Privacy Policy

Effective date: February 1, 2025

Hair Tattoo ("Hair Tattoo," "we," "us," or "our") operates a directory platform that connects consumers with scalp micropigmentation (SMP) professionals across the United States. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at hairtattoo.com (the "Site"). Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Site.

1. Information We Collect

We collect information in the following ways:

Business Owner Information

When a scalp micropigmentation professional signs up to create a listing on Hair Tattoo, we collect:

• Full name and business name
• Email address
• Phone number
• Business street address, city, state, and ZIP code
• Services offered and pricing information
• Business description and biographical details
• Photos (profile photo, portfolio images, and business photos)
• Website URL and social media links

User Contact Form Submissions

When a visitor submits a contact form to reach a listed business, we collect:

• Full name
• Phone number
• Message content
• The listing to which the inquiry was directed

Automatically Collected Information

When you visit the Site, we may automatically collect certain information, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Referring URL and pages visited
• Date, time, and duration of your visit
• Device type and screen resolution

Location Data

With your explicit consent (via your browser's location permission prompt), we may collect your precise geographic location to show you SMP professionals near you. You can revoke location access at any time through your browser settings. The Site remains fully functional without location access.

2. How We Use Your Information

We use the information we collect to:

• Operate and maintain the Hair Tattoo business directory
• Display business listings publicly so consumers can find SMP professionals
• Deliver contact form submissions (leads) from consumers to the appropriate business owner
• Authenticate business owners and manage their accounts
• Send transactional emails related to account activity, such as new lead notifications and account verification
• Improve the Site's functionality, performance, and user experience
• Monitor and analyze usage trends and aggregate site traffic
• Detect, prevent, and address technical issues, fraud, or abuse
• Comply with legal obligations

3. Third-Party Services

We rely on a limited number of trusted third-party services to operate the Site. We do not sell, rent, or trade your personal information to any third party.

• Supabase — We use Supabase (hosted on Amazon Web Services) as our database and authentication provider. Business listings, lead submissions, and account credentials are stored in Supabase's PostgreSQL database. Supabase's privacy policy is available at supabase.com/privacy.
• Cloudflare — Our Site is hosted on Cloudflare Pages and uses Cloudflare's content delivery network (CDN) for performance and security. Cloudflare may process your IP address and request metadata as part of its services. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
• Resend — We use Resend to deliver transactional emails, including account verification links and lead notification emails. Resend processes recipient email addresses and email content on our behalf. Resend's privacy policy is available at resend.com/legal/privacy-policy.

4. Advertising and Data Sales

Hair Tattoo does not display third-party advertisements on the Site. We do not sell, rent, lease, or otherwise share your personal information with third parties for their marketing or advertising purposes. We will never monetize your data by selling it to data brokers or advertising networks.

5. Cookies and Tracking Technologies

We use a minimal number of cookies, strictly for functionality:

• Authentication cookies — When a business owner signs in, Supabase sets session cookies to maintain the authenticated state. These cookies are essential for the sign-in functionality to work and cannot be disabled while using authenticated features.
• No advertising or tracking cookies — We do not use cookies for advertising, retargeting, or cross-site tracking. We do not use Google Analytics, Facebook Pixel, or similar third-party tracking scripts.

You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, disabling cookies may prevent you from using certain authenticated features of the Site.

6. Data Retention

We retain your information for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy:

• Business listings remain active until the business owner requests removal or we determine the listing is no longer accurate.
• Lead submissions are retained to provide business owners with a record of inquiries.
• Account data is retained as long as the account remains active. Upon account deletion, we will remove your personal information from our active databases within 30 days, though some data may persist in encrypted backups for up to 90 days.

7. Data Security

We take reasonable administrative, technical, and physical measures to protect your personal information. These include:

• All data transmitted between your browser and the Site is encrypted via HTTPS/TLS
• Database access is restricted through Supabase Row Level Security (RLS) policies, ensuring users can only access data they are authorized to view or modify
• Authentication tokens are securely managed by Supabase Auth
• Our hosting provider, Cloudflare, provides DDoS protection and web application firewall capabilities

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Your Privacy Rights

All Users

Regardless of where you are located, you may:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information
• Withdraw consent for location data collection at any time through your browser settings

To exercise any of these rights, please contact us at privacy@hairtattoo.com. We will respond to your request within 30 days.

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. Therefore, we do not offer an opt-out of the sale of personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, email privacy@hairtattoo.com with the subject line "CCPA Request."

European Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR), including:

• Legal Basis for Processing: We process your personal data based on (a) your consent, (b) the performance of a contract (e.g., providing your business listing), or (c) our legitimate interests in operating and improving the Site.
• Right to Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct inaccurate data.
• Right to Erasure: You may request that we delete your personal data.
• Right to Restrict Processing: You may request that we limit how we use your data.
• Right to Data Portability: You may request your data in a structured, machine-readable format.
• Right to Object: You may object to our processing of your data based on legitimate interests.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any GDPR right, contact privacy@hairtattoo.com.

9. Children's Privacy

The Site is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@hairtattoo.com.

10. Links to Other Websites

Business listings on Hair Tattoo may contain links to external websites, including the business owner's own website and social media profiles. We are not responsible for the privacy practices or content of those third-party websites. We encourage you to review the privacy policy of every site you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Hair Tattoo
Email: privacy@hairtattoo.com