ETHEREAL Privacy Policy

Last Updated: May 6, 2026 · Operator: Global InkMagine LLC · Product: ETHEREAL · Website: https://etherealos.ai

This Privacy Policy describes how ETHEREAL ("ETHEREAL", "we", "our", "us"), operated by Global InkMagine LLC, collects, uses, stores, and shares information when an artist or studio connects ETHEREAL to Google Calendar and other supported services. ETHEREAL is an operating system for elite tattoo studios used by artists and studio operators to run sessions, approvals, scheduling, client communication, and growth operations.

1. Scope of this Policy

This Policy covers data accessed when an authenticated user (a tattoo artist, studio operator, or studio admin) authorizes ETHEREAL to integrate with Google services through the Google OAuth 2.0 consent screen. It also covers session, booking, and operational data created inside ETHEREAL by studio personnel.

The OAuth client published under this Policy is the production OAuth client for the ETHEREAL application (legal entity Global InkMagine LLC). The client is shown in the Google consent screen as ETHEREAL.

2. Data we collect

2.1 Account and identity data

• Email address of the authenticating user (used to identify the connected account inside ETHEREAL).
• Display name and basic profile as returned by the Google sign-in flow.
• OAuth refresh and access tokens issued to ETHEREAL by Google, stored encrypted at rest and used only to call the APIs you authorized.

2.2 Operational data created in ETHEREAL

• Bookings, sessions, deposits, payouts, and approvals you record in ETHEREAL.
• Workspace and team configuration (artists, services, pricing, hours).
• Diagnostic and usage logs (timestamps, IPs, error traces) used to operate the product.

3. Google Calendar integration

ETHEREAL integrates with Google Calendar so that an artist or studio can keep their session schedule synchronized with the calendar they already use. The integration is optional, requested only after a user explicitly opts in inside the ETHEREAL app, and is governed by the OAuth scopes described below.

3.1 Scopes requested and per-scope justification

• https://www.googleapis.com/auth/calendar.readonly — Used to read events on the artist's primary calendar so ETHEREAL can detect scheduling conflicts before a tattoo session is booked, render the artist's existing busy windows on the in-app scheduling screen, and prevent double-booking when a deposit is paid. Read-only access alone is not sufficient because we also need to write the confirmed session back to the artist's calendar; the complementary write scope is described below.
• https://www.googleapis.com/auth/calendar.events — Used to create, update, and cancel calendar events that correspond to scheduled tattoo sessions on the artist's primary calendar, so each booking auto-appears with the correct date, time, duration, and client name. This is the narrowest scope that supports event mutation; the broader auth/calendar scope is intentionally not requested because ETHEREAL does not need to manage calendar metadata, ACLs, or settings.

ETHEREAL does not request access to other Google services from this OAuth client (no Gmail, Drive, Contacts, Photos, or YouTube scopes). Where additional Google scopes are added in the future, this Policy will be updated and a renewed consent will be requested from the user.

3.2 What we do with Google Calendar data

• Show the user, inside ETHEREAL, the busy windows on their primary calendar so they can pick free slots for tattoo sessions.
• Create a calendar event when a booking is confirmed; update the event when a booking is rescheduled; cancel the event when a booking is canceled.
• Detect double-booking conflicts and show warnings before deposits are charged.

3.3 What we do not do

• We do not sell, rent, or transfer Google user data to advertisers, data brokers, or any other third party for advertising or marketing purposes.
• We do not use Google user data to train, fine-tune, or build generalized AI/ML models. Google user data is not sent to any third-party AI provider for model training.
• We do not allow ETHEREAL personnel to read your calendar events, except in the four narrow cases permitted by Google's Limited Use policy: (a) you give us explicit written consent for a specific support investigation, (b) where required for security reasons such as investigating abuse, (c) when fully aggregated and anonymized for internal operational metrics, or (d) where required to comply with applicable law.
• We do not share Google user data with any third party except service providers that operate the application's infrastructure under written data processing terms (see §5).

4. How we use your data

We use the data described above to: (a) operate the ETHEREAL product and the Google Calendar integration in the way you have configured it; (b) provide customer support and respond to your requests; (c) detect and prevent fraud, abuse, and security incidents; (d) generate aggregated, non-identifying analytics to improve product quality; and (e) comply with legal obligations.

Google user data is used only to provide or improve the user-facing scheduling features described in §3.

5. Sharing and transfers

We share data with the following categories of recipients, only to the extent necessary to operate the ETHEREAL product:

• Cloud and hosting infrastructure (e.g. Vercel, Supabase, Railway, Cloudflare) — process data on our behalf under written processor agreements.
• Payment processing (Stripe) — for deposits and payouts. Stripe receives only the data needed to process the payment.
• Communication and messaging (Twilio, Meta WhatsApp Business Platform, ElevenLabs voice) — to deliver the messages you send through ETHEREAL.
• AI providers (such as Anthropic) — to power the conversational features inside ETHEREAL. Google user data obtained through the Calendar scopes is not sent to AI providers.
• Authorities — when legally compelled by valid process, or to protect the rights, property, or safety of ETHEREAL, our users, or others.

We do not sell personal information.

6. Retention and deletion

• OAuth tokens are stored encrypted at rest and are kept only while the integration is connected. When you disconnect the integration in ETHEREAL or revoke access in your Google Account, tokens are revoked and purged from our active stores within 24 hours.
• Synced calendar event data stored in ETHEREAL (busy windows used for conflict detection, references to events ETHEREAL created) is retained for up to 30 days after disconnection, then deleted, unless retention is required for tax, accounting, audit, or legal reasons.
• Backups may retain residual copies for up to 30 additional days, after which they are overwritten.
• Operational records (bookings, deposits, payouts) are retained as required for tax, accounting, dispute, and audit purposes per applicable law.

You can request immediate deletion at any time by following the instructions on our Data Deletion page.

7. Security

ETHEREAL applies industry-standard security controls including TLS in transit, encryption at rest for OAuth tokens and sensitive credentials, role-based access control with workspace-scoped row-level security, and audit logging of administrative actions. No system is perfectly secure; we will notify affected users of material incidents as required by applicable law.

8. Your rights

Depending on where you are located, you may have rights to access, correct, delete, port, or restrict processing of your personal data, to withdraw consent, and to lodge a complaint with a supervisory authority. To exercise these rights, contact [email protected]. For Google Calendar specifically you can revoke ETHEREAL's access at any time at myaccount.google.com/permissions.

9. Children's privacy

ETHEREAL is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy. We will post the updated version at this URL and update the "Last Updated" date above. Material changes that affect how we use Google user data will be notified to connected users in-app and by email before taking effect.

11. Contact

Questions, requests, or complaints about this Policy or about how ETHEREAL handles your data should be sent to:

• Email: [email protected]
• Support: [email protected]
• Operator: Global InkMagine LLC
• Website: https://etherealos.ai