Back to home

Privacy Policy

Last updated: February 2026

Your privacy matters to us. This policy explains what data we collect, why, and how we protect it. We comply with the EU General Data Protection Regulation (GDPR).

1. Who We Are

InkPoke is operated by AMINE DEV SASU, registered in France. We are the data controller for the personal data processed through our platform at inkpoke.com.

For any privacy-related questions, contact us at privacy@inkpoke.com.

2. Data We Collect

Account Information

When you create an account, we collect your name, email address, and phone number. If you represent a studio, we may also collect your business name and address.

Booking & Client Data

As a tattoo artist using InkPoke, you store client information and booking details (dates, notes, reference images, deposit amounts). You are the data controller for your clients' data — InkPoke acts as a data processor on your behalf.

Payment Information

Payment details (card numbers, billing addresses) are collected and processed directly by Stripe. We do not store your full payment details on our servers. We only receive confirmation of payment status and a partial card reference.

Usage Data

We collect anonymized usage data to improve the platform, including pages visited, features used, browser type, device information, and IP address.

3. Why We Collect Your Data

We process your personal data for the following purposes:

  • Providing the service — managing your account, processing bookings, and enabling platform features
  • Processing payments — handling subscriptions and billing through Stripe
  • Communication — sending transactional emails (booking confirmations, receipts, account updates)
  • Improving the platform — analyzing usage patterns to enhance features and fix issues
  • Legal compliance — meeting our obligations under French and EU law

Our legal bases for processing under GDPR are: contract performance (providing the service you signed up for), legitimate interest (platform improvement and security), consent (marketing emails), and legal obligation (tax and accounting requirements).

4. Third-Party Services

We use trusted third-party services to operate InkPoke. Each processes data only as necessary for their specific function:

  • Supabase — database hosting and authentication (EU-based infrastructure)
  • Stripe — payment processing (Stripe Privacy Policy)
  • Resend — transactional email delivery
  • Google Analytics — anonymized usage analytics
  • Microsoft Clarity — session replay and heatmaps for UX improvement (data is anonymized)

We have Data Processing Agreements (DPAs) in place with our sub-processors where required by GDPR.

5. Cookies

We use cookies for the following purposes:

  • Essential cookies — required for authentication and core platform functionality
  • Analytics cookies — Google Analytics and Microsoft Clarity use cookies to understand how users interact with the platform

You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are necessary for the platform to function.

6. Data Retention

We retain your data as follows:

  • Account data — kept for the duration of your account, plus 30 days after deletion to allow recovery
  • Booking & client data — kept for the duration of your account; deleted within 90 days of account closure
  • Payment records — retained for 10 years as required by French tax law
  • Usage analytics — anonymized and retained for up to 26 months

7. Your Rights (GDPR)

As a user in the EU, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format (JSON or CSV)
  • Restriction — ask us to limit how we process your data
  • Objection — object to data processing based on legitimate interest
  • Withdraw consent — for any processing based on consent, you can withdraw at any time

To exercise any of these rights, email us at privacy@inkpoke.com. We'll respond within 30 days. You also have the right to lodge a complaint with the French data protection authority (CNIL).

8. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication practices, and regular security reviews. However, no system is 100% secure — we encourage you to use a strong, unique password for your InkPoke account.

9. International Transfers

We prioritize EU-based infrastructure. Where data is processed outside the EU (e.g., certain Stripe or analytics services), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

InkPoke is not intended for users under 18. We do not knowingly collect data from minors. If we learn that we have collected data from someone under 18, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of significant changes via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.

12. Contact Us

For any questions about this privacy policy or your data, contact us:

You can also review our Terms of Service for more information about using InkPoke.