Privacy Policy
What we collect, why we collect it, and how you can control your data at any time.
1.Introduction
Your privacy is essential to us. Yttrium Labs LLC operates the Ink-y app. We take your privacy seriously — we don't sell your data, we encrypt what matters, and we give you control over what we keep.
This Policy applies to all our Services including the website at https://ink-y.app, the iOS and Android apps, API services, Instagram integration features, Direct Messaging features, and AI Assistant features.
This Policy complies with LGPD (Brazil), CCPA/CPRA (California), GDPR principles, HIPAA (for health data), and Meta Platform Terms.
2.Data We Collect
2.1Provided by You
Registration data (name, email, password, date of birth, language), profile data (username, photo, bio, social links), and for artists: professional data (styles, studio info, availability).
2.2Health Data (Intake Forms)
For artists using intake forms, we collect client health information including medical conditions, allergies, medications, and other relevant health data. This data is encrypted with AES-256-GCM, retained for 7 years per HIPAA, and accessible only to the recipient artist.
2.3From Instagram (if connected)
| Data Type | Purpose |
|---|---|
| Instagram User ID | Account linking |
| Username & Display Name | Display and identification |
| Profile Picture URL | Display in conversations |
| Account Type | Feature availability |
| Follower & Following Counts | Display your profile stats |
| Media (Post) Count | Display your profile stats |
| Instagram Page ID | Route incoming messages |
| Message Sender's Profile (name, username, photo) | Show who messaged you |
| Message Sender's Follower Status | Filter messages by follower or non-follower |
We NEVER request or store your Instagram password. You can revoke access at any time.
2.4Message Data
| Data Type | Encryption |
|---|---|
| Text content | AES-256-GCM at rest |
| Image attachments | Encrypted on AWS S3 |
| Message previews | AES-256-GCM at rest |
| Timestamps | Stored in UTC |
2.5AI Assistant Data
| Data Type | Purpose |
|---|---|
| Conversation history | Context for responses |
| Quote parameters | Quote estimation |
| Session data (anonymous) | Conversation continuity |
| Artist training data | Personalized responses |
We do NOT use your personal health information to train AI models. AI-generated quotes are estimates only and NOT binding.
2.6Collected Automatically
Device info, usage data, IP address, location (only with permission), crash reports, and Meta Pixel data on public website pages (for analytics, not in-app).
2.7AI Creative Tools Data
When you use the Stencil, Mockup or Idea tools, we process the reference images and text prompts you provide, the generated images, and — for the Mockup tool — the photo of a body part that you upload. A body photo may reveal sensitive personal data (such as skin tone, scars or other physical characteristics); you should only upload images you are entitled to upload and have consent to use. These inputs are sent to our AI image provider for processing as described in Section 10.
2.8Payment and Billing Data
When you subscribe to Ink-y Black, payment is handled entirely by our payment provider, Pagar.me. The sensitive financial data needed to charge you — your full card number and CPF — is collected and stored by Pagar.me under its own privacy policy. Ink-y never receives or stores your full card number or CPF. On our side we keep only billing metadata: your plan and status, billing dates, invoice history (amounts and dates), a masked payment reference (card brand and last four digits), and the Pagar.me identifiers that link your account to your subscription. See Section 4 for how this data is shared.
3.How We Use Your Data
3.1Primary Purposes
| Purpose | Legal Basis |
|---|---|
| Provide services | Contract |
| Artist / tattoo discovery | Contract + legitimate interest |
| Direct messaging | Contract |
| Instagram DM routing | Contract |
| AI quote assistance | Contract + consent |
| Marketing communications | Consent |
| Security and fraud prevention | Legitimate interest |
3.2What We DON'T Do
- Sell your personal data
- Share data with third parties for THEIR marketing
- Use health data for advertising
- Profile you for discriminatory purposes
- Use AI to make binding commitments without artist approval
- Train AI models on your health information
5.Data Retention
| Data Type | Retention |
|---|---|
| Active accounts | While account is active |
| Deleted accounts | Deleted/anonymized immediately; a minimal anonymized record is kept |
| Health records (intake) | 7 years (HIPAA) |
| Messages (active) | While account is active |
| Deleted messages | Content removed immediately; shown as 'message deleted' |
| Instagram connection | Until disconnection |
| AI conversation / quote sessions | 90 days of inactivity |
| AI training data | While artist account is active |
| Generated images (stencil/mockup/idea) | Until you delete them |
| Uploaded tool images (incl. body photos) | Until you delete the asset |
| AI image generation job logs | Auto-deleted after 30 days |
| Security logs | 90 days |
| Consent records | Account lifetime + 5 years |
6.Your Rights
6.1Universal Rights
| Right | How to Exercise |
|---|---|
| Access | Settings > Privacy > Download data or GET /users/me |
| Correction | Settings > Account or PUT /users/me/* |
| Deletion | Settings > Privacy > Delete account (immediate) |
| Portability | JSON/CSV export via Settings or API |
| Withdraw consent | Settings > Notifications, Integrations, or API endpoints |
6.2Deletion Process
- Deletion is immediate — there is no grace period and it cannot be reversed
- Your personal data is permanently deleted or anonymized right away
- Your posts are permanently deleted
- Instagram connection is disconnected and tokens, conversations and messages are deleted
- AI training data, generated images and uploaded tool images are removed; message images are deleted from S3
- In conversations with other users, you appear as 'Deleted User' and the other person keeps their own copy of the conversation history
- We keep only a limited set of records required by law: anonymized health/intake data (~7 years, then purged), financial records (per accounting/tax law), consent records (proof of acceptance), and a deletion audit log
6.3Brazil-Specific Rights (LGPD)
Confirmation of processing, information about sharing, consequences of non-consent, revocation at any time, and human review of automated decisions. AI quotes are recommendations only and NOT automated decisions with legal effect.
6.4California-Specific Rights (CCPA/CPRA)
Know, delete, correct, opt-out of sale (we do NOT sell data), non-discrimination, and limit use of sensitive personal information.
7.Security
7.1Encryption
- AES-256-GCM: Health data, messages, Instagram tokens, message previews
- bcrypt (12 rounds): Passwords (one-way hash)
- TLS 1.3: All communications via HTTPS
- Certificate Pinning (iOS): MITM prevention
7.2Access Control
- JWT tokens: Access (30 min) + Refresh (7 days)
- iOS Keychain: Secure token storage
- HttpOnly Cookies: Tokens not accessible via JavaScript
- Rate Limiting: Login, signup, API, messaging
7.3Attack Protection
- CSRF Protection: XSRF tokens on all mutations
- OAuth State Tokens: CSRF protection with IP/UA fingerprinting
- Webhook Signature: HMAC-SHA256 validation
- Input Sanitization: XSS and SQL injection prevention
- Security Headers: X-Frame-Options, CSP, HSTS
8.Instagram Integration Provisions
8.1Meta Platform Compliance
Our Instagram integration complies with Meta Platform Terms of Service, Instagram Platform Policy, Instagram API Terms of Use, and Meta Data Policy.
8.2Messaging Windows
| Window Type | Duration | What You Can Send |
|---|---|---|
| Standard | 24 hours after customer message | Any message type |
| Extended | 7 days after customer message | HUMAN_AGENT tagged messages |
After window expires, you cannot message until customer messages again. We display expiration times and warn when windows are about to expire.
8.3Data Limitations
We cannot access your Instagram password, private accounts you don't own, followers' private data, Stories/Reels, or engagement metrics. We do NOT post, follow/unfollow, or like/comment on your behalf.
8.4Token Handling
Instagram tokens are valid for 60 days, automatically refreshed at ~50 days. If refresh fails, you'll be notified to re-authorize. No data is lost due to token expiration.
8.5Permitted Use & Data Deletion
Consistent with the Meta Platform Terms, we use Instagram data only to operate the inbox and profile features you enable. We do not sell it, share it with data brokers, or use it for advertising, profiling, surveillance, or eligibility decisions. You can delete your Instagram data at any time by disconnecting the integration in Settings (which deletes the stored tokens, conversations and messages), by deleting your account, or by emailing privacy@ink-y.app. We also honor Meta's Data Deletion Request callback, which returns a confirmation code and a status URL where you can track the request.
9.Direct Messaging Provisions
9.1Message Encryption
All message content is encrypted using AES-256-GCM before storage. Messages in transit travel over TLS 1.3. Real-time messages use encrypted WebSocket connections.
9.2Real-Time Delivery
- Internal messages: Instant via WebSocket (Socket.io)
- Instagram messages: Via Instagram webhooks and API
- Push notifications for background messages
- Supported: Text and image attachments
9.3Archiving
You can archive/unarchive conversations. Deleting a single message removes its content immediately and shows a 'this message was deleted' placeholder. Deleting a conversation or your account permanently removes the messages.
9.4Third-Party Access
We do NOT read messages for advertising, use content to train external AI, share with third parties (except by law), or allow employees to read messages (except for support you initiate). We may access messages if required by valid legal process or if you report abuse.
10.AI Assistant & Creative Tools Provisions
10.1AI Data Processing
Our AI features rely on third-party providers. The AI Assistant and quote estimates are powered by Anthropic (Claude). The AI creative tools (stencil, mockup, idea) are powered by Google's image model, accessed through Replicate. To deliver these features we send the content needed to process your request: for the assistant/quotes — your chat messages, tattoo parameters, reference images and the artist's configuration; for the creative tools — your prompts, reference images and the body photo you upload for a mockup. We do NOT send your health/intake data, Instagram tokens, or passwords to any AI provider.
10.2Provider Terms & Model Training
10.3AI Image Generation
The mockup tool uploads a photo of a body part to generate a realistic preview. That image is sent to the United States (Google, via Replicate) for processing and may reveal sensitive personal data; by uploading it you confirm you have the right and the depicted person's consent to do so (see Terms Section 6). Generated images are stored in our AWS storage and carry an embedded SynthID watermark identifying them as AI-generated. AI images are synthetic simulations and may be inaccurate.
10.4AI Data Retention
Quote/AI chat sessions are retained for up to 90 days of inactivity; artist training data is retained while the account is active; generated images and uploaded tool images are kept until you delete them; image-generation job logs are automatically deleted after 30 days. All AI data is deleted upon account-deletion request.
10.5Your AI Data Rights
- Delete AI training data: Settings > AI Assistant > Clear Training Data
- Delete generated images and uploaded tool images at any time in the app
- Disable AI features entirely
- Export AI conversation history via data export
11.Data Breach Notification
We will notify you within 72 hours of breach discovery via email, prominent app/website notice, and public disclosure if >500 users affected.
11.1Notification Contents
- Nature of breach and data affected
- When breach occurred and was discovered
- Steps we're taking to address it
- Measures you can take to protect yourself
- Contact information
11.2Special Considerations
If Instagram tokens are compromised, we immediately invalidate all affected tokens. If message content is compromised, we notify affected participants. If AI training data is compromised, we notify affected artists. We coordinate with Meta/Instagram and our AI providers (Anthropic, Replicate, Google) as required.
12.What We Retain and For How Long
Account deletion is immediate: we delete or anonymize your personal data right away. The table below summarizes the only categories we keep afterward, and why.
| Category | Retention | Reason |
|---|---|---|
| Personal data (profile, posts, messages, AI data, Instagram data) | Deleted or anonymized on account deletion (immediate) | No longer needed once you leave |
| Health/intake data (PHI) | Anonymized and retained ~7 years, then automatically purged | Legal / HIPAA recordkeeping |
| Financial records (invoices, subscriptions) | Retained as required by law | Accounting and tax obligations |
| Consent records | Retained as proof of consent | Demonstrate lawful acceptance |
| Deletion & audit logs (incl. Meta data-deletion records) | Retained for compliance | Prove deletions were carried out |
13.Consent Management
13.1What We Track
| Type | Details |
|---|---|
| Terms of Service | Date, time, IP, version, user agent |
| Privacy Policy | Date, time, IP, version, user agent |
| Data Transfer (BR→USA) | Date, IP, revocable via API |
| Instagram Connection | Date, scopes, revocable anytime |
| AI Assistant | Implicit via use, can be disabled |
| AI Creative Tools | Implicit via use; you confirm rights to uploaded images |
13.2Audit Trail
Full consent history maintained during account lifetime + 5 years after deletion. Used for legal proof, compliance audits, and user rights verification. You can review your consent history via admin@yttrium-labs.com.
14.Children's Privacy
Ink-y is NOT intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.
If we discover we have collected data from a child under 18, we will immediately delete all associated data, terminate the account, and notify the parent/guardian if contact info is available.
To report underage users: Contact admin@yttrium-labs.com
15.Policy Changes
We may update this Privacy Policy periodically. We will notify you of material changes through email notification (at least 30 days in advance), prominent notice in the app, and prominent notice on our website.
Minor changes (clarifications, formatting) may be made without advance notice. Your continued use after changes take effect constitutes acceptance. If you disagree, you may delete your account before the effective date.
16.General Provisions
16.1Applicable Law
- Brazil: Brazilian laws, especially LGPD (Law 13.709/2018)
- USA: US federal and state laws, including CCPA/CPRA and HIPAA
16.2Severability
If any provision is deemed invalid, the remaining provisions remain in full force.
16.3Language
Available in Portuguese and English. In case of conflict, Portuguese prevails for Brazilian users, English for US users.
17.Privacy Practices Summary
| Aspect | Practice |
|---|---|
| Sell data? | No - We do NOT sell your data |
| Tracking cookies? | No - Not in app; Meta Pixel on public website only |
| IDFA (iOS)? | No - We do NOT collect IDFA |
| Targeted advertising? | No |
| Encryption? | Yes - AES-256-GCM, bcrypt, TLS 1.3 |
| Account deletion? | Yes - in-app, immediate and permanent |
| Data export? | Yes - Complete JSON via API |
| International transfer? | Yes - BR → USA (with consent) |
| Under 18? | NOT allowed |
| AI data shared? | Only what's needed; providers don't train on it by default |
| AI decisions? | NON-BINDING estimates only |
| AI-generated images? | Synthetic, SynthID-watermarked, may be inaccurate |
| Message content shared? | No - Private between participants |
18.Contact Us
Data Protection Officer
admin@yttrium-labs.com · Response within 15 days (LGPD) / 45 days (CCPA).
Address
Yttrium Labs LLC · 1111B S Governors Ave STE 48231, Dover, DE 19904, USA
19.Acknowledgment
BY USING INK-Y, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTOOD IT, AND AGREE TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED HEREIN.
Version History
Showing changes since v1.0- v7.1Jun 30, 2026Disclosed Pagar.me as our payment processor and sub-processor (added to the data-sharing table) and added the Payment and Billing Data section clarifying that card and CPF data are held by Pagar.me, not Ink-y.
- v7.0Jun 13, 2026Corrected AI providers (Anthropic for assistant/quotes; Google via Replicate for image tools). Added AI creative-tools data, body-photo and sensitive-data disclosures, SynthID/synthetic-image notice, and updated international-transfer and retention details.
- v6.0May 10, 2026Complete rewrite with Instagram, messaging, AI provisions. LGPD/CCPA details.
- v4.1Feb 12, 2026Vendor updates and AI clause.
- v4.0Feb 12, 2026Added detailed LGPD compliance.
- v3.0Oct 01, 2025Meta Platform replaced Basic Display.
- v2.0Jun 08, 2025Stripe + HIPAA sensitive data.
- v1.0Sep 03, 2024Initial policy.