • With your consent for any other purpose disclosed at the time of collection.

We do not sell personal information as that term is defined by most U.S. state privacy laws, and we do not share personal information for cross-context behavioral advertising.

8. Service Providers

We currently rely on the following third-party services:

  • Vercel— hosting, edge delivery, and associated operational logs (including IP addresses and request metadata).
  • Stripe— payment processing, Connect onboarding for Artists, and payouts. Active only when payment features are enabled; see Section 2. Stripe's own privacy policy governs its use of data.
  • PostHog— product analytics and session replay. We enable autocapture of page views and interactions, and we enable session recording. Password and email inputs are masked; other form inputs, including free-text request descriptions, may be captured in session replays and event properties. We associate your sessions with your account name, email, and city/state when you are signed in.
  • Photon / komoot.io— open place-autocomplete provider used by the city and shop-address fields. When you type into those fields, the characters you type are sent directly from your browser to Photon to return suggestions.
  • Unsplash— placeholder imagery used for some demonstration content. No user information is sent to Unsplash.

We may add or replace vendors as the Services evolve. When a vendor materially changes how your information is handled, we will update this list.

9. Local Storage, Cookies & Tracking

INK'D stores durable account, request, proposal, booking, payment, referral, notification, and media records in Supabase. The browser may keep short-lived cached state, analytics identifiers, or UI preferences in cookies, session storage, or localStorage. Clearing site data removes those local copies from your device, but it does not erase records that are stored server-side.

Our application code does not set first-party cookies for authentication or preferences. Cookies you may observe on INK'D are set by our third-party providers:

  • PostHog may set cookies or use localStorage to identify your session for analytics and session replay.
  • Vercel may set cookies for edge routing, load balancing, and request handling.

You can control cookies and site data through your browser settings. Blocking them or clearing them may log you out, reset preferences, and remove local cached copies. We currently do not use cookies for targeted advertising.

10. Your Rights & Choices

Depending on where you live, you may have the right to request access, correction, deletion, portability, restriction, or objection to how your information is handled, and to withdraw consent where consent was the basis for processing.

You can exercise many of these rights directly in account settings:

  • To access or correct your account and content, edit them in the Services.
  • To delete your account, use the account deletion controls in settings or contact us at the address below. Some records may remain for legal, fraud-prevention, payment, chargeback, or safety reasons.
  • To opt out of product analytics and session replay, enable Do Not Track or a tracker-blocking extension, block analytics cookies in your browser, or use PostHog's opt-out mechanism once we expose it in-product.

For information we may hold through our providers (for example, operational logs at Vercel or analytics records at PostHog), email privacy@inkd.design. We will verify your identity before acting on a request. You have the right to lodge a complaint with a supervisory authority.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the rights to know, access, correct, delete, limit use of sensitive personal information, and opt out of sale or sharing for cross-context behavioral advertising. INK'D does not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Categories we may collect or receive include: identifiers, customer records, commercial information, internet or network activity, approximate geolocation, visual information (portfolio, reference, design, review, and aftercare images), professional or employment information (for Artists), and inferences.

How to exercise your rights. Use the account settings controls described in Section 10, or email privacy@inkd.design. You may designate an authorized agent; we will require verification. We will not discriminate against you for exercising your rights.

12. EU / UK Rights

If you are in the EEA, UK, or Switzerland, you have the rights of access, rectification, erasure, restriction, objection, and portability described above, as well as the right to withdraw consent and to lodge a complaint with a supervisory authority in your country of residence. Cross-border transfers are addressed in Section 16.

13. Data Retention

Data you create in the Services is retained in our server-side systems for as long as needed to operate the account, support bookings, satisfy legal and payment obligations, resolve disputes, preserve audit logs, and enforce safety or anti-abuse controls.

Our providers retain data per their own retention schedules: Stripe retains transactional records as required by applicable financial regulation (generally multi-year), Vercel retains operational logs for a limited window, and PostHog retains event and session-replay data subject to the retention settings of our account. Account deletion starts a grace period and then removes or anonymizes account data except where retention is required for legal, security, payment, dispute, tax, or abuse-prevention reasons.

14. Security

Network traffic between your browser and INK'D is encrypted via HTTPS. We rely on the security controls of our providers (Vercel, Stripe, PostHog) for the portions of the Services they handle. No system is perfectly secure; you are responsible for keeping your device secure and for notifying us at security@inkd.design of any suspected issue.

15. Children & Age

The Services are intended for adults. Tattoo services are generally regulated as an adult activity, and INK'D is not designed for use by anyone under 18. We do not currently verify age at signup; if you are under 18, please do not create an account or submit a request. If you believe a child has provided us personal information, contact privacy@inkd.design and we will address the account and any associated data.

16. International Transfers

We are based in the United States, and our providers operate in the U.S. and other countries. If you access the Services from outside the U.S., information captured by our providers may be transferred to, stored, and processed in the U.S. or other jurisdictions. For transfers from the EEA, UK, or Switzerland, we and our providers rely on appropriate safeguards (for example, the EU Standard Contractual Clauses) where required.

17. Automated Matching

We use automated matching to surface Artists based on style, location, and budget. These matches are recommendations; you choose the Artist you engage. Automated decision-making does not produce legal or similarly significant effects on you without human involvement.

18. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted here with a new effective date. Because INK'D is actively under development, we expect this Policy to evolve as features turn on. Your continued use after changes take effect constitutes acceptance.

19. Contact

Questions about this Policy or your information? Get in touch or email privacy@inkd.design. Mailing address: INK'D, 600 Guadalupe St., Austin, TX 78701, USA.