Privacy Policy
Last updated: May 22, 2026
1. Who we are
Wisettly is operated by Morenoaldo AB, a company registered in Sweden. If you have any questions about this policy or your data, contact us at info@wisettly.com.
2. Data we collect
We collect only the data necessary to provide our service:
- Account data — email address and password when you create an account.
- Studio data — studio name, logo, and configuration settings you provide.
- Client data — names, email addresses, phone numbers, and booking information you add to your studio's CRM.
- Messages — email and social media conversations synced from connected accounts (Gmail, Instagram, Facebook) at your direction.
- Booking and payment records — session dates, artist assignments, and deposit records you create.
- Usage data — basic logs to maintain service reliability (no advertising tracking).
3. How we use your data
- To provide and operate the Wisettly platform for your studio.
- To generate AI-powered summaries, reply drafts, and booking insights using OpenAI's API. Data sent to OpenAI is processed solely to generate responses and is not used to train their models.
- To sync messages from Gmail, Instagram, and Facebook on your behalf when you connect those accounts.
- To send transactional emails (booking confirmations, team invitations) that you trigger.
- To maintain security, prevent fraud, and fix technical issues.
We do not sell your data. We do not use your data for advertising.
4. Third-party services
Wisettly uses the following third-party services to operate:
- Supabase — database and authentication (servers in Sweden, EU).
- OpenAI — AI-generated summaries and reply drafts. Data is processed under OpenAI's API data usage policy, which does not use API inputs to train models.
- Google Gmail API — to read and send emails on behalf of studios that connect their Gmail account. We only access emails in the label you configure. We do not access, store, or share Gmail data beyond what is strictly necessary to display and reply to messages within Wisettly.
- Google Calendar API — to read calendar events on behalf of studios that choose to perform a one-time import of existing bookings. After the import is complete, the connection is immediately removed. We do not store Google Calendar credentials beyond the duration of the import session.
- Meta (Instagram / Facebook) — to receive and send direct messages on behalf of studios that connect their Instagram or Facebook page.
- Vercel — hosting and content delivery.
5. Google API Limited Use disclosure
Wisettly's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Wisettly:
- Only requests access to Gmail data (read and send) and Google Calendar data (read-only) when explicitly authorized by the studio owner.
- Does not use Google user data to serve advertising.
- Does not allow humans to read Google user data unless the user has given explicit permission, it is necessary for security purposes, or it is required by law.
- Does not share, sell, or transfer Google user data to third parties, except to the sub-processors listed in Section 4 that are strictly necessary to operate the service.
- Limits use of Google data to providing or improving the features described in this policy.
6. Data storage and security
Your data is stored in Supabase on servers located in Sweden within the European Union. All data is encrypted in transit (TLS) and at rest (AES-256). Access to studio data is enforced at the database level — each studio can only access its own data.
7. Data retention
We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days, except where retention is required by law.
8. Your rights (GDPR)
If you are located in the European Economic Area, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to certain processing of your data.
- Withdraw consent — disconnect any connected account (Gmail, Instagram, Facebook) at any time from Settings.
To exercise any of these rights, email us at info@wisettly.com. We will respond within 30 days.
9. Cookies
Wisettly uses only essential session cookies required for authentication. We do not use tracking or advertising cookies.
10. Children's privacy
Wisettly is intended for use by tattoo studio professionals and their adult clients. We do not knowingly collect personal data from anyone under 18. If you become aware that a minor has provided us with personal data, please contact us at info@wisettly.com so we can delete it promptly.
11. Changes to this policy
We may update this policy from time to time. If changes are significant, we will notify active users by email. The date at the top of this page reflects the most recent update.
12. Contact
Questions or requests about this privacy policy:
info@wisettly.com
Morenoaldo AB · Linköping, Sweden