Beta
We Ink

Privacy Policy

Effective Date: 23/11/2024

We Ink ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software-as-a-service (SaaS) platform ("Platform"). By accessing or using the Platform, you agree to this Privacy Policy.

Information We Collect

We collect information from you in two primary ways: information you provide to us and information we collect automatically.

Information You Provide

  • Account Information: When you create an account, whether as a User or an Artist, we collect your name and email address. You may optionally add a phone number or profile picture. Artists may also provide other details, like a professional bio and portfolio images.
  • User Content: This includes any information you choose to share on the Platform, such as reviews, posts, and messages.
  • Reservation Information: When you book a tattoo appointment, we collect information related to the reservation, such as the date, time, artist, and tattoo design.
  • Instagram Information: If you connect your Instagram Business account to our Platform, we collect your Instagram username, profile link, access token, Instagram Business ID, and token expiration date. This information is necessary for the integration to function and is securely stored and encrypted on our servers. We also collect data related to your Instagram posts and messages, as detailed below.

Information We Collect Automatically

  • Usage Data: We may automatically collect information about how you access and use the Platform, including your IP address, browser type and version, device type and operating system, pages visited, time spent on each page, search queries, and preferences.
  • Cookies and Tracking Technologies: We use cookies and similar tracking technologies to collect and store information about your usage of the Platform. This helps us improve your experience, analyze how the Platform is used, and personalize content.

How We Use Your Information

We use the collected information for various purposes, including:

  • Providing and Maintaining the Platform: To operate and maintain the Platform, create and manage user accounts, facilitate reservations and communication, and provide customer support.
  • Personalizing Your Experience: To tailor the Platform to your preferences and provide relevant content and recommendations.
  • Improving the Platform: To analyze usage trends, identify areas for improvement, and develop new features.
  • Marketing and Communications: To send you updates, newsletters, and promotional content, if you have opted in to receive them.
  • Legal Compliance: To comply with applicable laws and regulations, and to respond to legal requests.

Instagram Integration

Our Platform offers an integration with Instagram to help Artists connect with potential clients and manage their workflow. This integration utilizes the following Instagram APIs and functionalities:

  • Connect Instagram Business to an Artist: This allows Artists to connect their Instagram Business account to their We Ink profile. We use the instagram_business_basic, instagram_business_manage_messages, and Human Agent scopes to enable this functionality. We collect and securely store the Artist's Instagram username, profile link, access token, Instagram Business ID, and token expiration date. This data is used solely for interacting with the Instagram APIs and is not accessible to Users. Access tokens are automatically refreshed every week until the Artist disconnects the integration.
  • Get Recent Posts: This functionality allows Artists to showcase their past work on their We Ink profile by retrieving their latest Instagram posts. We collect and store the post description, media URLs, Instagram post ID, post link, and creation date. This data is refreshed daily to ensure it is up-to-date.
  • Instagram Chat Integration (Optional): This optional feature allows Artists to receive and respond to customer messages directly within the We Ink platform. We utilize Instagram's Conversations API to retrieve and manage conversations and messages. A webhook is subscribed to receive updates on messages, message reactions, message reads, and postbacks. We collect and store the Instagram username, avatar URL, and Instagram-scoped user ID for each chat, as well as the text content, attached image URLs, creation date, Instagram message ID, and emoji reactions for each message. This data is only accessible to the intended Artist.

How We Share Your Information

We may share your information with the following third parties:

  • Service Providers: We may share your information with third-party service providers who assist us in providing and maintaining the Platform, such as payment processors, data analytics providers, and customer support platforms. We have contracts with these providers requiring them to protect your information.
  • Other Users and Artists: As part of the Platform's functionality, Users and Artists can view each other's profiles, communicate via chat, and manage reservations.
  • Legal Authorities: We may disclose your information to legal authorities if required by law or in response to valid legal requests.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different Privacy Policy.

Data Security

We take reasonable measures to protect your information from unauthorized access, use, or disclosure. These measures include:

  • Data Encryption: We encrypt sensitive data, such as access or Instagram tokens, both in transit and at rest.
  • Access Controls: We restrict access to your information to authorized personnel who require it to perform their duties.
  • Secure Storage: We store your information on secure servers with appropriate physical and technical safeguards.

Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Your Privacy Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:

  • Right of Access: You have the right to request access to your personal information.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal information.
  • Right to Erasure: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Restriction of Processing: You have the right to request restriction of processing of your personal information.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal information for certain purposes.

To exercise these rights, please contact us at the contact information provided below.

Data Deletion

We provide several ways for you to manage and delete your data:

  • Platform Deletion: You can disconnect your Instagram integration from your dashboard in the integrations page. This will remove all associated data from our servers.
  • Automatic Deletion: We support Meta's data deletion webhooks, ensuring immediate deletion when permissions are revoked from Meta's or Instagram's third-party management tools.
  • Manual Requests: You can request data deletion by contacting us via our support channels, email (at the end of this document), or chat from the platform.

Legal Compliance

We operate in compliance with the General Data Protection Regulation (GDPR). We process your data based on your consent or other legal bases where applicable. We inform all users of their rights under the GDPR and provide mechanisms for exercising those rights.

To ensure the lawful and secure processing of personal data, we have implemented the following measures:

Data Processing Addendum (DPA): We have a signed DPA with our data processor, Supabase, which outlines their responsibilities and obligations regarding data protection and GDPR compliance. Transfer Impact Assessment (TIA): We have conducted a TIA to assess and mitigate any risks associated with data transfers, ensuring that any cross-border data flows comply with GDPR requirements.

Children's Privacy

Our Platform is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Platform.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the Effective Date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: collab@we-ink.com

Address: We Ink, Via Vicolo del Vo', 68, 38122, Trento (TN), Italy

By using our Platform, you acknowledge that you have read and understood this Privacy Policy.