Privacy Policy

Last updated: 2026-04-24. Controller: SaaSquatch Ltd, London (UK company number pending). Contact: privacy@feelgoodink.co.uk.

Summary

We run a tattoo-studio directory. We collect the minimum personal data needed to let studios claim listings, let visitors send contact messages, save comparison shortlists, receive our monthly newsletter, and subscribe to the Featured tier. We do not sell or share personal data for advertising.

What we collect and why

Visitors (anonymous)

• Usage analytics (Umami, cookieless): page paths, referrer, device class, country. No persistent identifiers, no cookies. Legal basis: legitimate interests (improving the site).

Contact form submissions

• Name, email, message, hashed IP, user agent. Used to forward your message to the studio you chose. Legal basis: legitimate interests + your explicit request. Retained 12 months then deleted unless you're a customer.

Shortlist saves / newsletter

• Email, chosen shortlist URL. Used to send you shortlist updates and the monthly Ink Letter. Legal basis: consent (opt-in). You can unsubscribe in any email with one click.

Studio claims

• Instagram handle, contact email, verification code. Used to verify you represent the studio. Legal basis: contract (you requested to claim). Retained until claim verified or expires.

Studio dashboards + Featured subscribers

• Session cookie (signed, HttpOnly), PayPal payer ID, subscription status, uploaded images. Used to let you manage your listing and pay for Featured tier. Legal basis: contract. Retained for the duration of your account + 7 years (UK accounting requirements for Featured subscribers).

Processors we use

• Cloudflare — CDN, DNS, Pages hosting, R2 image storage. UK/EU POPs. DPA in place.
• PayPal — payment processing for Featured tier. You interact with PayPal directly at checkout; we never see card data, only the payer ID and subscription state returned via webhook.
• Brevo (Sendinblue) — transactional email + newsletter. EU-based.
• PocketBase — our self-hosted database on a UK VPS. Our own infrastructure, not a third-party processor.
• Umami — self-hosted, cookieless analytics.

Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, object, and port your personal data. To exercise any of these rights, email privacy@feelgoodink.co.uk. We respond within 30 days. If you are not satisfied with our response, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Data retention

Contact messages: 12 months. Claim requests: 30 days (expired) / duration of account (verified). Newsletter subscribers: until you unsubscribe. Featured subscribers' billing records: 7 years (UK tax requirement). Uploaded images: until you delete them or your account is closed, whichever comes first.

Cross-border transfers

Our processors are based in the UK/EEA or operate under UK-approved Standard Contractual Clauses. No personal data is routinely transferred to the US or non-adequacy countries.

Changes to this policy

We update this page when our practices change. The "Last updated" date at the top reflects the most recent change. Material changes are announced via the Ink Letter.