Art you wear. stories you carry

 

HattaTatt Privacy Policy

Effective date: August 25, 2025
Who we are: HattaTatt (“HattaTatt,” “we,” “us,” or “our”) provides concierge, by-appointment tattoo services for Cuenca’s English-speaking community, including an AI-assisted design preview process and a private home-studio / in-home experience.

If you have questions, contact us at privacy@hattatatt.com.

1) Scope

This Policy explains how we collect, use, share, and safeguard personal information when you:

  • Visit our websites and app (including app.hattatatt.com),

  • Submit booking requests or inquiries,

  • Use our AI-powered tattoo sketch preview,

  • Pay for services,

  • Receive services at our private studio or in-home within Cuenca city limits,

  • Communicate with us by email, SMS, WhatsApp, or social channels.

This Policy does not cover websites, apps, or services we don’t control.

2) Information We Collect

A. You provide directly

  • Contact & identity: name, email, phone, preferred language, country/city.

  • Booking details: style, placement, size, references, brief, preferred dates/times, location for in-home sessions (address within Cuenca).

  • Design materials: images you upload, notes, prompts, and feedback for previews.

  • Consents & health: consent forms and any medical or skin-related information you choose to disclose to ensure safe tattooing (e.g., allergies, medications, healing considerations).

  • Payments: We use Stripe to process payments. We receive payment confirmations and limited billing details; we do not store full card numbers.

  • Communications: emails, messages, survey responses, and reviews/testimonials.

B. Collected automatically

  • Device & usage: IP address, device/browser type, operating system, pages viewed, interactions, referring URLs, and timestamps.

  • Cookies & similar tech: essential cookies for security and sessions; analytics cookies to understand usage.

C. From third parties (as processors on our behalf)

  • Scheduling & ops: calendar/scheduling and notification providers,

  • Analytics/observability: e.g., error and performance monitoring,

  • AI sketch generation: third-party AI provider processes your prompts, references, and design context to produce preview sketches.

3) How We Use Your Information

  • Provide our services: manage bookings, generate AI design previews, conduct studio or in-home sessions, and deliver aftercare information.

  • Design collaboration: create, refine, and version tattoo sketches (up to three generations unless otherwise stated).

  • Payments & billing: process deposits, balances, refunds, and receipts via Stripe.

  • Safety & hygiene: review consents/health notes to ensure safe tattooing practices.

  • Communication: appointment confirmations, reminders, updates, and service messages.

  • Operations & improvement: troubleshooting, analytics, quality assurance, and feature development.

  • Legal & security: prevent fraud/abuse, enforce terms, comply with law.

  • Marketing (optional): with your consent, send updates or showcase healed work; you may opt out at any time.

AI transparency: When you use our preview feature, your prompts, notes, and reference images are sent to our AI provider to generate a sketch. We contractually aim to limit the use of your content to providing the service. We do not let AI tools train on your content for our own model training without your consent.

4) Legal Bases (EEA/UK/Similar Jurisdictions)

We process personal data based on:

  • Contract (to deliver the services you request),

  • Legitimate interests (service improvement, security, analytics, portfolio with consent controls),

  • Consent (marketing, certain cookies, portfolio permissions, sensitive health notes),

  • Legal obligations (tax, accounting, safety records).

You may withdraw consent at any time, where applicable.

5) Sharing Your Information

We share information only as needed to provide and improve the service or comply with law:

  • Service providers / processors:

    • Payments: Stripe

    • AI preview: AI sketch generation provider

    • Scheduling/notifications: calendar, email/SMS tools

    • Hosting/database/storage: e.g., cloud infrastructure and file storage

    • Analytics/observability: performance, error monitoring

  • Professional advisors: legal, accounting, compliance.

  • Legal & safety: to comply with law, enforce terms, or protect rights/security.

  • With your consent: e.g., portfolio use of photos, testimonials.

We do not sell your personal information.

6) International Transfers

We operate in Ecuador and may use service providers in other countries (e.g., the U.S. or EU). Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect your data across borders.

7) Retention

We keep data only as long as needed for the purposes above or as required by law. Typical periods (adjust as needed):

  • Active bookings & previews: retained for the life of the engagement plus [24 months].

  • Draft/unused bookings: auto-purged after [6 months] of inactivity.

  • Design generations (images/markdown): [12 months], unless you consent to longer retention for your convenience or our internal QA.

  • Consent/medical forms: [5–7 years] (regulatory/health-safety best practices).

  • Payment records (non-card data): [7 years] (tax/accounting).

  • Analytics & logs: [12–18 months].

  • Marketing contacts: until you unsubscribe or after [24 months] of inactivity.

We’ll delete or anonymize data when retention ends, unless a longer period is required by law.

8) Your Choices & Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal information;

  • Port your data;

  • Object to or restrict certain processing;

  • Withdraw consent;

  • Opt out of marketing;

  • Complain to a data protection authority.

To exercise rights, email [privacy@hattatatt.com]. We will verify your request and respond within applicable timelines.

California & similar U.S. state laws: You may have rights to know, delete, correct, and opt out of “sales” or “sharing” for targeted advertising. We do not sell personal information. To exercise state-law rights or appeal a decision, contact us at the address above.

9) Cookies & Tracking

  • Essential cookies: required for security, sessions, fraud prevention.

  • Analytics cookies: help us understand usage and improve the app.

  • No behavioral ads by default: if this changes, we’ll update this Policy and provide controls.

You can manage cookies via your browser settings and (where available) our cookie banner.

10) Children & Teens

Our services are intended for adults (18+). We do not knowingly collect personal information from children. If you believe a minor has provided information, contact us to delete it.

11) Studio, Concierge & Portfolio

  • Home-studio / Concierge sessions: we collect addresses within Cuenca city limits solely to deliver the service. We do not publish your address.

  • Photos & portfolio: we ask permission first before photographing designs on skin or sharing healed work. You can say no—declining does not affect your service. You may revoke previously given permission at any time.

12) Security

We use reasonable administrative, technical, and physical safeguards to protect personal information, including TLS in transit and encrypted storage where supported. No method is 100% secure; if we learn of a breach, we will notify you and regulators when required.

13) Third-Party Links & Social Features

Our site may link to third-party websites or include social features. Their practices are governed by their own policies. Please review those policies before sharing information.

14) Changes to This Policy

We may update this Policy from time to time. We’ll post the new version with an updated effective date and, where required, notify you of material changes.

15) Contact Us

HattaTatt
Cuenca, Ecuador (by appointment only)
Email: [privacy@hattatatt.com]

Quick Summary

  • We collect what we need to book, preview, and safely deliver your tattoo.

  • Your card data goes to Stripe—we don’t store it.

  • AI previews use your prompts/images to generate sketches; used only to provide the service.

  • We don’t sell your data.

  • You control marketing, portfolio consent, and can request access or deletion.

  • In-home sessions use your address only to show up, then it’s kept private.