PRIVACY & security.
Your trust and the security of your data are our top priorities. Here's how we protect them.
Tattoo Studio Pro is built to protect the data you and your clients trust us with. This page explains how we secure your information, who has access to it, and how our practices align with leading privacy standards.
Best-in-Class Infrastructure
Tattoo Studio Pro runs on Google Cloud, one of the most secure and compliant cloud platforms in the world. Your studio data and assets live in Google's data centers, with:
- Encryption at rest and in transit (TLS 1.2+ in transit, AES-256 at rest)
- Regular security audits and third-party certifications
- 24/7 threat detection and monitoring
- Hardened authentication via Google Firebase
Learn more about Google Cloud's privacy and security practices on their official support page.
Payment Security with Stripe
All payments flow through Stripe, a PCI DSS Level 1 certified processor — the highest tier of card-data security:
- Card and bank data are entered directly into Stripe's hosted fields and tokenized before they ever reach our servers.
- No sensitive card or banking details are stored on Tattoo Studio Pro infrastructure.
- All transactions meet PCI DSS compliance standards plus Stripe's additional layers of fraud detection and encryption.
- Studios accepting card payments operate under Stripe Connect, with their own Stripe Express account and full transaction visibility.
For details, see Stripe's security documentation.
Data Privacy Compliance
Our practices are designed to comply with leading international privacy regulations, including:
- GDPR — General Data Protection Regulation (EU/UK)
- CCPA / CPRA — California Consumer Privacy Act and amendments
- Comparable U.S. state privacy laws in Colorado, Connecticut, Virginia, Texas, and others (see our Privacy Policy for the full list)
We collect only the data we need to operate your studio. Your data is never used for advertising, never sold to third parties, and never used to train AI models without your explicit consent.
For the full details, read our Privacy Policy, Cookie Notice, and Terms of Use.
Your Data, Your Control
- You own your data. Customer records, photos, consent forms, health questionnaires, financial records — that's your data, not ours. Our Terms of Use spell this out plainly.
- We host, we don't harvest. Our role is to store and process your data so the platform works. We don't sell it, repackage it, or use it for advertising.
- You can export anytime. Download your data from the platform whenever you want. If you cancel, you have a 30-day window to export everything before it's deleted.
- You control access within your studio. Role-based permissions, PIN codes, and per-device controls let you decide who on your team sees what.
Health Data & Consent Forms
Tattoo Studio Pro includes health questionnaire and consent form features. Because tattooing involves health-related disclosures, we treat this category of data with extra care:
- Health responses are encrypted at rest alongside the rest of your studio data.
- Access is limited to the studio account holder and the team members they grant permission to.
- Studios are the data controllers for their clients' information; Tattoo Studio Pro acts as a processor on the studio's behalf.
A note on HIPAA: Most tattoo and piercing studios are not HIPAA-covered entities, and the Services are not designed for use by healthcare providers subject to HIPAA. We do not act as a HIPAA business associate and we do not sign business associate agreements. If your activities are subject to HIPAA, you are responsible for ensuring your use of the Services meets HIPAA requirements before storing protected health information.
Account Security
- Strong password requirements at signup, with bcrypt-hashed storage (we never see your password in plain text).
- Email verification for new accounts.
- Session management through Google Firebase Authentication.
- Optional PIN codes for team-member access on shared devices.
Our Ongoing Commitment
- Continuous monitoring. We track our infrastructure, dependencies, and access logs to spot and respond to issues fast.
- Transparency. You always know what we collect and how it's used. If we make material changes, we tell you in advance.
- Responsiveness. Privacy questions, data subject requests, or security disclosures get a real response from a real person. Reach us at support@tattoostudiopro.com.
Related
- Security and Access Control — role-based permissions, PIN codes, and device management.
- Digital Consent Forms — encrypted, legally binding forms with secure cloud storage.
- Team Accounts — controlled access with role-based permissions for your team.
Questions about privacy or security? Contact us directly.