GuestSpot App — Privacy Policy

Quick summary

• We collect account details, profile/portfolio content (including photos), booking and payment information, communications, location, and device/usage data.
• We use data to run the platform (find matches, manage bookings and payouts, prevent fraud), to communicate with you, to personalize results, and to improve the service.
• Photos of tattoos or other profile content may reveal sensitive information (e.g., religious beliefs). We process such information only when you choose to upload it and with your explicit consent, which you can withdraw at any time.
• We share data with other users as needed for bookings, and with trusted service providers (e.g., payments, hosting, analytics). We do not sell your personal information.
• You have choices and rights, including accessing, correcting, deleting, and exporting your data. See Your rights & choices below.

Who we are & scope

Controller: GuestSpot App (see contact details below).

This policy applies to the Guest Spot mobile apps, website, and related services (collectively, the Services). Where a tattoo shop uses Guest Spot to manage applicants and store client-related information, the shop is typically the controller of that content and Guest Spot acts as a processor on the shop’s behalf.

If you are in the UK/EEA, Guest Spot is the data controller for the Services. If we appoint an EU/UK representative, we will update their details here.

Information we collect

How we use your information

• Provide and secure the Services: create and manage accounts; facilitate discovery and matching; host portfolios; enable messaging, applications, bookings, deposits/payouts; provide support; monitor and prevent spam, abuse, or fraud.
• Personalize and improve: recommend guest spots/artists, sort search results, suggest cities/dates, and run analytics to improve performance and usability.
• Communicate with you: service messages (bookings, updates, policy changes), marketing with your consent, and reminders you request.
• Legal & compliance: verify identities and licenses where required; handle disputes, chargebacks, and lawful requests; maintain records for tax and accounting.

Legal bases for processing (EEA/UK only)

• Contract: to provide the Services you request (account, bookings, payments, support).
• Legitimate interests: to secure and improve our Services, prevent fraud, personalize non-intrusively, and communicate service updates (balanced against your rights).
• Consent: marketing emails/push notifications, precise location, cookies that aren’t strictly necessary, social sign-in, and processing any sensitive content you upload.
• Legal obligation: tax, accounting, KYC/AML where applicable, responding to lawful requests.

Sharing & disclosure

We share information in these situations:

• With other users: limited profile and booking information is visible to facilitate discovery and bookings (e.g., your name, portfolio, styles, rating, city/availability). Messages are visible to the participants and to our trust & safety team as necessary to enforce policies.
• Service providers: hosting, database, analytics, logging/crash reporting, customer support, communications (email/SMS/push), content moderation, identity verification, and payment processing (we never store full card/bank details on our servers).
• Business transfers: in the event of a merger, acquisition, or asset sale, consistent with this policy.
• Legal & safety: to comply with law, enforce our terms, protect rights, safety, and property, and prevent fraud or abuse.

We do not sell your personal information. If we engage in “sharing” for cross-context behavioral advertising (as defined under California law), you can opt out—see Your rights & choices.

International data transfers

We may process and store information in countries other than where you live. When transferring personal data from the UK/EEA, we use approved safeguards, such as Standard Contractual Clauses (and the UK Addendum), plus additional measures as needed.

Data retention

We keep personal data for as long as needed to provide the Services and for legitimate business needs (e.g., records, security, and legal/compliance). Typical retention periods:

• Account and profile data: for your account lifetime; delete or anonymize within 30–90 days after account closure, unless we must retain it (e.g., disputes, fraud prevention, tax/financial recordkeeping).
• Messages and booking history: retained for the life of the account and for a reasonable period thereafter for audit/fraud prevention.
• Logs/analytics: typically 12–24 months in aggregate/anonymized form.

Your rights & choices

• Access, correct, delete, or export your data via account settings or by contacting us.
• Object or restrict processing carried out on the basis of legitimate interests.
• Withdraw consent at any time (e.g., for marketing or precise location).
• Marketing controls: unsubscribe links in emails; mobile OS settings for push notifications; cookie preferences on the web.
• Location controls: disable device location or set to “While Using the App”.
• Do Not Sell/Share (California): if applicable, use the in-app/web toggle to opt out of cross-context behavioral advertising.

We will honor verified requests subject to legal limitations. You may have additional rights under local law.

Security

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, secrets management, monitoring, and routine backups. No system is 100% secure; please use a strong, unique password and keep it confidential.

Children’s privacy

Guest Spot is not intended for individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided information, contact us and we will take appropriate steps to delete it.

Cookies & similar technologies

We use cookies and SDKs to run the site/app (session/authentication), remember preferences, measure usage (analytics), and troubleshoot (crash logs). Where required, we obtain consent for non-essential cookies. You can manage cookie preferences via our banner (web) and adjust app permissions on your device.

Shop data as controller; Guest Spot as processor

When a shop stores or processes information about artists/applicants or clients through the Services, the shop is generally the controller of that data and Guest Spot acts as a processor. We process such data according to the shop’s instructions and our Data Processing Addendum (DPA). Shops are responsible for providing their own privacy notices to data subjects.

Third-party links

The Services may link to third-party sites or services (e.g., social networks, payment providers). Their privacy practices are governed by their own policies.

Changes to this policy

We may update this policy from time to time. We will notify you of material changes (e.g., via email or in-app) and indicate the effective date at the top.

Contact us

Email: privacy@guestspot.app
Postal: [Company legal name], [Registered address], [City, Country, Postcode]
EU/UK Representative (if applicable): [Name and contact]

For questions about this policy or to exercise your rights, contact us at the email above.

Jurisdiction-specific notices

Key definitions

• Personal data/personal information: any information that identifies or can reasonably be linked to an individual.
• Controller/processor: as defined by applicable law.
• Services: GuestSpot App mobile apps, website, and related features.

Version history

• v1.0 — September 3, 2025: Initial public draft.