Privacy Policy

1. Data We Collect

Hall of Mirrors collects the following information:

• Name, email address, phone number, date of birth
• Address and location information
• Medical history (allergies, conditions, medications)
• Tattoo design ideas and reference images
• Payment information (handled securely by Stripe/PayPal)

2. How We Use Your Data

Your data is used for:

• Booking and appointment management
• Health and safety considerations
• Legal compliance (consent forms)
• Email notifications and reminders
• Improving our services

3. Data Retention

Client records are retained for a minimum of 6 years (as required by Liverpool City Council for health records). Temporary files (design images from guests) are deleted after 60 days.

4. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion (subject to legal retention periods)
• Restrict processing
• Data portability

5. Security

Your data is encrypted in transit (HTTPS) and at rest. Medical information is encrypted separately. We do not store payment card information.

6. Third Parties

We share data only with necessary third parties:

• Stripe and PayPal (payment processing)
• SendGrid (email delivery)
• AWS S3 (file storage)

All third parties are GDPR-compliant.