inkStar Logo

Cookie Policy

Last updated: March 17, 2026

1. Introduction

This Cookie Policy explains how inkStar ("we", "us", "our") uses cookies and similar tracking technologies when you visit our website at inkstar.app, use our web application, or interact with our mobile platform (collectively, the "Platform").

We are committed to being transparent about the technologies we use. This policy provides detailed information about how, when, and why we use cookies, and explains your options for controlling them in accordance with the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and other applicable data protection laws.

2. What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and supply information to site owners. Cookies can be "first-party" (set by us) or "third-party" (set by external services we use).

In addition to cookies, we may also use similar technologies such as web beacons (pixel tags), local storage, and session storage. Where we refer to "cookies" in this policy, we include these similar technologies unless otherwise stated.

3. How We Use Cookies

We use cookies for several purposes across our Platform. These range from cookies that are essential for the Platform to function, to cookies that help us understand how our users interact with our services so we can improve them. We always ask for your consent before placing non-essential cookies on your device.

4. Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be disabled in our systems. They are typically set in response to actions you take, such as logging in, setting your privacy preferences, or filling out forms. Without these cookies, the services you have asked for cannot be provided.

  • Authentication cookies: Set by Clerk, our identity provider, to manage user sessions, verify your identity, and keep you securely logged in across the Platform. These include session tokens, CSRF protection tokens, and device verification cookies.
  • Session management cookies: Maintain your active session state so you do not need to re-authenticate on every page visit. These are essential for platform users who access booking forms, contract pages, or other authenticated areas.
  • Security cookies: Protect against cross-site request forgery (CSRF), detect automated abuse, and enforce rate limiting. These cookies help safeguard your account and our Platform from unauthorized access.
  • Cookie consent cookies: Store your cookie consent preferences so we can honour your choices and avoid asking you again on every visit. These are set by our consent management tool.
  • Infrastructure cookies: Used for load balancing, routing requests, and ensuring Platform stability. These are purely technical and do not store any personal information.

Legal basis: These cookies are necessary for the performance of our contract with you and for our legitimate interest in operating a secure platform. They do not require your consent under the ePrivacy Directive.

5. Functional Cookies

Functional cookies enable enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these features may not function properly.

  • Language and locale preferences: Remember your selected language (English or German) and regional formatting preferences across sessions.
  • Form state preservation: Save the progress of partially completed forms such as contract creation, booking forms, or onboarding workflows. This prevents data loss if you navigate away or your session is interrupted.
  • UI preferences: Remember display preferences such as theme settings, dashboard layout choices, and notification preferences.
  • Public access tokens: When end customers access shared resources such as contract signing pages or booking forms via a link, a session cookie stores their temporary access token so they do not need to re-authenticate during that session.

6. Analytics and Performance Cookies

These cookies allow us to measure and improve the performance of our Platform. They help us understand how visitors interact with our website, which pages are most popular, and how users navigate through the application. All data collected by these cookies is aggregated and anonymised wherever possible.

  • Page view and session tracking: Understand which pages are visited, how long users spend on each page, and typical navigation patterns.
  • Performance monitoring: Measure page load times, API response times, and application performance to identify and resolve bottlenecks.
  • Error tracking: Detect and diagnose client-side errors and crashes to improve Platform reliability.
  • Feature usage analytics: Understand which features are most used, how users interact with specific tools (e.g. the scheduling calendar or contract builder), and where users experience friction.

Analytics Providers

  • PostHog: Our primary product analytics platform. PostHog sets cookies to track anonymous usage patterns, feature adoption, and user journeys. PostHog is configured to respect your consent preferences, and we use their EU data residency option to ensure data is processed within the European Union. PostHog cookies typically persist for up to 12 months.
  • Google Analytics (GA4): Used to measure website traffic, user demographics, and acquisition channels. Google Analytics sets cookies (prefixed with _ga) to distinguish unique users and throttle request rates. We have enabled IP anonymisation and have signed Google's Data Processing Amendment. Google Analytics cookies typically persist for up to 14 months.

Legal basis: We rely on your consent to set analytics cookies. You can opt out at any time through our cookie consent banner or by adjusting your preferences in your browser settings.

7. Marketing and Advertising Cookies

Marketing cookies are used to track visitors across websites and display ads that are relevant and engaging for individual users. These cookies are only set after you have given your explicit consent.

  • Retargeting: Show you relevant inkStar advertisements on third-party websites and social media platforms after you have visited our website.
  • Conversion tracking: Measure the effectiveness of our advertising campaigns by tracking whether you completed an action (such as signing up for a trial) after seeing or clicking on an ad.
  • Audience building: Create anonymised audience segments based on website behaviour to reach similar potential customers with our advertising.
  • Ad performance measurement: Analyse which advertisements drive the most engagement, sign-ups, and conversions to optimise our marketing spend.

Advertising Partners

  • Meta Pixel (Facebook/Instagram): The Meta Pixel tracks conversions from Meta ads, builds targeted audiences for future campaigns, and enables remarketing to people who have previously interacted with our website. Meta processes this data under its own privacy policy. The Meta Pixel cookie (_fbp) typically persists for up to 90 days.
  • Google Ads (including Google Tag Manager): Google Ads cookies track ad clicks, measure conversions, and support remarketing campaigns across the Google Display Network and YouTube. Google processes this data under its own privacy policy. Google Ads cookies typically persist for up to 90 days.

Legal basis: Marketing cookies are only placed with your explicit, informed consent. You may withdraw your consent at any time, and we will immediately stop setting these cookies. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.

8. Third-Party Cookies

In addition to our own cookies, several third-party services set cookies on your device when you use our Platform. We carefully vet all third-party providers and only work with services that meet our data protection standards.

8.1 Clerk (Authentication)

Clerk is our authentication and user management provider. Clerk sets several cookies that are essential for secure login, session management, multi-factor authentication, and device recognition. These are strictly necessary cookies and are required for the Platform to function. Clerk processes data in accordance with their privacy policy and is compliant with SOC 2 Type II standards.

8.2 Stripe (Payment Processing)

For users on paid subscription plans, Stripe sets cookies related to payment processing, fraud prevention, and PCI DSS compliance. These cookies help detect suspicious activity and secure payment transactions. Stripe cookies are strictly necessary for users who make payments through our Platform.

8.3 Other Third-Party Services

We may integrate additional third-party services from time to time that set their own cookies (for example, embedded support widgets or feedback tools). We will update this policy accordingly and request your consent where required before any new non-essential third-party cookies are placed.

9. Cookie Consent

In compliance with the GDPR and the ePrivacy Directive, we always ask for your consent before setting any non-essential cookies. When you first visit our website, you will see a cookie consent banner that gives you clear and specific choices.

You can choose to:

  • Accept all cookies: This enables all cookie categories, including analytics and marketing cookies.
  • Reject non-essential cookies: This only allows strictly necessary cookies that are required for the Platform to function.
  • Customise your preferences: Select which categories of non-essential cookies you wish to allow (e.g. analytics only, marketing only, or both).

Your consent preferences are stored in a cookie on your device and are valid for 12 months. You can change your preferences at any time by clicking the "Cookie Settings" link in the footer of our website or by clearing your browser cookies and revisiting the site.

10. Managing and Deleting Cookies

Beyond our consent tool, you can also manage cookies directly through your browser settings. Most browsers allow you to view, manage, and delete cookies. Please note that if you disable all cookies, some parts of our Platform may not function correctly.

  • Google Chrome: Settings → Privacy and Security → Cookies and other site data
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Apple Safari: Preferences → Privacy → Manage Website Data
  • Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

You can also opt out of interest-based advertising through industry opt-out tools such as the European Interactive Digital Advertising Alliance (EDAA) at youronlinechoices.eu, or the Digital Advertising Alliance (DAA) at optout.aboutads.info.

11. Cookie Retention Periods

Different cookies have different lifespans:

  • Session cookies: These are temporary and are deleted when you close your browser. They are used for actions like maintaining your login state during a single browsing session.
  • Persistent cookies: These remain on your device for a set period or until you delete them. They are used for remembering your preferences, consent choices, and login information across sessions.
  • Analytics cookies: Typically retained for 12 to 14 months, depending on the provider. PostHog cookies persist for up to 12 months; Google Analytics cookies persist for up to 14 months.
  • Marketing cookies: Typically retained for 90 days. Both Meta Pixel and Google Ads cookies follow this retention period.

12. International Data Transfers

Some of our third-party cookie providers may transfer and process data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or binding corporate rules.

For our analytics services, we use EU-based data residency options wherever available (e.g. PostHog's EU Cloud). Where data is transferred to the United States, we rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

13. Your Rights Under GDPR

Under the GDPR, you have the following rights in relation to personal data collected through cookies:

  • Right of access: You can request information about the personal data we have collected about you through cookies.
  • Right to withdraw consent: You can withdraw your consent for non-essential cookies at any time through our cookie settings, without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to erasure: You can request that we delete the personal data collected about you through cookies, subject to any legal retention requirements.
  • Right to object: You can object to the processing of your personal data for direct marketing purposes, including profiling related to such marketing.
  • Right to lodge a complaint: If you believe we are not handling your personal data correctly, you have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at privacy@inkstar.app. We will respond to your request within 30 days as required by law.

14. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes to our Platform, or updates to applicable law. When we make material changes, we will notify you by posting the updated policy on our website and, where appropriate, requesting your consent again.

We encourage you to review this Cookie Policy periodically. The "Last updated" date at the top of this policy indicates when it was last revised.

15. Contact Us

If you have any questions about our use of cookies or this Cookie Policy, please contact us:

Syncflux

Weißenhorn, Germany

Email: hello@inkstar.app

Privacy inquiries: privacy@inkstar.app

Read our Privacy Policy →Read our Terms of Service →

Ready to Transform Your Studio?

Start your free trial today and see for yourself how inkStar simplifies your daily workflow.

What you get with your free trial:

  • Full access to all features for 7 days
  • Free data migration assistance
  • Personal onboarding session
  • Dedicated support team
  • 7-day free trial
  • Cancel anytime
  • GDPR compliant
  • Encrypted data at rest & in transit
inkStar

Everything Your Studio Needs

Built by studio owners, for studio owners

  • Works Offline
    Full functionality without internet. Syncs automatically when you're back online.
  • Digital Contracts
    Consent forms, signatures, and medical history. All paperless and legally sound.
  • Integrated Payments
    Card, PayPal, Klarna installments. Automatic deposit collection at booking.
  • Smart Scheduling
    Availability-based slot suggestions. Online booking page for your customers.
Artist Testimonial
inkStar transformed my chaotic studio into a professional business.
Maria Chen
Tattoo Artist, Berlin
Cookie Policy – inkStar