Privacy Policy

Last updated: 3 June 2026 — Effective immediately.

This Privacy Policy describes how RIO ART NYC LLC ("TattooPro", "we", "us", "our") collects, uses, shares, retains, and deletes personal information when you use the TattooPro mobile application (the "App") and related services available at tabooink.app (collectively, the "Service").

If you do not agree with this Policy, do not use the Service.

1. Who we are

Controller: RIO ART NYC LLC, a New York Limited Liability Company.
Apple Developer ID: 86NUJ7NLN2 · Team ID: 4386WL68CZ.
Contact: [email protected]
Postal address: 516 E 80th St, Apt 25
New York, NY 10075
United States

1.1 Trader Information (EU Digital Services Act — Art. 30 & 31)

For users in the European Union, RIO ART NYC LLC operates as a trader within the meaning of Article 3(f) of Regulation (EU) 2022/2065 (the Digital Services Act). The following information is provided to comply with Articles 30 and 31 of the DSA:

Trader name: RIO ART NYC LLC
Legal form: Limited Liability Company (LLC), registered in the State of New York, United States
Geographic address: 516 E 80th St, Apt 25, New York, NY 10075, United States
Contact for EU users: [email protected] (responses provided in English; queries in other EU official languages welcome and will be answered through translation)
Self-certification of compliance: RIO ART NYC LLC commits to offering only products and services that comply with applicable EU consumer-protection and product-safety law.
Business identification: Apple Developer Program registration (Team ID 4386WL68CZ) constitutes the operator's commercial identifier for digital-storefront purposes.

EU users who believe a service offered through TattooPro does not comply with applicable consumer-protection law may contact us at the address above and we will respond without undue delay.

2. Information we collect

2.1 Information you provide directly

Category	Examples	Why we need it
Identity & account	Display name, email, password (hashed), role (Artist / Client)	Create your account; sign you in
Contact	Phone number (optional), city, country	Allow clients to reach you; geographic discovery
Professional profile (Artists)	Studio name, tattoo styles, portfolio photos, pricing notes, AI assistant tone preferences	Build your public profile shown to clients
Client profile (Clients)	Body-zone preferences, reference photos, intake form answers	Communicate placement and references to your artist
Financial records (Artists only)	Tattoo session amounts, expenses, deductions, state of work	Power your private financial dashboard and tax estimates
Messages	Text and image attachments you send in chat	Deliver chat between artist and client
Appointments	Date, duration, notes	Sync your booking calendar
Tattoo payments (Artists + Clients)	Dollar amount, currency, refundable flag, optional note, linked appointment ID, Stripe Checkout Session ID, Stripe Payment Intent ID once paid	Generate the in-chat payment card and reconcile completed payments back to the artist's dashboard
Stripe Connect account (Artists only, optional)	Stripe-issued connected account ID, account status, charges/payouts capability flags	Route tattoo payments directly to the artist's Stripe account

We do not collect or store your payment card data. Subscription purchases (Plus / Pro / Lifetime) are processed by Apple StoreKit; we receive only an opaque transaction identifier and product ID from Apple to grant entitlement.

Tattoo deposits and full-session payments (introduced in version 1.0.0 build 196) are processed by Stripe Connect. The payment Checkout page is opened in your device's system browser (SFSafariViewController) so you see checkout.stripe.com in the URL bar. Card numbers, Apple Pay credentials, and BNPL provider credentials (Klarna / Affirm) are entered into Stripe's hosted page and are NEVER touched by the TattooPro app or our servers. The artist's connected Stripe account receives the payment DIRECTLY — TattooPro is not in the money path and takes 0% commission (application_fee_amount = 0).

2.2 Information collected automatically

Device identifiers: Firebase Installation ID, Apple Push Notification token (APNs), Firebase Cloud Messaging token. Used solely to deliver push notifications you have enabled.
App Attest tokens: Apple's DeviceCheck App Attest framework returns an attestation token used by Firebase App Check to verify that requests originate from a genuine, unmodified copy of the App. The token contains no personal information.
Crash and performance diagnostics: If you opt in, anonymous crash logs (no personal content) are collected to fix bugs.
System APIs: Per Apple's required-reasons framework, the App reads UserDefaults (CA92.1), file timestamps (C617.1), available disk space (E174.1), and system boot time (35F9.1) for legitimate app functionality only.

2.3 Information from third-party sign-in

If you choose to sign in with Apple or Google, we receive the email and display name associated with your account from the provider. With Sign in with Apple, you may use Apple's "Hide My Email" relay; we honor that.

2.4 Website cookies, analytics and advertising-conversion measurement

Our marketing website at tabooink.app (including pages such as /nyc) uses Google Analytics 4 (GA4) and Google Ads conversion measurement (both via the Google tag, gtag.js, loaded from googletagmanager.com) to understand, in aggregate, how visitors use the site and whether visitors who arrive from one of our Google Ads then tap a "Download on the App Store" button. This helps us measure traffic and improve our advertising. Specifically:

Analytics (GA4): aggregate, non-identifying usage data — pages viewed, approximate (city-level) location from your IP, device type, and where you came from (e.g. Google, a social network, or an AI-assistant citation link). Used only to understand site traffic in aggregate; not used to identify you.
What it processes: a Google advertising cookie identifier, the Google Click Identifier (gclid) appended to the ad's URL, your IP address and browser user-agent, and the event that you clicked an App Store link. It does not collect your name, email, or any account information.
Cookies: Google sets first-party measurement cookies (e.g. _gcl_*) in your browser. These are advertising cookies, used only to attribute an App Store click to one of our ads.
Your choice: where consent is required we rely on your consent. You can opt out of Google's ads personalization at myadcenter.google.com, block or clear cookies in your browser, or install Google's opt-out tools. Declining does not affect your ability to use the Service.

This measurement runs only on the website. The App itself contains no advertising or analytics SDKs and declares NSPrivacyTracking = false (see §3 and §5).

3. How we use your information

To create, authenticate, and secure your account.
To provide the core features you expect (financial dashboard, CRM, chat, appointments, AI suggestions, discovery feed, AI Try-On, etc.).
To deliver push notifications you opted into (chat messages, appointment reminders).
To verify in-app purchases and grant subscription entitlements.
To prevent fraud, abuse, and service disruption (App Check, rate limits).
To comply with legal obligations (tax, accounting, lawful requests).

We do not sell or rent your personal information, and we do not use the information in your account for behavioral advertising or to build advertising profiles of you. The App does not track you across other companies' apps and websites and declares NSPrivacyTracking = false in its privacy manifest. Our marketing website (tabooink.app) uses Google Analytics and Google Ads conversion measurement (described in §2.4) to understand aggregate site traffic and our own ad performance; it uses Google cookies for this but does not link the data to your account or use it for behavioral advertising.

4. AI features and third-party AI processing

The App offers two optional AI features:

Chat reply suggestions for artists. When you tap "Suggest reply" inside an artist–client conversation, the recent thread plus your tone settings are sent to Google Vertex AI (Gemini 2.5 Flash-Lite) through our Cloud Function. The model returns one or more candidate replies. Inputs are not retained for model training by Google when used through Vertex AI per Google's data governance terms.
Forecasting for artists. Aggregate, anonymized historical revenue numbers are sent to a TimesFM 2.5 model running on Google Cloud Run (us-east1) to produce quantile forecasts. No client identifiers are sent.

You can use the App without using either feature. The first time you tap an AI feature, an in-app consent screen explains the data flow and asks for your explicit, opt-in approval, in line with App Store Review Guideline 5.1.2(i).

5. Sharing of information

We share information only with the parties below and only for the purpose stated:

Recipient	Purpose	Data shared
Google LLC (Firebase: Auth, Firestore, Storage, Functions, Cloud Messaging, App Check)	Backend infrastructure	All categories listed in §2 except payment data
Google LLC (Vertex AI, Cloud Run)	AI features (only if you opt in)	Recent chat thread, tone settings, anonymized aggregates
Google LLC (Google Ads + Google Analytics 4 — on the tabooink.app website only, not in the App)	Aggregate website analytics and advertising-conversion measurement (attributing an "App Store" click to one of our Google Ads)	Advertising/analytics cookie IDs, Google Click ID (`gclid`), IP address, browser user-agent, pages viewed, and the App Store-click event. No name, email, or account data.
Apple Inc. (StoreKit 2, APNs, App Attest, Sign in with Apple)	Subscription purchases, push delivery, anti-abuse, sign-in	Opaque transaction IDs, push tokens, attestation tokens, the Apple ID identifier you authorize
Stripe, Inc. (Stripe Connect, Stripe Checkout)	Tattoo deposit and full-session payment processing for in-chat payments — Apple §3.1.3(b) Physical Goods/Services compliant flow	Dollar amount, currency, artist's connected Stripe account ID, optional note, payment status, and (only if you choose to pay) the card / Apple Pay / Klarna / Affirm credentials you enter directly into Stripe's hosted Checkout page. TattooPro never sees your card number.
Klarna Bank AB, Affirm Holdings Inc. (only if the client chooses Buy Now Pay Later at Stripe Checkout)	BNPL financing for tattoo payments. Selected by the client inside Stripe Checkout. Subject to provider eligibility and approval.	Whatever the chosen BNPL provider requires for credit assessment. TattooPro does not interact with Klarna/Affirm directly — the relationship is between the client and the provider through Stripe Checkout.
Law enforcement / regulators	Compliance with valid legal process	Only what is legally required and narrowly tailored

The App contains no third-party advertising or analytics SDKs. The only advertising-related technology we use is Google Ads conversion measurement on the website, described in §2.4.

6. International transfers

Data is processed in the United States and in Google Cloud regions (primarily us-east1 and us-central1). Where required (EEA, UK, Switzerland), transfers rely on Standard Contractual Clauses approved by the European Commission and on Google's supplementary technical and organizational measures.

7. How long we keep your information

Active accounts: as long as your account exists.
After account deletion: we delete personal content within 30 days, except records we must keep for legal reasons (e.g., tax records of completed purchases, anti-fraud logs) which we retain for up to 7 years.
Backups: may persist up to 90 days after deletion, then are overwritten.

8. Account deletion

You can permanently delete your account at any time directly inside the App: Settings → Account → Delete account. The deletion flow:

Removes your profile and all linked records, messages, appointments, and uploads.
Revokes your Sign in with Apple token via Apple's REST endpoint.
Cancels real-time data sync and signs you out on every device.
Active App Store subscriptions are not automatically refunded — you must cancel them through Settings → Apple ID → Subscriptions on your device. Refund eligibility is governed by Apple's policy.

If for any reason you cannot delete in-app, email [email protected] with your account email and we will action the request within 30 days.

9. Your rights

Depending on where you live, you have rights under laws including the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), Brazil's LGPD, and others:

Access — request a copy of the personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — delete your data ("right to be forgotten").
Restriction and objection — limit or object to certain processing.
Portability — receive your data in a machine-readable format.
Withdraw consent at any time, without affecting prior lawful processing.
Lodge a complaint with your supervisory authority (e.g., your national Data Protection Authority, the California Privacy Protection Agency).

To exercise any right, email [email protected]. We respond within 30 days.

10. Children

The Service is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact [email protected] and we will delete the information.

11. Security

We use TLS 1.2+ for all network traffic, Firebase Authentication for identity, Firestore Security Rules to enforce per-user access at the database layer, and Firebase App Check (App Attest) to ensure requests originate from a genuine instance of the App. No system is perfectly secure. If you suspect unauthorized access to your account, contact us immediately.

12. Changes to this Policy

We may update this Policy. The "Last updated" date at the top reflects the most recent version. For material changes we will notify you in-app and via email at least 30 days in advance.

13. Contact

RIO ART NYC LLC
516 E 80th St, Apt 25
New York, NY 10075
United States
Email: [email protected]
General support: [email protected]