Privacy

Privacy policy

Last updated: May 2026. First-pass content for the private beta — pending legal review before public launch.

VenomPro is a private beta for tattoo artists and studios. This page explains what personal data we collect, why we collect it, who we share it with, and what rights you have over it. We follow the EU General Data Protection Regulation (GDPR) and the equivalent rules in the country where you live.

1. Who we are

The data controller for VenomPro is Akis Stark, operating as VenomPro. You can reach us by emailing akis.stark@gmail.com. During the private beta we operate as a sole controller; if and when we incorporate as a legal entity we will update this page and notify existing users.

2. What we collect

We collect only what we need to run the private beta and protect the service.

When you request access or join the waitlist

  • Email address (required) and name (required)
  • Optional: phone, address, location, industry, role or title, website
  • Optional: a short reason explaining why you want access
  • Technical: your IP address and User-Agent string at the moment of submission, used for spam and abuse detection

When you sign up for an account

  • Email address and password (passwords are hashed; we never see them in plain text)
  • A display name you choose
  • Sign-in timestamps and basic session metadata for security

When you use the app

  • Audit-log entries describing administrative actions affecting your account (role changes, invite consumption, profile activity)
  • Tattoo scans, designs, and placements you create or upload (we store these so the service can function)

We do not currently collect analytics or use third-party tracking. We do not sell or share data for advertising.

3. Why we collect it (legal basis)

  • Performance of contract (GDPR Art. 6(1)(b)) — we need your email and password to give you access to your account; we need your design data to provide the service.
  • Legitimate interest (Art. 6(1)(f)) — we keep audit logs and IP/User-Agent records to detect abuse, debug failures, and protect the integrity of the private beta. You can object to this processing; see Section 6.
  • Consent (Art. 6(1)(a)) — for any optional fields on the access-request and waitlist forms (phone, address, location, etc.). You can leave these blank.

4. Who we share it with (subprocessors)

We use a small set of vendors to run the service. None of them sell your data, and all are bound by Standard Contractual Clauses (SCCs) where data leaves the EEA.

  • Supabase (Supabase Inc., USA) — database, authentication, and audit logs. Our project is hosted in the eu-central-1 region (Frankfurt, Germany).
  • Vercel (Vercel Inc., USA) — application hosting and the global edge network that serves venompro.com and app.venompro.com.
  • Resend (Resend Inc., USA) — transactional email (sign-up confirmations, invite links, internal review notifications).
  • hCaptcha (Intuition Machines Inc., USA) — bot and abuse protection on the public access-request and waitlist forms.

We will update this list as it changes. We do not transfer data to any other party except where legally required (for example, in response to a valid court order).

5. How long we keep it

  • Pending access requests and waitlist entries: kept until reviewed. After review,spam entries are deleted within 30 days, rejected entries within 180 days.invited and approved entries are kept while the linked invite token is active and for audit purposes thereafter.
  • IP address and User-Agent on form submissions: anonymized (set to NULL) after 90 days.
  • Active accounts: kept for the lifetime of your account. You can request deletion at any time (see Section 6).
  • Audit logs: retained while the linked entity (account, invite, scan) exists, and for a minimum of 12 months after to support security investigations.

The retention windows above are first-pass numbers for the private beta. We will tighten them with legal review before public launch.

6. Your rights

Under GDPR you have the right to:

  • Access — get a copy of your personal data (Art. 15)
  • Rectification — correct anything inaccurate (Art. 16)
  • Erasure — ask us to delete your data (Art. 17)
  • Restriction — limit how we process your data (Art. 18)
  • Portability — receive your data in a structured, machine-readable format (Art. 20)
  • Object — object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time, where processing is based on consent (Art. 7(3))

To exercise any of these rights, email akis.stark@gmail.com. We will respond within 30 days.

7. How to complain

If you believe we have mishandled your data, you can lodge a complaint with your local data protection authority. For users in Italy, that is the Garante per la protezione dei dati personali. For other EU/EEA countries, the European Data Protection Board maintains a directory at edpb.europa.eu.

8. Security

We protect your data with industry-standard controls: encrypted connections (TLS), encrypted database storage, hashed passwords, role-based access control, row-level security at the database layer, and per-action audit logging. Sign-in cookies are scoped to .venompro.com and marked Secure and HttpOnly where applicable.

9. Cookies

We use cookies only to keep you signed in (authentication session). We do not use advertising or analytics cookies. If we add any in the future we will publish a cookie banner and update this page.

10. Changes to this policy

We will update this page when our practices change. The date at the top of the page reflects the last revision. Material changes affecting active users will trigger a notification email.

11. Contact

Questions about privacy? Email akis.stark@gmail.com.