ParlorOps
Privacy Policy
ParlorOps is operated by RPDockery Holdings Corp., a Florida corporation ("Company," "we," "us," "our"). This Privacy Policy describes how we collect, use, and share information when you use the ParlorOps mobile application and related services (collectively, the "Service"). ParlorOps is a software platform built for tattoo artists, tattoo studios, and the clients those studios serve.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Who we are
The Service is operated by RPDockery Holdings Corp., a Florida corporation. For privacy questions, data-access requests, or account deletion requests, contact us at [email protected].
Contact:
RPDockery Holdings Corp.
[email protected]
2. Information we collect
The categories below mirror the data declarations in our App Store privacy manifest (PrivacyInfo.xcprivacy). We collect only what we need to operate the Service. None of the categories below are used to track you across other apps or websites; we do not contact tracking domains.
Contact information
| What | Why |
|---|---|
| Name | Display in your account, on bookings, and in client records. |
| Email address | Account login, transactional notifications, customer support. |
| Phone number | Optional booking reminders by SMS (only if you opt in). |
| Physical address | Studio address (public on your studio profile); client billing address only when you enter one for payment. |
Health and tattoo metadata
If you choose to use the touch-up reminder feature, the app stores tattoo-related attributes you enter — Fitzpatrick skin type, sun-exposure level, ink-color palette — to estimate when a tattoo may need a touch-up. We treat this as health-adjacent information, not clinical health information. We do not sell or share this data, and we do not act as a HIPAA-covered entity.
Financial information
When a payment is processed through the Service, we record the amount, tip, status, and the last four digits of the card used. Full card numbers never touch our servers — payments are tokenized through Stripe (PCI DSS Level 1 service provider) under the SAQ-A merchant scope.
Identifiers
| What | Why |
|---|---|
| User ID | Server-generated UUID assigned to your account. |
| Device ID (APNs token) | Required to deliver push notifications to your specific device. Apple controls the underlying token; we store only the version Apple gives us. |
User content
| What | Why |
|---|---|
| Photos and videos | Reference photos for bookings, artist portfolios, in-progress and final session photos, end-of-session captures. |
| Customer-support submissions | Bug reports, feature requests, and feedback you send through the in-app feedback form. App version and device model are auto-attached for diagnostic context. |
| Other content you author | Tattoo story field, session notes, booking notes, and artist bio. |
Pricing data (optional, opt-in only)
ParlorOps offers an optional feature in which participating users can contribute information from completed tattoo sessions to an aggregated dataset used to improve pricing suggestions across the platform. This feature is off by default and requires your explicit opt-in.
What is collected (only if you opt in):
- Style category, approximate size, approximate complexity, and state-level geography of the tattoo
- Final price recorded on the session and the session duration
- Time of session completion
What is NOT collected:
- Your name, account identifiers, or any direct identifier of you
- Identifiers of any artists, shops, or clients associated with the session
- Photographs, artwork, descriptions, or any free-text content from the session
De-identification: Before any contribution is added to the aggregated dataset, ParlorOps applies de-identification techniques designed to remove direct and indirect identifiers. ParlorOps further applies minimum-group aggregation thresholds before any pricing signal derived from the dataset is made available within the application. ParlorOps does not warrant that de-identification is mathematically perfect.
How to opt in or out:
- New users: choose during signup (default is opt-out)
- Existing users: Settings → Privacy → "Contribute to pricing data"
- Opting out stops new contributions immediately
- Because contributions are de-identified at submission, ParlorOps is unable to locate, extract, or remove past contributions from the aggregated dataset
No sale to third parties: ParlorOps does not sell, license, or transfer contributions or the aggregated dataset to third parties for marketing, advertising, or commercial resale.
Diagnostics
| What | Why |
|---|---|
| Crash data | Standard iOS crash reports — only when you have system-level diagnostic sharing enabled with Apple. |
| Performance data | Aggregated server-side metrics (latency, error rates). Not linked to specific users at the metric level. |
3. How we use your information
- To provide, maintain, and operate the Service.
- To process payments and refunds.
- To send transactional notifications (booking confirmations, reminders, aftercare prompts, account-security messages).
- To respond to your support requests.
- To diagnose, fix, and improve the Service.
- To enforce our Terms of Service and protect the rights, safety, and property of users.
- To comply with legal obligations.
We do not use your information for advertising, profile-building for third-party sale, or any form of cross-app tracking.
4. How we share information
We share information only with service providers who help us operate the Service, and only the minimum information necessary. Today's sub-processors are:
| Provider | Purpose | Data shared |
|---|---|---|
| Apple, Inc. (US) | App distribution, push-notification delivery (APNs), in-app sign-in (Sign in with Apple, when enabled). | Device push token; account email if Sign in with Apple is used. |
| Stripe, Inc. (US) | Payment processing and Stripe Connect marketplace payouts. | Card data (entered directly into Stripe-hosted UI), payment amount, currency, customer email, connected-account details. |
| Twilio SendGrid (US) | Transactional email delivery (password resets, booking confirmations, reminders, aftercare prompts). | Recipient email address, email content (booking details, reset links). |
| Twilio, Inc. (US) | SMS reminders and notifications (only when you have opted in to SMS). | Phone number, message content (booking reminders, aftercare prompts). |
| Anthropic, PBC (US) | AI-powered features: photo-match style analysis, marketing-copy drafting, and pricing-assistant duration estimation. Data is processed under Anthropic's commercial API, which does not use submitted content to train models. | Reference photo (base64-encoded, not stored by Anthropic beyond the API call) and optional artist-typed text description of the tattoo, used solely to estimate session duration and complexity. No account identifiers are included in prompts. Artist-typed descriptions are free-text and may incidentally include details about the tattoo subject; we recommend artists avoid including names of clients or other identifying personal details when typing descriptions. |
| Fly.io, Inc. (US — region: iad) | Application hosting and compute. | All collected data processed by the backend, encrypted in transit via TLS. |
| Neon, Inc. (US) | Managed PostgreSQL database. | All structured data (accounts, appointments, payments, audit logs), encrypted at rest. |
| Amazon Web Services (US — us-east-1) | File storage (portfolio photos, consent documents) via S3. | Uploaded files; no PII metadata beyond what is embedded in the file itself. |
| Google LLC (US — Google Calendar API) | Optional Google Calendar integration for users who opt in. Outbound: session event metadata pushed to the user's own Google Calendar. Inbound: free/busy time blocks read from the user's calendar to compute available booking slots for that artist. | Outbound: session date, time, and duration only — summary reads "Tattoo Session." Client names, tattoo descriptions, prices, and all PII are deliberately excluded. Inbound: anonymous free/busy time blocks only; no event titles or descriptions are read. Inbound data is held in a short-lived (5-minute) server-side cache and never written to our database. |
Calendar sync is OFF by default. You enable it explicitly in Settings → Calendar Sync. You can disconnect at any time; disconnecting stops all future data flow between ParlorOps and Google Calendar. Any events already pushed to your Google Calendar before disconnecting remain in your Google account (they belong to you) and can be deleted there.
We do not sell your personal information, and we do not share it with advertisers or data brokers.
We may disclose information if required by law, valid legal process (subpoena, warrant), to protect rights or safety, or in connection with a merger, acquisition, or sale of assets — in which case any successor entity will be bound by this Privacy Policy or notify you of any change.
5. How long we keep your information
We retain your information for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or de-identify your personal information within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes (typically up to 7 years for financial records).
6. How we protect your information
- All data in transit is encrypted with TLS 1.2 or higher.
- Sensitive client fields (email, phone, legal name) are encrypted at rest.
- Authentication tokens are stored in the iOS Keychain on your device.
- We follow the NIST Cybersecurity Framework (CSF) for security program design.
- Card data is tokenized by Stripe and never stored on our servers.
No system can guarantee absolute security. If we discover a security incident affecting your information, we will notify you in accordance with applicable law.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information (subject to retention obligations described above).
- Export your information in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, email [email protected] from the email address on your account. We will respond within 30 days. If you are in the European Economic Area, the United Kingdom, or California, you also have the right to lodge a complaint with your local data-protection authority.
8. Children
The Service is not intended for users under 18. The app enforces an age gate at signup. We do not knowingly collect information from children under 13 (or under 16 in the EEA). If you believe a child has given us their information, contact us and we will delete it.
9. International users
ParlorOps is operated from the United States. If you use the Service from outside the United States, your information will be transferred to and processed in the United States. We use standard contractual clauses or equivalent safeguards where required by law.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top and, for material changes, give you reasonable advance notice (in-app or by email). Your continued use of the Service after the effective date of an update means you accept the updated policy.
11. Contact us
Questions, complaints, or rights requests: [email protected].