Back to Home

Privacy Policy

Last updated: May 5, 2026

1. Introduction

TattooBooking ("we," "us," or "our") operates the TattooBooking platform, a booking and business management service for tattoo artists, shops, and their clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign up as a tattoo artist or shop owner, we also collect your business name, contact details, and shop location.

Booking & Form Submissions

When clients submit booking requests or intake forms, we collect the information provided in those forms, which may include name, email, phone number, tattoo placement preferences, reference images, and other details relevant to the tattoo consultation.

Usage Data

We automatically collect certain information about your device and how you interact with our platform, including IP address, browser type, pages visited, and time spent on pages. This data helps us improve the platform experience.

Images & Files

Clients may upload reference images as part of booking requests. Artists may upload portfolio images and flash designs. These files are stored securely and are only accessible to the relevant parties in a booking interaction.

3. Google User Data — Calendar Integration

If you are a tattoo artist or shop owner, you may choose to connect your Google Calendar to TattooBooking. The connection uses Google OAuth 2.0 and is entirely optional — the platform is fully usable without it.

OAuth Scopes We Request

When you connect, Google asks you to grant the following scopes:

  • https://www.googleapis.com/auth/calendar — read and write events on your Google Calendar, list your calendars, and check availability (busy times).
  • https://www.googleapis.com/auth/userinfo.email — read the email address of the connected Google account so we can display it in your Settings.
  • openid — standard OpenID Connect identifier.

How We Use Google User Data

  • Create, update, and delete events on your Google Calendar when TattooBooking appointments are booked, modified, or cancelled.
  • Read your calendar to detect scheduling conflicts and prevent double-booking.
  • List your secondary calendars so you can choose which ones should block bookings (e.g., a personal calendar).
  • Receive push notifications when you edit or delete an event directly in Google Calendar, so we can keep TattooBooking in sync.
  • Display the connected Google account email in your Settings UI so you can verify which account is linked.

Limited Use of Google User Data

TattooBooking's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We do not use Google user data to serve advertisements.
  • We do not use Google user data to train, develop, or improve generalized AI or machine-learning models.
  • We do not sell, rent, or transfer Google user data to third parties for non-essential purposes.
  • We do not allow human access to Google user data except (a) with your explicit consent, (b) for security investigations, (c) to comply with applicable law, or (d) where the data has been aggregated and is used for internal operations.
  • Google user data is used solely to provide and improve the Calendar sync feature visible to you in your TattooBooking account.

Storage and Retention

Google OAuth access and refresh tokens are stored in our PostgreSQL database (hosted on Railway), transmitted only over TLS, and scoped to your individual artist account. Calendar event content is not duplicated into separate bulk storage — we only persist the Google event ID alongside the corresponding TattooBooking appointment record so the two can be kept in sync. Tokens are retained only for the lifetime of your active connection and are deleted immediately when you disconnect.

Revoking Access and Deleting Your Google Data

You can revoke TattooBooking's access to your Google account at any time, in two ways:

  • From within TattooBooking: open Settings → Calendar Integration and click Disconnect. This stops the calendar push channel, deletes your stored access and refresh tokens, and ends our ability to read or write your calendar.
  • From your Google Account directly: visit https://myaccount.google.com/permissions and remove TattooBooking. We will detect the revocation on the next API call and clear our stored tokens.

To request deletion of any Google-derived data we may still retain (for example, the Google event IDs stored on appointment records), email info@tattoobooking.com from the Google account in question, and we will erase the linked data within 30 days.

4. How We Use Your Information

  • To provide and maintain our booking platform services
  • To process and manage appointment requests between clients and artists
  • To send transactional emails such as booking confirmations, reminders, and account notifications
  • To facilitate communication between clients and artists/shops
  • To improve and optimize the platform based on usage patterns
  • To detect, prevent, and address technical issues or fraudulent activity
  • To comply with legal obligations

5. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

  • Between clients and artists/shops: When a client submits a booking request, the relevant artist or shop receives the submitted information to process the request.
  • Service providers: We use third-party services for email delivery (Resend), cloud hosting (Railway, Vercel), and file storage. These providers only access data as necessary to perform their services.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

6. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure password hashing, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account information for as long as your account is active. Booking records and form submissions are retained to provide ongoing service history to both artists and clients. You may request deletion of your account and associated data by contacting us at info@tattoobooking.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing activities
  • Data portability (receive your data in a structured format)

To exercise these rights, contact us at info@tattoobooking.com.

9. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

TattooBooking is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from someone under 18, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at: info@tattoobooking.com