Privacy Policy

1. Who we are

AinsleyXTattoos is operated by Ainsley, an independent tattoo artist based in Melbourne, Victoria, Australia. The business operates from La Rue Gallery, 370 Centre Rd, Bentleigh VIC 3204.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (ainsleyxtattoos.com) and booking services.

2. What personal information we collect

When you submit a booking enquiry, request an appointment, or interact with our website, we may collect the following:

• Your full name
• Email address
• Phone number
• Booking reference number
• Selected service type (e.g. consultation, tattoo, touch-up)
• Preferred appointment date and time
• Tattoo idea description, placement on body, approximate size, and colour preferences
• Additional notes or messages provided during the booking
• Reference or inspiration images you share with us
• Payment and deposit status (amount paid, Square payment reference)
• Manage-booking activity including cancellations and reschedules

3. Sensitive information

Some information you provide — such as details about skin conditions, allergies, medical history, or body placement that may reveal health information — may be considered sensitive under Australian privacy law.

We only collect sensitive information where it is reasonably necessary for providing our tattoo services (for example, to understand any health considerations relevant to your appointment). By submitting a booking with this information, you consent to its collection and use for that purpose.

4. Why we collect your information

We collect and use your personal information to:

• Process and confirm your booking appointment
• Collect and record deposit payments
• Send booking confirmation, reschedule, and cancellation emails
• Communicate with you about your appointment and preparation
• Allow you to view, cancel, or reschedule your booking
• Prepare for your tattoo session (understanding your idea, placement, and needs)
• Maintain business, safety, and administrative records
• Meet any legal or regulatory obligations

5. Payment handling

Deposits and payments are processed through Square, a third-party payment platform. When you pay a deposit, your card details are entered directly into Square's secure payment flow — we do not store, process, or have access to your full card number, CVV, or other payment card details.

We may retain a Square payment reference number and deposit amount in our booking records for reconciliation and dispute purposes. Please refer to Square's own privacy policy for details on how they handle your payment data.

6. Email communications

Booking confirmation and reschedule notification emails are sent via Resend, a transactional email service. Your email address is used solely for booking-related communications. We do not send marketing emails without your separate consent.

7. Storage and security

Booking data is stored in a Supabase database hosted on cloud infrastructure. Our website is hosted on Vercel. Both services are reputable cloud providers with their own security and data-handling practices.

We take reasonable precautions to protect your personal information, including access controls, encrypted connections (HTTPS), and hashed storage of sensitive authentication tokens. However, no internet transmission is completely secure and we cannot guarantee absolute security.

Access to booking records is restricted to studio administration only.

8. Sharing and disclosure

We do not sell your personal information. We may share it only in the following circumstances:

• Square — for processing deposit payments
• Resend — for sending transactional booking emails
• Supabase / Vercel — as cloud infrastructure providers for data storage and website hosting
• Legal obligations — where required by law, court order, or regulatory authority

We require third-party service providers to handle your information appropriately and in accordance with their own privacy policies and applicable law.

9. Overseas disclosure

Some of our cloud service providers (including Square, Resend, Supabase, and Vercel) may store or process your data on servers located outside Australia, including in the United States. By using our services, you acknowledge that your information may be transferred to and processed in jurisdictions with different privacy laws to Australia.

10. Retention

We retain booking records for as long as reasonably necessary for business, tax, insurance, dispute resolution, and client-service purposes. If you request deletion of your information, we will consider the request and delete or de-identify your data where we are not legally required to keep it.

Portfolio images and photographs are only published publicly with your explicit consent or permission.

11. Your rights

You have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or outdated information
• Request deletion of your information where we are not required to retain it
• Raise a concern or complaint about how your information has been handled

To exercise any of these rights, contact us at Ainsleyxtattoos@outlook.com. We will respond as soon as reasonably practicable.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Booking terms and deposits

A non-refundable deposit is required to confirm tattoo appointments. Details about deposit amounts, cancellation conditions, and rescheduling policies are communicated at the time of booking. This Privacy Policy does not govern those commercial terms — please read your booking confirmation for details.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when it was most recently revised. We encourage you to review this page periodically.

14. Contact us