Privacy Policy

1. Data Controller

InkRadar is operated by Nick Marien.

Contact email: info@inkradar.eu

Business address: Rue Piquet 12, 7500 Tournai, Belgium

2. What Data We Collect

Depending on how the platform is used, InkRadar may collect:

• Account data: email address and authentication data managed through Supabase Auth, including data provided via Google OAuth.
• Profile data (clients): display name, avatar image, account type, and preferences.
• Profile data (artists): display name, avatar, tattoo styles, experience, portfolio images, flash designs, guest artist status, and where submitted, hygiene diploma files.
• Profile data (shop owners): shop name, address, phone number, Instagram link, VAT number, experience, styles, portfolio images, posts, and subscription status.
• Activity data: follows, likes, claim requests, messages, notifications, and other interactions within the platform.
• Location data: if you allow browser geolocation, InkRadar uses your coordinates to show nearby tattoo shops and calculate distance-based search results. This is optional.
• Billing data: when you subscribe to a paid plan, your email is shared with Stripe to create a billing session. InkRadar does not store card numbers or full payment details — these are handled by Stripe.
• Technical data: IP address, browser type, device information, and basic usage logs required for security, debugging, and platform stability.
• Analytics data: aggregated, anonymized usage data collected via Plausible Analytics (no cookies, no personal data).

3. How We Use Personal Data

InkRadar uses personal data to:

• create and manage user accounts;
• display shop profiles, portfolios, posts, and social interactions;
• allow users to search for tattoo shops and artists by style, distance, and experience;
• process follows, likes, claim requests, and messages;
• manage paid subscriptions and billing via Stripe;
• protect the platform against abuse, fraud, and unauthorized access;
• communicate with users about support, account issues, or legal updates;
• measure and improve platform performance and reliability using privacy-preserving analytics.

4. Legal Bases Under GDPR

Where GDPR applies, InkRadar processes personal data on one or more of the following legal bases:

• Performance of a contract: operating user accounts, delivering the platform, and processing subscriptions.
• Legitimate interests: platform security, abuse prevention, moderation, and product improvement through privacy-preserving analytics.
• Consent: optional location access.
• Legal obligation: where data must be retained or disclosed under applicable Belgian or EU law.

5. Location Data

If you allow browser geolocation, InkRadar uses that information to show nearby tattoo shops and calculate distances. Location access is entirely optional. Refusing geolocation does not block use of the platform — distance-based results will simply be less precise. InkRadar does not store your precise geolocation coordinates on its servers.

6. User-Generated Content

Shop profiles, artist portfolios, images, posts, captions, and business contact details published on InkRadar are intended to be visible to other platform users. Users should only upload or publish information they are authorized to share. Hygiene diploma files uploaded by artists are stored securely and used solely for profile verification purposes.

7. Data Sharing and Sub-Processors

InkRadar does not sell personal data. Data is shared only where necessary with the following service providers:

• Supabase — authentication, database, and file storage (servers in the EU).
• Stripe — payment processing and subscription billing. Stripe is an independent data controller for payment data. See Stripe's Privacy Policy.
• Plausible Analytics — privacy-preserving website analytics. No cookies, no personal data, no cross-site tracking. See Plausible's Privacy Policy.
• Leaflet / OpenStreetMap — map tiles for location-based search. No personal data is sent beyond what is standard for loading map tiles.
• Google — OAuth sign-in (if used). See Google's Privacy Policy.
• Legal authorities — if disclosure is required by law or necessary to protect rights, safety, or platform integrity.

8. Subscriptions and Billing

InkRadar offers optional paid plans for shops and artists. Subscription payments are processed by Stripe. When you initiate a subscription, your email address is passed to Stripe to pre-fill the checkout. InkRadar does not store your card number, CVV, or full billing details. Stripe handles all sensitive payment data under PCI-DSS compliance. You may manage or cancel your subscription at any time through the billing portal accessible from your account.

9. Data Retention

InkRadar keeps personal data only for as long as reasonably necessary to operate the service, comply with legal obligations (including Belgian accounting and tax law), resolve disputes, and enforce agreements. When an account is deleted, personal profile data is removed within a reasonable period. Data may remain in encrypted backups for a limited time for operational continuity.

10. Security

InkRadar uses reasonable technical and organizational safeguards including encrypted connections (HTTPS), authentication via Supabase with PKCE flow, and access controls for stored files. No internet-based service can guarantee absolute security. Users are responsible for protecting their account credentials.

11. Your Rights

Under GDPR, you have the right to:

• Access — request a copy of the personal data InkRadar holds about you;
• Rectification — request correction of inaccurate or incomplete data;
• Erasure — request deletion of your personal data ("right to be forgotten");
• Restriction — request that processing be limited in certain circumstances;
• Portability — receive your data in a structured, machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdrawal of consent — withdraw any consent you have given at any time.

Requests may be sent to info@inkradar.eu. InkRadar will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Belgium this is the Autorité de protection des données (APD).

12. Children

InkRadar is intended exclusively for users aged 18 and over, consistent with the minimum legal age for tattooing in Belgium and most EU member states. InkRadar does not knowingly collect personal data from children under 18. If you believe a minor has registered, please contact info@inkradar.eu so the account can be removed.

13. International Transfers

InkRadar uses Supabase with EU-region data hosting. Where data is transferred outside the EEA (for example, by Stripe or Google for OAuth), InkRadar relies on those providers' Standard Contractual Clauses or equivalent adequacy mechanisms to ensure appropriate protection under GDPR.

14. Changes to This Policy

InkRadar may update this Privacy Policy from time to time. The latest version will always be posted at inkradar.eu/privacy.html with a revised update date. For significant changes, InkRadar will notify registered users where reasonably practicable.