Privacy Policy

This Privacy Policy explains how {{LEGAL_ENTITY}} (“TattooWallah”, “we”, “us”, or “our”) collects, uses, discloses, retains, and protects your personal data when you use the TattooWallah website and mobile applications (together, the “Platform”). It also describes your rights and how to contact us.

By using the Platform you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Platform.

TattooWallah is an online marketplace and intermediary that connects customers with independent, third-party tattoo artists and studios (“Artists”). We act as an “intermediary” within the meaning of Section 2(1)(w) of the Information Technology Act, 2000, and avail of the safe-harbour protections under Section 79 of that Act and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

• The tattooing service is provided solely by the Artist, who is an independent professional. We do not perform tattoos and are not a party to the service contract between you and the Artist.
• We provide the technology that lets you discover Artists, view flash designs and portfolios, check availability, and make bookings.
• Artists are responsible for their own compliance with applicable health, safety, licensing, hygiene, and consumer-protection laws.

We collect the following categories of personal data:

• Identity & contact: your name and mobile phone number (used as your primary login identifier).
• Age verification: your date of birth and/or a confirmation that you are 18 years of age or older. Tattooing is strictly for adults (see “Children” below).
• Location: the city you select and, with your permission, approximate or precise device location to show nearby Artists and open chairs.
• Photos & images: reference images, design ideas, or placement photos you upload for a booking, and any images Artists associate with your booking.
• Booking & transaction data: the Artists you view and book, appointment dates/times, design and size selections, quoted prices, booking status, messages, and reviews.
• Device & technical data: device model, operating system, app version, IP address, language, crash and diagnostic logs, and a push-notification token used to send you booking updates.
• Usage & analytics data: pages and screens viewed, taps, and session information collected to understand and improve the Platform.

We do not ask you to provide special-category data (such as health, biometric, or financial-account information) beyond what is described above. Please do not submit sensitive information you are not asked for.

We process your personal data for these purposes:

• To create and manage your account and authenticate you via OTP.
• To operate the marketplace — show Artists, flash drops, availability, and to create, confirm, modify, or cancel your bookings.
• To share necessary booking details with the Artist you book so they can provide the service.
• To send you transactional and service communications (OTPs, booking confirmations, reminders, and updates) by SMS, WhatsApp, and push notification.
• To verify that you are 18 or older.
• To provide customer support and respond to your requests and grievances.
• To maintain security, prevent fraud and abuse, and enforce our Terms.
• To monitor, debug, and improve the Platform and develop new features.
• To comply with applicable law and respond to lawful requests.

Our legal bases under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) are primarily your consent and the performance of the service you request (“legitimate uses”), as applicable.

We share personal data with the following categories of recipients. We do not sell your personal data.

• Artists you book. We share the booking details and any reference photos needed for the Artist to provide the service.
• MSG91 — for sending OTPs and SMS / WhatsApp messages (your phone number and message content).
• Amazon Web Services (AWS) — cloud hosting and storage of the Platform and uploaded files.
• Sentry — error monitoring and crash reporting (technical and diagnostic data, which may include limited identifiers in logs).
• Microsoft Clarity — product analytics and session insights to help us understand and improve usage.
• Expo Push (Expo Application Services) — delivery of push notifications using your device push token.
• Professional advisers and authorities — where required by law, regulation, legal process, or to protect rights, safety, and property.

These providers act as our processors / data processors and are permitted to use your data only to provide services to us. Some of them may process data outside India; where required, we rely on appropriate safeguards and transfer mechanisms permitted under applicable law.

We keep your personal data only for as long as necessary for the purposes described above, including to provide the Platform, maintain your booking history, resolve disputes, and comply with legal, accounting, or reporting obligations.

• Account and booking records are retained while your account is active and for a reasonable period afterwards.
• OTP and short-lived verification data are retained only briefly.
• Diagnostic and analytics data are retained for a limited period in line with our providers’ defaults.

When data is no longer required, we delete or anonymise it. We may retain certain information where law requires or to establish, exercise, or defend legal claims.

Subject to applicable law, you have the right to:

• Access a summary of the personal data we process about you and how it is processed.
• Correct, complete, or update inaccurate or incomplete data.
• Erase / delete your personal data where it is no longer necessary for the purpose it was collected (subject to legal retention requirements).
• Withdraw consent at any time, where processing is based on consent. Withdrawal does not affect prior lawful processing.
• Export / data portability — request a copy of your data in a commonly used, machine-readable format.
• Grievance redressal — readily raise concerns through the Grievance Officer named below, and the right to nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any of these rights, contact us at {{SUPPORT_EMAIL}} or the Grievance Officer below. We may need to verify your identity before acting on a request. Many actions (such as updating your profile or deleting your account) can also be performed directly within the app.

The Platform and tattooing services are intended strictly for adults. You must be 18 years of age or older to create an account, make a booking, or receive a tattoo. We do not knowingly collect personal data from anyone under 18.

If we learn that we have collected personal data from a person under 18, we will delete it. If you believe a minor has provided us data, please contact us immediately.

We implement reasonable technical and organisational security measures designed to protect personal data against unauthorised access, disclosure, alteration, and loss — including encryption in transit, access controls, and hosting with reputable cloud providers.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Please keep your device and login factors secure and notify us promptly of any suspected compromise.

In accordance with the Information Technology Act, 2000 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the contact details of our Grievance Officer are:

The Grievance Officer will acknowledge complaints within the timelines prescribed under applicable law and dispose of them as required.

We may update this Policy from time to time. We will post the updated version with a revised “Last updated” date and, where appropriate, notify you. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

For any questions about this Policy or our data practices, contact {{LEGAL_ENTITY}} at {{SUPPORT_EMAIL}}, or write to us at {{REGISTERED_ADDRESS}}.