Privacy Policy

This Privacy Policy explains how TattooMagnet AB ("we," "us," or "our") collects, uses, and protects your personal information when you use our website, mobile application, and services (collectively, the "Platform"). By using TattooMagnet, you agree to the collection and use of information in accordance with this policy. This policy complies with the General Data Protection Regulation (GDPR) and Swedish data protection laws. We are committed to protecting your privacy and ensuring transparency about our data practices. This policy will help you understand: • What information we collect and why • How we use and share your information • Your rights and choices regarding your data • How we protect your information

TattooMagnet AB is the data controller for the personal information we collect through our Platform. Contact Information: • Company: TattooMagnet AB • Address: Stockholm, Sweden • Email: privacy@tattoomagnet.com • Support: support@tattoomagnet.com For privacy-related questions or to exercise your data protection rights, please contact us at privacy@tattoomagnet.com.

We collect information in the following ways: 1. INFORMATION YOU PROVIDE DIRECTLY: Account Information: • Name, email address, phone number • Profile pictures and bio information • Location (city, country) For Artists: • Professional information and portfolio • Portfolio images and descriptions • Business information and pricing • Availability and scheduling preferences • Payment information for subscription processing For Clients: • Tattoo preferences and interests • Reference images for consultations • Communication preferences Communication Data: • Messages between users through our platform • Reviews and ratings • Support inquiries and feedback 2. INFORMATION COLLECTED AUTOMATICALLY: Technical Data: • IP address and device information • Browser type and version • Pages visited and usage patterns • Device identifiers and operating system • Access times and referring websites Usage Analytics: • How you interact with our platform • Feature usage and performance data • Error logs and diagnostic information • Geographic location (with permission) 3. INFORMATION FROM THIRD PARTIES: • Payment processor data (Stripe) for subscription billing • Social media profile information (if you choose to connect accounts) • Email service data for communication delivery

Under GDPR, we process your personal data based on the following legal grounds: • CONTRACT: To provide our platform services and fulfill our obligations to you • LEGITIMATE INTERESTS: To improve our platform, prevent fraud, ensure security, and operate our business • CONSENT: For marketing communications and optional features (you can withdraw consent at any time) • LEGAL OBLIGATION: To comply with applicable laws, regulations, and legal requests You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

We use your information for the following purposes: PLATFORM SERVICES: • Creating and managing user accounts • Facilitating connections between artists and clients • Processing subscription payments (for artists) • Enabling communication through our messaging system • Displaying portfolios and profiles • Managing bookings and appointments PLATFORM IMPROVEMENT: • Analyzing usage to improve features and user experience • Developing new features and services • Personalizing content and recommendations • Conducting research and analytics SAFETY AND SECURITY: • Verifying user identities and preventing fraud • Monitoring for suspicious activity and policy violations • Enforcing our Terms of Service • Protecting against spam and abuse COMMUNICATION: • Sending important platform notifications and updates • Providing customer support • Sending marketing communications (with your consent) • Responding to your inquiries LEGAL COMPLIANCE: • Responding to legal requests and court orders • Complying with tax and financial regulations • Maintaining records as required by law

We share your information in the following limited circumstances: WITH OTHER USERS: • Profile information you choose to make visible • Portfolio images and descriptions (for artists) • Reviews and ratings you submit • Public communications and comments WITH SERVICE PROVIDERS: • Payment processor (Stripe) for subscription billing only • Cloud hosting provider (Supabase) for secure data storage • Email service provider (Resend) for platform communications • Analytics services for platform improvement (anonymized data) FOR LEGAL REASONS: • Law enforcement when required by valid legal process • Protection of our rights, property, or safety • Compliance with court orders or legal obligations • In case of business sale or merger (with user notification) We do not sell your personal information to third parties. All service providers are contractually bound to protect your data and use it only for specified purposes. IMPORTANT DISCLAIMER: While we take reasonable measures to protect your data, we cannot guarantee absolute security. You use our platform at your own risk regarding data security and privacy. We are not liable for any data breaches, unauthorized access, or privacy violations by third parties.

We retain your personal information only as long as necessary: ACTIVE ACCOUNTS: • Account data: Retained while your account is active • Messages: Retained for 3 years for business purposes • Portfolio images: Retained while account is active • Transaction records: Retained for 7 years for tax compliance INACTIVE ACCOUNTS: • Account automatically deleted after 2 years of inactivity • You will receive advance notice before deletion • Some data may be retained longer for legal compliance DELETION REQUESTS: • We will delete your data within 30 days of a valid request • Some information may be retained for legal or security purposes • Anonymized data may be retained for analytics You can request deletion of your account and data at any time by contacting privacy@tattoomagnet.com.

We implement comprehensive security measures to protect your personal information: TECHNICAL SAFEGUARDS: • Encryption in transit and at rest • Secure HTTPS connections for all communications • Regular security monitoring and updates • Access controls and authentication systems • Secure data backup and recovery procedures ORGANIZATIONAL MEASURES: • Employee training on data protection • Limited access on a need-to-know basis • Regular security policy reviews • Incident response procedures • Third-party security assessments While we implement strong security measures, no system is completely secure. We continuously monitor and improve our security practices.

Under GDPR and Swedish data protection laws, you have the following rights: RIGHT OF ACCESS: • Request a copy of your personal data • Understand how your data is being processed • Receive information about data sharing RIGHT TO RECTIFICATION: • Correct inaccurate or incomplete data • Update your profile information • Request correction of processing records RIGHT TO ERASURE: • Request deletion of your personal data • Withdraw consent for processing • Object to continued processing RIGHT TO RESTRICT PROCESSING: • Limit how we use your data • Suspend processing during disputes • Maintain data without processing it RIGHT TO DATA PORTABILITY: • Receive your data in a portable format • Transfer data to another service • Export your account information RIGHT TO OBJECT: • Object to processing based on legitimate interests • Opt out of marketing communications • Stop automated decision-making To exercise these rights, contact us at privacy@tattoomagnet.com. We will respond within 30 days.

We use cookies and similar technologies to enhance your experience: ESSENTIAL COOKIES: • Authentication and security • Platform functionality • User preferences and settings ANALYTICS COOKIES: • Usage statistics and performance monitoring • Feature adoption tracking • Platform optimization data You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality. For more information, please see our Cookie Policy.

As a Sweden-based company, we primarily process data within the EU/EEA. However, some data may be transferred internationally: DATA TRANSFER SAFEGUARDS: • Standard Contractual Clauses for transfers outside EU/EEA • Adequacy decisions where applicable • Additional safeguards for sensitive data PRIMARY DATA LOCATIONS: • EU/EEA: Primary data processing and storage • United States: Some service providers (with appropriate safeguards) We ensure all international transfers comply with GDPR and provide appropriate protections.

Our Platform is intended for adult use: • Platform is designed for users 18 years and older • Users represent that they meet applicable age requirements • If we become aware of underage users, accounts may be deleted Parents can report concerns about underage use to support@tattoomagnet.com. Note: We do not actively verify user ages during registration, and users are responsible for ensuring they meet legal requirements in their jurisdiction.

We may update this Privacy Policy to reflect changes in our practices or legal requirements: NOTIFICATION: • Email notification for material changes • Platform notification for all users • 30-day notice period before changes take effect You can always find the current version of this policy on our website with the "Last Updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

For privacy-related questions or requests: PRIVACY TEAM: • Email: privacy@tattoomagnet.com • General Support: support@tattoomagnet.com • Response time: Within 30 days COMPANY INFORMATION: • TattooMagnet AB • Stockholm, Sweden • Website: tattoomagnet.com SUPERVISORY AUTHORITY: EU residents can lodge complaints with the Swedish Authority for Privacy Protection (IMY) or their local data protection authority. Last updated: January 15, 2025