Privacy Policy

Last updated: March 11, 2026

1. Introduction

This Privacy Policy explains how NOTJUST.DEV, SL ("Company", "we", "us", or "our"), a company registered in C/ Balmes 129bis 4º 2ª, 08008 Barcelona, Spain, collects, uses, discloses, and protects your information when you use the inkr mobile application ("App").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Spanish Organic Law 3/2018 on the Protection of Personal Data ("LOPDGDD"), the California Consumer Privacy Act ("CCPA"), and other applicable data protection laws.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

NOTJUST.DEV, SL
C/ Balmes 129bis 4º 2ª, 08008 Barcelona, Spain
NIF: B26785477
Email: support@notjust.app

3. Information We Collect

3.1 Information You Provide

  • Account Information: If you choose to sign in, we collect the information provided by your Apple or Google account, which may include your name and email address. You may also use the App anonymously without creating an account.
  • Design Prompts: Text descriptions you provide to generate tattoo designs. These are sent to our AI processing service.
  • AI-Generated Designs: Tattoo designs generated through the App based on your prompts, which may be stored on our servers.
  • Support Requests: Information you provide when contacting our support team.

3.2 Information Collected Automatically

  • Usage Data: How you interact with the App, including features used, session duration, screens viewed, and actions taken. Collected via PostHog.
  • Device Information: Device type, operating system version, unique device identifiers, language settings, and mobile network information.
  • Purchase Data: Records of in-app purchases and subscription status, processed through RevenueCat.
  • Error and Performance Data: Crash reports and performance diagnostics collected via Sentry.

3.3 Information We Do NOT Collect

  • We do not collect precise geolocation data.
  • We do not collect data from users who have not installed and opened the App.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Providing the App and its features — Performance of a contract (Art. 6(1)(b))
  • Processing payments and subscriptions — Performance of a contract (Art. 6(1)(b))
  • Analytics and App improvement — Legitimate interest (Art. 6(1)(f))
  • Error tracking and diagnostics — Legitimate interest (Art. 6(1)(f))
  • Fraud prevention and security — Legitimate interest (Art. 6(1)(f))
  • Legal compliance — Legal obligation (Art. 6(1)(c))

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the App and AI tattoo generation features
  • Generate tattoo designs based on your text prompts
  • Process transactions and manage subscriptions via RevenueCat
  • Monitor App performance and fix errors via Sentry
  • Analyze usage patterns and improve the App via PostHog
  • Detect, investigate, and prevent fraud and abuse
  • Comply with legal obligations

6. AI-Generated Content

Design prompts you provide are processed by artificial intelligence using third-party AI services to generate tattoo designs.

Important:

  • AI providers may process your prompts in accordance with their own privacy policies.
  • We do not use your individual prompts to train our own AI models.
  • AI-generated designs are digitally generated images based on your text descriptions.
  • We do not guarantee the accuracy, originality, or suitability of AI-generated designs.

7. Data Sharing and Third-Party Services

We do not sell your personal information. We share data with the following categories of service providers, who process data on our behalf:

  • Supabase — Database and authentication. Shares account info and app data. Located in US.
  • AI Processing Service — Design generation. Shares text prompts. Located in US.
  • RevenueCat — Payment and subscription management. Shares purchase data and device ID. Located in US.
  • PostHog — Product analytics. Shares usage data and device info. Located in US.
  • Sentry — Error tracking. Shares crash reports and device info. Located in US.
  • Apple / Google — Authentication (optional). Shares auth tokens and email. Located in US.

We may also disclose your information:

  • To comply with applicable laws, regulations, or legal processes
  • To protect the rights, property, or safety of our Company, our users, or others
  • In connection with a merger, acquisition, or sale of assets (you will be notified)

8. International Data Transfers

Our Company is established in the EU (Spain), but your data is processed by service providers located in the United States. These transfers are conducted in compliance with the GDPR using one or more of the following safeguards:

  • EU-U.S. Data Privacy Framework (where the provider is certified)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Your explicit consent to the transfer

You may request a copy of the relevant safeguards by contacting us at support@notjust.app.

9. Data Retention

  • Account data: Retained for as long as your account is active.
  • Design prompts and generated designs: Retained for as long as your account is active so you can access your designs.
  • Analytics data: Retained in anonymized/aggregated form.
  • Error logs: Retained for up to 90 days.

When you request account deletion, we will permanently delete your personal data, including all design prompts and generated designs, within 30 days, except where retention is required by law. You can request account deletion at notjust.app/inkr/delete-account.

10. Your Rights

10.1 Rights Under GDPR (EU/EEA Users)

You have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate or incomplete data
  • Erasure ("right to be forgotten") of your personal data
  • Restrict processing of your data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time, without affecting the lawfulness of prior processing
  • Lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or your local supervisory authority

10.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@notjust.app or submit a deletion request at notjust.app/inkr/delete-account. We will respond within 30 days (or as required by applicable law).

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Access controls and authentication for internal systems
  • Regular security assessments

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Age Restriction

The App is intended for users aged 4 and older. We do not knowingly collect personal information from anyone under the age of 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@notjust.app.

13. Anonymous Usage

You may use the App without creating an account. In this case, we assign an anonymous identifier to your device session. We still collect usage analytics and error data as described in Section 3.2. If you later connect an Apple or Google account, your anonymous data may be linked to your account.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy in the App
  • Updating the "Last updated" date at the top of this page

We encourage you to review this Privacy Policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NOTJUST.DEV, SL
C/ Balmes 129bis 4º 2ª, 08008 Barcelona, Spain
NIF: B26785477
Email: support@notjust.app