Privacy Policy

How we collect, use, and protect your information

Last Updated: January 1, 2025

1. Scope

This Policy applies to information collected through:

  • Our website https://resiliencebodyarts.com (the "Site")
  • Online forms and booking widgets embedded in or linked from the Site
  • Email, phone, SMS, or social-media messages you exchange with us
  • In-studio interactions when you visit our premises

It does not apply to third-party sites or services that may be linked from our Site. Those services have their own privacy statements.

2. Information We Collect

2.1 Information you provide directly

  • Contact details: name, mailing address, email address, telephone number
  • Appointment & service details: artist requested, preferred dates, tattoo or piercing description, reference photos (with your consent)
  • Health information: allergies, medications, or medical conditions relevant to safe tattooing or piercing
  • Payment details: we do not store or process card numbers. All card payments are handled by Square; we only receive confirmation that your payment succeeded.

2.2 Information collected automatically

When you visit or interact with the Site, we automatically collect:

  • Device & usage data – IP address, browser type, operating system, referring URLs, pages viewed, and the date/time of each visit
  • Cookie & similar-technology data – small text files that help us keep you signed in, remember form entries, and understand how visitors navigate the Site

3. How We Use Your Information

We process your information to:

  • Provide and improve our services
  • Communicate with you about bookings, promotions, or studio events
  • Secure our business – detect and prevent fraud or misuse of our Site
  • Comply with legal obligations
  • Analyse Site usage trends

Legal bases for processing (GDPR-Art 6)

  • Contract – processing necessary to perform the service you request
  • Consent – for optional health details, marketing emails, or use of your healed-work photos in our portfolio
  • Legitimate interest – to secure and improve our Site
  • Legal obligation – records we must keep under state or local regulations

4. Sharing of Information

We do not sell or rent your personal information. We only share it:

  • With service providers who perform services for us (Square payment processing, email provider, website host) under strict confidentiality agreements
  • With your consent
  • When required by law or to protect the rights, safety, or property of Resilience Body Arts, our clients, or the public

5. Cookies & Tracking Technologies

We use first-party cookies and a privacy-focused analytics tool to:

  • Keep you signed in while you complete forms
  • Remember your form inputs if you return to the Site
  • Compile anonymous statistics about page traffic

You can control cookies through your browser settings. If you disable cookies, some Site features may not function properly.

6. Data Retention

We retain:

  • Booking & consent records for 7 years to meet Massachusetts health-department requirements
  • Marketing contact details until you unsubscribe or two years after your last interaction, whichever comes first
  • Analytics logs (IP addresses anonymised) for 14 months

We periodically review and securely delete or anonymise data that is no longer needed.

7. Security

We implement industry-standard safeguards to protect your information:

  • TLS encryption in transit
  • Encrypted backups at rest
  • Access controls that restrict staff access to "need to know"
  • Regular software updates and vulnerability monitoring

No online service can guarantee absolute security; however, we follow recognised best practices to minimise risk.

8. Your Rights

Depending on where you live, you may have the following rights:

  • Access – receive a copy of the personal data we hold about you
  • Correct or update your information
  • Delete certain information
  • Withdraw consent for processing based on consent
  • Object to or restrict specific processing
  • Portability (GDPR) – receive your data in a machine-readable format

California residents (CCPA-CPRA)

You have the right to Know, Delete, Correct, and Opt-Out of Sharing of personal information. Because we do not sell personal information, we do not display a "Do Not Sell or Share My Personal Information" link. To exercise any of these rights, contact us via the methods below.

Exercising your rights

Email privacy@resiliencebodyarts.com or call (781) 977-9344. We will verify your identity before fulfilling the request and respond within the timeframe required by law.

9. Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect information from them. If you believe we may have collected a child’s data, please contact us and we will delete it promptly.

10. International Transfers

Our servers are located in the United States. If you are located outside the U.S. and choose to provide information to us, please note that it will be transferred and processed in the U.S. under Standard Contractual Clauses or other appropriate safeguards when required.

11. Changes to This Policy

We may update this Policy periodically. When we do, we will revise the "Last Updated" date at the top and, if the changes are material, provide a prominent notice on the Site.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact:

Resilience Body Arts
39 Main St, Maynard, MA 01754
Email: info@resiliencebodyarts.com
Phone: (781) 977-9344