← Back to Melt.Tattoo

Privacy Policy

Last Updated: March 2026

This Privacy Policy explains how Melt.Tattoo ("we", "us", or "our") collects, uses, and protects your personal information when you use our AI-powered tattoo visualization service at melt.tattoo.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — used for account creation, login, and transactional emails (e.g., password reset)
• Password — stored securely using industry-standard hashing (bcrypt)

1.2 Google OAuth Data

If you sign up or log in with Google, we receive:

• Email address — to create or link your account
• Google account ID — to uniquely identify your account

1.3 Skin Photos

When you upload a skin photo for tattoo visualization:

• Photos are processed temporarily to generate your tattoo preview
• Photos are not stored permanently on our servers — they are deleted shortly after processing (typically within minutes)
• Photos are sent to third-party AI services solely for rendering (see Section 4)
• Tattoo sketches you save are stored until you delete your account

1.4 Generated Images

Tattoo preview images generated by our AI are temporarily stored to display your results. They are deleted from our servers after a short retention period.

1.5 Usage Data

We collect usage data including IP address, device type, approximate location, and referrer URL for service improvement and abuse prevention. Usage events (page views, button clicks, feature usage) are associated with your user ID.

2. How We Use Your Information

• Account management — creating and authenticating your account
• Service delivery — processing your photos and generating tattoo previews
• Transactional emails — password resets, verification codes via Resend
• Service improvement — understanding usage patterns to improve features
• Security — preventing abuse, fraud, and unauthorized access

We do not sell your personal data. We do not share your data with third parties for advertising or marketing purposes.

3. Cookies & Local Storage

We use browser local storage (not traditional cookies) for:

• Authentication tokens and session data — keeps you logged in and manages your session
• UTM parameters — tracking which ad campaign brought you to us

We do not use third-party tracking cookies.

4. Third-Party Services

To operate the service, your data may be processed by:

Service	Purpose	Data Shared
Google OAuth	Account authentication	Email, profile name
Black Forest Labs (FLUX)	AI tattoo rendering	Skin photo, tattoo design, mask
Google Gemini	Image analysis and generation	Uploaded images
Supabase	Database & file storage	Account data, temporary images
Resend	Transactional email	Email address

Each third-party service is governed by its own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Retention & Deletion

• Skin photos — deleted from our servers within minutes of processing
• Generated images — deleted after a short retention period
• Account data — retained while your account is active
• Usage events — retained for analytics purposes

Data already processed by third-party AI services (FLUX, Gemini) is subject to their respective retention policies and may not be fully recoverable by us.

5.1 Account Deletion

You may delete your account at any time using the "Delete Account" option in the app footer (visible when logged in). When you delete your account:

• Your email, profile data, and account credentials are permanently removed
• Your saved tattoo sketches are permanently deleted from storage
• Your usage history and transaction records are deleted
• Any remaining stored images are deleted

You can also request account deletion by contacting us at info@melt.tattoo.

6. Your Rights (GDPR & International Users)

If you are located in the European Union or other jurisdictions with data protection laws, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — request your data in a machine-readable format
• Restriction — request we limit how we process your data
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at info@melt.tattoo. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Bcrypt password hashing
• JWT-based authentication with expiration
• Environment-variable-based secret management

8. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions or requests: