Privacy Policy

1. Introduction

Welcome to TattooDesignsAI ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.tattoodesignsai.com and use our AI-powered tattoo design generation services (the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (for magic link authentication)
• Account preferences and settings

Service Usage:

• Tattoo design prompts and descriptions you submit
• Style preferences and customization choices
• Uploaded images for modification services (gap filler, cover-up)

Communication:

• Messages you send through our contact forms
• Support requests and correspondence

2.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on our Service
• Click-through rates and user interactions
• Device and browser information
• IP address and general location data

Cookies and Tracking Technologies:

• Essential Cookies: Session management, authentication tokens
• Analytics Cookies: Google Analytics for usage patterns (with your consent)
• Functional Cookies: Anonymous rate limiting, user preferences

2.3 AI-Generated Content

Design Generation:

• Prompts submitted to our AI system
• Generated tattoo designs and variations
• User feedback and ratings on generated content

3. How We Use Your Information

3.1 Service Provision

Core Functionality:

• Generate AI-powered tattoo designs based on your prompts
• Manage your account and authentication
• Process payments for premium subscriptions
• Provide customer support and technical assistance

Service Improvement:

• Analyze usage patterns to enhance user experience
• Improve AI model performance and design quality
• Develop new features and functionality

3.2 Legal Bases for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To provide our tattoo generation services
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For analytics cookies and marketing communications
• Legal Obligation: To comply with applicable laws and regulations

4. Third-Party Services and Data Sharing

4.1 AI Processing Services

Runware API:

• We use Runware's AI infrastructure to generate tattoo designs
• Your design prompts are processed through their secure systems
• No personal identification data is shared with Runware
• Data processing is limited to the specific generation request

4.2 Payment Processing

Stripe:

• Payment processing for premium subscriptions
• Credit card information is processed directly by Stripe
• We do not store complete payment card details
• Subject to Stripe's privacy policy and PCI DSS compliance

4.3 Analytics and Performance

Google Analytics:

• Website usage statistics and user behavior analysis
• Anonymous data collection with IP anonymization
• Opt-out available through cookie preferences
• Data retention limited to 26 months

4.4 Infrastructure and Storage

Supabase:

• Secure database hosting for account information
• Data encrypted in transit and at rest
• Located in secure data centers with SOC 2 compliance

5. International Data Transfers

We primarily process data within the United States. When data is transferred internationally, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Certification Programs: Privacy Shield successors and similar frameworks

6. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion
• Design History: Stored for 1 year to enable service improvements
• Payment Records: Maintained for 7 years as required by financial regulations
• Analytics Data: Anonymous usage data retained for up to 26 months
• Support Communications: Kept for 3 years for quality assurance

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Automated Decision-Making: Opt-out of automated profiling

7.2 CCPA Rights (California Users)

• Know: What personal information is collected and how it's used
• Delete: Request deletion of personal information
• Opt-Out: Refuse the sale of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of privacy choices

7.3 Exercising Your Rights

To exercise your privacy rights, contact us at hello@tattoodesignsai.com. We will respond within:

• GDPR requests: 30 days (may be extended by 60 days for complex requests)
• CCPA requests: 45 days (may be extended by 45 days with notice)

8. Cookies and Tracking

8.1 Cookie Categories

Strictly Necessary (Always Active):

• auth-token: User authentication and session management
• anon_gen_window: Anonymous rate limiting for free users
• session: Temporary session data

Analytics (Requires Consent):

• _ga: Google Analytics user identification
• _gid: Google Analytics session identification
• _gat: Google Analytics request throttling

Functional (Requires Consent):

• cookie_consent: Your cookie preferences
• user_preferences: Service customization settings

8.2 Managing Cookies

You can control cookies through:

• Cookie Banner: Accept, reject, or customize preferences
• Browser Settings: Block or delete cookies
• Opt-Out Tools: Google Analytics opt-out browser extension

9. Data Security

We implement comprehensive security measures including:

Technical Safeguards:

• End-to-end encryption for data transmission
• AES-256 encryption for data storage
• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access

Organizational Measures:

• Staff training on data protection principles
• Limited access on a need-to-know basis
• Regular review of data processing activities
• Incident response procedures for data breaches

10. Age Restrictions

Our Service is intended for users who are at least 18 years of age. Given the nature of tattoo-related content, we do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal data from someone under 18, we will delete that information promptly.

11. AI and Automated Decision Making

11.1 AI Content Generation

Our Service uses artificial intelligence to generate tattoo designs based on your input. This automated processing:

• Does not make decisions that significantly affect you legally
• Is limited to creative content generation
• Can be influenced through your prompt modifications
• Does not profile you for marketing or other purposes

11.2 Quality and Accuracy

AI-generated designs are provided for inspiration and reference only. We do not guarantee:

• Accuracy or appropriateness for actual tattooing
• Cultural sensitivity or historical accuracy
• Technical feasibility for tattoo implementation
• Originality or freedom from similarity to existing works

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. Material changes will be communicated through:

• Prominent notice on our website
• Email notification to registered users
• Updated effective date at the top of this policy

Continued use of our Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

For questions about this Privacy Policy or our data practices, please contact us:

For urgent privacy matters or data protection officer communications, please mark your message as "URGENT - DATA PROTECTION."

14. Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of the jurisdiction where our company is domiciled. Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the courts in that jurisdiction, except where prohibited by law.

For EU users, this Privacy Policy is also subject to applicable EU data protection laws, including the General Data Protection Regulation (GDPR).