inktboek
This is an English translation of the Dutch original. In case of any conflict between the two versions, the Dutch text prevails. View the Dutch original here.
Privacy statement

How we handle your data

Last updated: May 2, 2026

inktboek is booking software for tattoo studios. We process two types of personal data: from studios and artists who use inktboek (our customers) and from end customers of those studios who submit a request or appointment via inktboek. This page covers both.

For end customers we are a processor on behalf of the studio. The studio is the controller. See the data processing agreement for the legal framework between studio and inktboek.

1. Who we are

inktboek is a product of Helolinks (KvK 98076655, registered at Poortland 66, 1046BD Amsterdam, Netherlands). Contact: hi@inktboek.nl.

For privacy-related questions, email privacy@inktboek.nl.

2. What data we collect

From studios and artists (our customers)

  • Name, email, password (stored encrypted, not readable by us)
  • Studio name, address, KvK (Chamber of Commerce) number
  • Artist profiles: name, bio, portfolio photos
  • Reference to the Stripe account the artist links to inktboek. We don't store any bank details — those sit at Stripe
  • Login data (encrypted in a secure cookie) so you stay signed in
  • Limited server logs for max 30 days, only for security and debugging

From Community applicants (on /community)

  • Studio name, first name, email (required to handle your application)
  • Optional: website, Instagram handle, indication of bookings per month, short motivation
  • IP address at time of application, for abuse detection

Applications are used solely to manage the Community deal (50% off per month in exchange for monthly feedback). We keep an application for at most 24 months after receipt, or until you ask for deletion. Approved applications are linked to your studio account so we can apply the coupon. Rejected or deleted applications are removed from our database immediately.

From end customers (customers of the studio)

  • Name, email, phone
  • Intake info: desired tattoo, body area, size, color, first tattoo or not, allergies
  • Reference photos the customer uploads themselves
  • Bookings and deposits (amount and status; we never store card details — those only sit at Stripe)
  • Chat messages between customer and artist
  • Ink passport data per session (NEN-EN 17169 legal requirement): which inks were used, with brand, batch number, expiry and REACH conformity. The passport PDF is kept for 5 years per the NL guideline for tattoo practices

3. Why we collect this data

  • Performance of the contract. Without this data the studio cannot make an appointment or collect a deposit. Basis: art. 6.1.b GDPR.
  • Security. To prevent abuse and to be able to investigate what happened in case of incidents. Basis: legitimate interest, art. 6.1.f GDPR.
  • Legal obligations. Invoicing and tax retention. Basis: art. 6.1.c GDPR.

We do not sell personal data. We do no marketing tracking. No Google Analytics, no Facebook pixel, no cookies other than what is strictly necessary to keep you signed in.

4. How long we keep it

Type of dataRetention
Account data (studio, artist)Until cancellation + 30 days
Community applicationsMax 24 months, earlier on request
Customer data (intakes, bookings)7 years (tax retention requirement)
Chat messagesUntil project archiving, max 7 years
Ink passport PDF (NEN-EN 17169)5 years after session
Server logs30 days
Backup snapshots30 days

5. Who we share with (sub-processors)

  • Stripe: our payments partner. Deposits via iDEAL and credit card run through Stripe; the money goes straight from customer to artist, we never touch it.
  • Strato (Germany): hosting of our servers, database and file storage. Datacenter in Germany (EU, GDPR-compliant).
  • Own mail server: confirmations and reminders we send via a mail server we run ourselves. No external mail service.

Full list (incl. legal names and contracts) is in the data processing agreement.

6. Your rights

Under GDPR you have the right to access, rectification, deletion, restriction, objection and data portability. For your account data as studio or artist you can contact us directly via privacy@inktboek.nl. We respond within 30 days.

For end-customer data (if you are a customer of a tattoo studio that uses inktboek) you must exercise your rights primarily with that studio. We can only delete or correct data on the studio's request.

7. Security

  • All traffic between your browser and inktboek runs encrypted over HTTPS
  • Passwords are stored encrypted; nobody at our side can read them
  • Sign-in works with a secure session cookie
  • Stripe payments are verified before we update status
  • We make daily database backups and keep them for 30 days
  • Server access is strictly restricted; no password logins

In case of a data breach with risk to data subjects, we report within 72 hours to the Dutch Data Protection Authority and to affected studios.

8. Complaints

Not satisfied with how we handle your data? Email privacy@inktboek.nl first. If we cannot resolve it, you can file a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl.

9. Changes

We may amend this statement. Material changes are announced by email to active studios at least 30 days before they take effect. The “last updated” date at the top of this page is always current.