PROTECTED RECORDS. CLEAN exits.
Client data, signed forms, and payment records are encrypted in the cloud. Team access is controlled by role. Shared tablets are secured with per-person PINs. When someone leaves the studio, they lose access instantly. No shared passwords to rotate.
Your client list is more sensitive than you think.
Names, phone numbers, dates of birth, home addresses, medical disclosures, photo IDs, signed waivers. If a laptop walked out of your shop tomorrow, that is what walked out with it. Most studios do not think of their client database that way because it has always lived in a filing cabinet.
Digital changes the risk profile. The upside: proper encryption, controlled access, and instant deauthorization. The downside: a shared login on a tablet everyone uses is not a security model. This is what that should look like done properly.
What the security model gives you.
Encrypted cloud storage
Client profiles, signed forms, and payment records are encrypted at rest and in transit. Photo IDs and other sensitive uploads go to private storage and are served through authenticated, time-limited URLs rather than public links.
Roles matched to the job
Owners see everything. Artists see their clients and the forms archive. Front desk Staff see the Queue and the calendar. Health Officials see the forms archive only. Permissions are enforced at the data layer, not just hidden in the UI.
PIN codes for shared tablets
Each team member gets a unique PIN for quick sign-in and sign-out on a shared studio tablet. No typing a full password every session. When one artist signs out, the next person cannot see the previous session's data.
Instant device deauthorization
The Owner can revoke access from any device from the Manager screen. If a tablet walks off, it loses access before you finish the police report. If someone quits, every device they signed in on gets cut off at the same time.
Access trails on every record
Access is logged. When a question comes up about who pulled a form or looked at a client's file, you have a record. It matters in inspections, in compliance reviews, and the day you need to defend a decision.
Built on Google Cloud
Hosted on Firebase / Google Cloud, the same infrastructure that powers a large portion of the consumer web. Encrypted at rest, served over HTTPS, with the operational maturity of a hyperscaler underneath.
What the security model does not do.
It is not a regulatory certification. We operate to modern cloud security standards; we do not carry a specific industry badge. If your jurisdiction requires a particular certification for client records, confirm independently.
It does not replace your own operational hygiene. A strong password matters. Not writing the Manager PIN on a sticky note matters. Signing out of shared tablets matters. The software raises the floor, but the floor is still built on human habits.
It is not a HIPAA platform. Tattoo intake is not clinical medical care. Health questions are captured to keep artists safe, not to function as a HIPAA-governed medical record.
Defaults that matter
Security built in.
Quick answers.
How is my data protected?
Client data is encrypted at rest and in transit. Access is enforced by role. Sensitive files live in private storage, served through authenticated URLs. Access is logged for audit.
What if multiple team members share a tablet?
Each person has a unique PIN for sign-in and sign-out. Only their data and permissions are active during their session. Signing out isolates the next person's session.
Can I remove a team member immediately?
Yes. Owners and Managers deactivate accounts and deauthorize any device they were signed in on, instantly.
What can health officials actually see?
Forms Archive only. No client profiles, no appointments, no reports, no business data. The role is scoped to compliance review and nothing else.
Where is the data hosted?
On Firebase/Google Cloud infrastructure, which is the same infrastructure that powers a large portion of the consumer web. Encrypted at rest, served over HTTPS.