Privacy Policy

Effective Date: 2025.8.25

1. Our Commitment to Your Privacy

Privacy is a fundamental human right. At luckytatto.ai, we are committed to protecting your privacy by avoiding ads, trackers, and any form of data monetization. We will never sell your data. Our goal is to deliver outstanding services while safeguarding your privacy.

This Privacy Policy explains how we collect, use, share, and protect your personal information, and what rights you have regarding that data.

2. Information We Collect

Information You Provide Directly

  • Account Information: When you create an account, we collect your name and email address.
  • Payment Information: When you subscribe, our payment processor (e.g., Stripe) collects your payment card details. We do not store your full payment card information on our servers.
  • User Content: Any content you upload to generate tattoo designs, such as images, sketches, or text prompts.

Information We Collect Automatically

  • Device and Usage Data: IP address, device type, operating system, browser type, language settings, general location (from IP), and interaction data (pages visited, features used, timestamps).
  • Cookies & Similar Technologies: Used to maintain your session, remember preferences, and analyze usage. For more details, please see our [Cookie Policy].

Information from Third Parties

We may receive limited information from trusted service providers, such as geolocation data or fraud-prevention checks from payment processors.

3. How We Use Your Information

To Provide Core Services

  • Create and manage your account.
  • Process payments and subscriptions.
  • Use your User Content to generate the tattoo designs you request.

To Improve & Optimize Services

  • AI Model Training: With your consent, we may use your content in anonymized form to improve our AI models. You can opt out at any time in your account settings.
  • Analyze usage trends and service performance to enhance user experience.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under these legal bases:

  • Contract Performance: To deliver the services you request (account, payments, tattoo design generation).
  • Legitimate Interests: To maintain, optimize, and secure our services.
  • Consent: For cookies, AI model training, and optional marketing communications.
  • Legal Obligation: To comply with applicable laws.

5. How We Share Your Information

We only share your information in limited circumstances:

  • With Service Providers: Trusted partners contractually bound to protect your data, including:
    • Payment processors (e.g., Stripe).
    • Cloud hosting providers (e.g., AWS, Google Cloud).
    • Analytics providers (in anonymized or aggregated form).
  • For Legal Reasons: When required by law, subpoena, or to protect rights and safety.
  • Business Transfers: In case of merger, acquisition, or sale of assets, your information may be transferred, but protections will remain in place.
  • With Your Consent: For any additional sharing beyond these categories.

We do not sell your personal information.

6. Data Security & Retention

  • Security: We use industry-standard technical, organizational, and physical safeguards, such as encryption and access controls. In case of a breach, you will be notified in accordance with applicable laws.
  • Retention:
    • Account data is retained as long as your account remains active.
    • Data used for AI model training may be stored in anonymized form beyond account deletion, unless you opt out.
    • Inactive accounts are deleted after [e.g., 24 months] of inactivity, unless legally required otherwise.
    • Some information may be retained as required by law (e.g., tax or accounting obligations).

7. Your Privacy Rights & Choices

Depending on your jurisdiction (e.g., GDPR in the EEA, CCPA in California), you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete information.
  • Erasure (Right to be Forgotten): Request deletion of your account and data.
  • Restriction/Objection: Restrict or object to certain processing activities, including opting out of AI training.
  • Data Portability: Obtain your data in a machine-readable format.
  • Withdraw Consent: Withdraw consent for processing activities at any time.

You can exercise these rights through your account settings or by contacting us at [your-privacy-email]. We will respond within 30 days (or as required by law).

8. Children’s Privacy

Our Services are not directed to individuals under the age of 13 (or 16 where required by local law, such as under GDPR). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately for deletion.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your own. Regardless of where it is processed, we apply safeguards consistent with this Privacy Policy and applicable data protection laws (e.g., Standard Contractual Clauses for EEA transfers).

10. Marketing Communications

If you opt in, we may send you occasional updates about new features or services. You can unsubscribe at any time by clicking the “unsubscribe” link in our emails.

11. Updates to This Policy

We may update this Privacy Policy periodically. The revised version will be posted with an updated Effective Date. Continued use of our services after changes means you accept the revised policy.

12. Contact Us

If you have questions or requests about this Privacy Policy or our data practices, you may contact us at:

Email: [your-privacy-email]