Legal

Privacy Policy

Last updated: 1 May 2026

The TL;DR version:

We don't store your prompts. We don't store your reference photos. We don't store your generated designs after delivery. We don't sell data to advertisers. We don't track you across the web. We genuinely just want you to make a great tattoo design and leave.

1. Who we are

TattooDesignr ("Service," "we," "us") operates tattoodesignr.com. We are an AI-powered tattoo design generator. We do not have a corporate parent, advertiser network, or data-broker relationships.

2. What data we DO collect

Payment data

When you purchase a design pack, our payment processor Stripe collects:

Your email address (used solely for sending the receipt and download link).
Your billing country (for tax compliance).
Card details (handled entirely by Stripe — we never see them).

Stripe retains transaction records as required by US tax and financial regulations. Their privacy policy applies.

Anonymized usage data

We use Plausible Analytics — a cookieless, privacy-respecting analytics service — to track aggregate site metrics like page visits and conversion rate. Plausible does not use cookies, does not track you across sites, and does not collect personal data. Read about Plausible's approach.

3. What data we do NOT collect or store

Your prompts. Text prompts are sent to our generation pipeline, processed in memory, and deleted immediately after generation completes.
Your reference photos. If you upload reference images, they are streamed to the AI pipeline, used for the single generation, and deleted within minutes. We never write them to persistent storage.
Your generated designs. Once delivered to you, generated designs are deleted from our servers. We do not maintain a personal archive of designs you've created.
Your IP address (long-term). Brief logging for fraud prevention only; logs are rotated within 7 days.
Your demographic data. We don't ask for age, gender, location beyond country, or any other personal characteristic.

4. Cookies

We use one (1) functional cookie: inkpilot_session — a temporary cookie that links your browser to your active checkout session. It expires when you close your browser. It contains no personally identifiable information.

We use no advertising cookies. No tracking pixels. No social-media share buttons that phone home. No fingerprinting.

5. Third-party services

To deliver the Service, we share minimal data with the following processors:

Stripe — payment processing. Receives your email and payment details.
Replicate / OpenAI / Stability AI — AI image generation. Receives your text prompts and reference images temporarily during processing. They have their own privacy policies and data retention rules.
Netlify — site hosting. Receives standard web traffic data.
Resend — email delivery. Receives your email address to send your purchase receipt and download link.

We have data processing agreements (DPAs) with each of these vendors. We do not share data with anyone else.

6. Your rights

Because we don't maintain user accounts or personal records, most data-rights requests don't apply to us in the traditional sense. However:

Right to deletion: If you'd like us to forget your email address from our receipt logs, email hello@tattoodesignr.com and we'll delete it within 30 days.
Right to access: Send the same email; we'll share what little we have (typically: dates of any past purchases tied to your email).
GDPR / CCPA: Residents of the EU, UK, or California have additional rights under their local laws. Same email address; we honor all valid requests.

7. Children's privacy

TattooDesignr is not intended for users under 18. Tattoos require legal consent — most US states require 18+. We do not knowingly collect data from minors. If we learn we've collected data from a minor, we delete it.

8. International users

TattooDesignr is operated from the United States. By using the Service, you consent to the transfer and processing of your data in the US, subject to the limited collection described above. We are GDPR-compliant for EU users via Standard Contractual Clauses with our processors.

9. Security

All site traffic is served over HTTPS. Payment data is handled by Stripe (PCI-DSS Level 1 certified). Our infrastructure runs on Netlify with industry-standard access controls. Generated content is deleted, not just hidden — we use ephemeral filesystems.

10. Changes to this policy

We may update this policy. Material changes will be reflected by an updated "Last updated" date at the top. We'll never weaken our commitments retroactively.

11. Contact

Privacy questions: hello@tattoodesignr.com. We respond within 48 hours.