This Data Processing Agreement ("DPA") forms part of the TatTool Terms of Service or other agreement between Bilfi ApS and the customer using TatTool (the "Agreement"). It applies when Bilfi ApS processes personal data on behalf of the customer in connection with TatTool.

This DPA is intended to meet the requirements of Article 28 of the GDPR and similar processor-contract requirements under applicable data protection laws. If a signed version is required, contact info@tattool.io.

1. Parties and Roles

The customer is the controller for Customer Personal Data. Bilfi ApS is the processor when it processes Customer Personal Data to provide TatTool under the customer's instructions.

Bilfi ApS remains an independent controller for data it processes for account administration, billing, security, product operations, support, legal compliance, and its direct business communications, as described in the Privacy Policy.

2. Definitions

"Customer Personal Data" means personal data that the customer, its authorized users, or people acting on its behalf submit to TatTool or otherwise make available for processing by Bilfi ApS as processor.

"Data Protection Laws" means the GDPR, the Danish Data Protection Act, the ePrivacy rules that apply to electronic communications and cookies, and any other privacy, data protection, or security law that applies to the processing.

Terms such as controller, processor, personal data, processing, data subject, personal data breach, and subprocessor have the meanings given to them under applicable Data Protection Laws.

3. Processing Instructions

Bilfi ApS will process Customer Personal Data only on documented instructions from the customer, including instructions in the Agreement, this DPA, product settings, customer configurations, support requests, and authorized user actions.

If Bilfi ApS believes an instruction violates Data Protection Laws, it will inform the customer unless legally prohibited from doing so. Bilfi ApS may refuse or suspend processing that it reasonably believes would create unlawful, security, or material operational risk.

The customer instructs Bilfi ApS to process Customer Personal Data only as necessary to provide, secure, maintain, support, and improve TatTool, to follow authorized user actions and product settings, to comply with law, and to perform the processing described in Appendix 1.

4. Customer Responsibilities

The customer is responsible for:

• Having a valid legal basis and, where needed, a special-category condition for the Customer Personal Data it processes in TatTool.
• Providing privacy notices to clients, staff, contractors, guest artists, and other people whose data is entered into TatTool.
• Ensuring that Customer Personal Data is accurate, lawful, relevant, and limited to what is necessary for the customer's workflows.
• Configuring roles, permissions, integrations, message templates, consent forms, and retention practices appropriately.
• Avoiding unnecessary special category, health, identity, or other sensitive data in free-text fields, support requests, AI prompts, and message templates unless the customer has authority to process that information.
• Complying with laws that apply to tattoo, health, consumer, recordkeeping, employment, payments, marketing, and communications workflows.
• Handling data subject requests where the customer is the controller, unless the request concerns data for which Bilfi ApS is controller.

5. Processor Obligations

Bilfi ApS will:

• Process Customer Personal Data only as described in this DPA.
• Ensure people authorized to process Customer Personal Data are bound by confidentiality obligations.
• Use appropriate technical and organizational measures designed to protect Customer Personal Data.
• Assist the customer, taking into account the nature of processing and information available to Bilfi ApS, with data subject requests, security obligations, breach obligations, data protection impact assessments, and regulator consultations where required by law.
• Notify the customer if Bilfi ApS becomes aware of a personal data breach affecting Customer Personal Data, as described below.
• Delete or return Customer Personal Data at the end of the services as described in this DPA and the Agreement, unless continued retention is required or permitted by law.

6. Security Measures

Bilfi ApS will maintain appropriate technical and organizational measures for the risk presented by the processing. Current measures are summarized in Appendix 2.

The customer is responsible for using TatTool securely, including controlling user access, protecting credentials, reviewing roles and permissions, configuring integrations carefully, and securing exported files after they leave TatTool.

7. Subprocessors

The customer gives Bilfi ApS general authorization to use subprocessors to provide TatTool. Bilfi ApS will impose data protection obligations on subprocessors that are substantially equivalent to those in this DPA.

The current subprocessor information is available at tattool.io/subprocessors. Bilfi ApS may update the subprocessor list from time to time. Where required by law, Bilfi ApS will provide reasonable notice of material subprocessor changes and give the customer an opportunity to object on reasonable data protection grounds.

If a customer objects to a new subprocessor, the customer must explain the specific data protection concern. Bilfi ApS will work in good faith to address the concern, which may include providing additional information, using a commercially reasonable alternative where available, or allowing the customer to stop using the affected feature.

Bilfi ApS remains responsible to the customer for the performance of its subprocessors' processing obligations to the extent required by Data Protection Laws.

Some integrations are configured by the customer, such as customer-owned Stripe, Resend, Twilio, SendGrid, or other provider accounts. Those customer-configured providers may act under the customer's own relationship with that provider, and the customer is responsible for the provider terms, notices, and compliance obligations that apply to that configuration.

8. International Transfers

Bilfi ApS and its subprocessors may process Customer Personal Data in countries other than the customer's country, including outside the EEA. Where Data Protection Laws require safeguards for such transfers, Bilfi ApS will use appropriate safeguards such as adequacy decisions, the European Commission's Standard Contractual Clauses, transfer impact assessments, and supplementary measures where relevant.

If the European Commission's Standard Contractual Clauses are required, the relevant controller-to-processor or processor-to-processor modules are incorporated by reference and apply as needed for the transfer, together with the processing details and security measures in this DPA.

9. Personal Data Breaches

If Bilfi ApS becomes aware of a personal data breach affecting Customer Personal Data, it will notify the customer without undue delay. The notice will include information reasonably available to Bilfi ApS, such as the nature of the breach, affected data, likely consequences, mitigation steps, and contact point for follow-up.

The customer is responsible for determining whether it must notify data subjects, regulators, customers, employees, contractors, or other parties unless Bilfi ApS is legally required to make a notification itself.

10. Data Subject Requests

Bilfi ApS will, taking into account the nature of the processing and the information available to it, assist the customer with requests to access, correct, delete, restrict, port, or object to processing of Customer Personal Data.

If Bilfi ApS receives a request directly and identifies the customer as the controller, Bilfi ApS may direct the requester to the customer or notify the customer, unless legally prohibited.

11. Deletion and Return

During the term of the Agreement, the customer may export or delete certain Customer Personal Data using available product features. At the end of the services, Bilfi ApS will delete or return Customer Personal Data according to the Agreement, product functionality, and lawful customer instructions.

Bilfi ApS may retain copies where required or permitted by law, such as for security, fraud prevention, accounting, tax, dispute, backup, or legal compliance purposes. Retained copies will remain protected under this DPA for as long as they are retained.

Deletion from backups and disaster recovery systems may occur on a delayed basis according to backup cycles. Backup copies are protected and are not restored for ordinary processing unless needed for recovery, security, legal, or continuity purposes.

12. Audits and Information

Bilfi ApS will make available information reasonably necessary to demonstrate compliance with this DPA. The customer may request reasonable audit information by contacting info@tattool.io.

Any audit must be limited to the customer's own use of TatTool, occur on reasonable notice, avoid disrupting TatTool operations, protect confidential information, and avoid compromising security or other customers' data. Bilfi ApS may satisfy audit requests through policies, questionnaires, security summaries, third-party reports, or equivalent documentation where appropriate.

Unless required by a regulator or triggered by a confirmed personal data breach affecting Customer Personal Data, audits should not occur more than once in any 12-month period.

13. Term and Conflicts

This DPA remains in effect for as long as Bilfi ApS processes Customer Personal Data on behalf of the customer. If this DPA conflicts with the Agreement, this DPA controls for the processing of Customer Personal Data as processor. The Agreement controls for commercial terms, payments, liability, and service use unless Data Protection Laws require otherwise.

Appendix 1: Processing Details

Subject matter: processing Customer Personal Data to provide, secure, support, maintain, and improve TatTool.

Duration: the term of the customer's use of TatTool and any additional period required for deletion, return, backups, legal compliance, security, or dispute handling.

Nature and purpose: hosting, storing, transmitting, displaying, organizing, securing, logging, backing up, deleting, exporting, and otherwise processing data needed for TatTool features.

Product workflows: accounts, organizations, roles, locations, bookings, consultations, clients, consent forms, payment requests and records, Stripe Connect, email and SMS communication, message templates, flows, webhooks, ink documentation, files, reporting, support, diagnostics, and security.

Data subjects: customers, authorized users, studio owners, artists, employees, contractors, guest artists, clients, appointment participants, message recipients, support contacts, and other people whose information is submitted to TatTool.

Personal data categories: names, contact details, account data, authentication data, role and permission data, booking and consultation details, notes, consent form data, signatures, uploaded files, payment and billing records, message content and delivery data, ink and compliance records, audit logs, IP addresses, device data, diagnostics, and support communications.

Special category or sensitive data: depending on the customer's configuration, Customer Personal Data may include health, allergy, medication, pregnancy-related, age or identity, accessibility, or other sensitive information included in client records, booking notes, consultations, consent forms, or uploaded files.

Appendix 2: Technical and Organizational Measures

• Role-based access controls for customer workspaces.
• Authentication controls and session management.
• Encrypted secrets for connected extensions where applicable.
• Encryption for signed consent PDFs where the feature is used.
• Encryption in transit for supported application traffic.
• Secure object storage practices for uploaded files.
• Webhook signature verification for supported providers.
• Audit, diagnostic, and security logs for service operations.
• Access restrictions for production systems and operational data.
• Least-privilege access practices for operational access.
• Monitoring, error tracking, and incident response practices.
• Backups, recovery practices, and deletion workflows where supported.
• Vendor and subprocessor controls appropriate to the service being provided.

Appendix 3: Subprocessors

Current subprocessor information is published at tattool.io/subprocessors.