AMED CID  ·  Private Tattoo Studio · 165 NE 24TH ST · Miami, FL 33137

Privacy
Policy

What we collect, how we use it, and the controls you have over it. Written in plain English, kept as short as it legally can be — but no shorter. Read it before you send anything through the site, and before you sit in our chair.

Effective
April 25, 2026
Last updated
April 25, 2026
Version
1.0
Jurisdiction
Florida, USA

Section 01

Introduction

AMED CID (“we,” “our,” “us,” or “the studio”) is a private tattoo studio located at 165 NE 24TH ST, Miami, Florida 33137, operating online at amedcid.com. We are an in-person business — what you submit through the site is the start of a longer relationship that, if it goes well, ends with permanent ink on your body.

That asymmetry matters. We take your privacy seriously not because a regulator told us to, but because the people who sit in our chair trust us with a lot more than a credit card number — they trust us with reference photos of dead relatives, scars they want covered, ideas they have not told anyone else, and on session day, with their skin.

This policy explains exactly what we collect (online and in person), why, who we share it with, how long we keep it, and what you can do about any of it. Read it before you send anything through the site. If anything here is unclear, email info@amedcid.com before you send personal information — we’d rather answer a question than quietly hold data you would not have given us if you’d understood the terms.

Section 02

Information we collect

When you use the site, contact us, or come into the studio, we handle three kinds of information. We try to keep each one to the minimum needed for the purpose it serves.

A. You give us directly (online)

  • Full name
  • Email address
  • Phone number (mobile preferred for booking SMS)
  • The message or project brief you send through the booking or contact form — placement, size, style direction, budget range, target dates
  • Reference photos or images uploaded with your consultation request
  • Optional notes about skin conditions, allergies, prior tattoos, or anything you think we should know before designing

B. Collected automatically (the site)

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent on the site, scroll depth on long pages
  • Referring URL (the link or search that brought you here)
  • Click and interaction data on the booking flow (which fields you completed, where you abandoned)
  • Approximate location derived from IP — city/region only, not precise GPS

C. Collected in person at the studio

On the day of your session, before any needle touches skin, we collect:

  • Government-issued photo ID — to verify you are 18 or older. We check it; we do not photocopy or scan it.
  • Signed liability waiver and consent form — paper or tablet — including emergency contact, known allergies, current medications relevant to bleeding/healing, pregnancy/breastfeeding status, and acknowledgment of aftercare instructions
  • Brief medical questionnaire — diabetes, hemophilia, skin conditions at the placement site, recent sun exposure or surgery
  • Photographs of the finished tattoo — for portfolio use, only if you check the consent box on the waiver. You can decline and we still tattoo you.
  • Payment receipt information — last 4 of card or method (cash / Zelle / card processor reference). We do not store full card numbers; the processor does.

We do not collect biometric data, social-security numbers, or anything we do not need to legally and safely tattoo you. If a form ever asks for something outside this list, push back — it’s probably a mistake.

Section 03

How we use it

We use the information we collect strictly to:

  • Respond to your inquiries and schedule consultations.
  • Communicate with you about your appointment, design iterations, deposit, scheduling changes, and aftercare.
  • Verify you are at least 18 years old before tattooing you, as required by Florida law.
  • Manage your signed waiver and any medical disclosures so the artist can tattoo you safely.
  • Process deposits and final payment via our payment processor.
  • Send transactional emails — booking confirmations, reschedule notices, post-session aftercare reminders.
  • Improve the site and the service over time, based on which kinds of requests we receive and where the booking flow loses people.
  • Protect the site against abuse, spam submissions, and automated scraping.
  • Comply with legal, tax, and public-health record-keeping obligations applicable to body-art establishments in Florida.

We do not use your information for cross-context behavioral advertising, do not build a profile of you across other websites, and do not feed your data to third-party advertising networks. If that ever changes — for example, if we add a Meta Pixel to measure ad campaigns — this policy will be updated to name the tool, explain what it does, and tell you how to opt out before the tool goes live.

Section 04

Cookies & tracking

The site uses cookies and similar local-storage technologies. The set is short and the categories are simple — we tell you which categories are active today and which are not.

Strictly necessary

These keep the site working: remembering whether you accepted a cookie banner, keeping your booking-form draft from disappearing if you switch tabs, and serving the right asset variants for your screen size. They do not identify you and they cannot be turned off without breaking parts of the site.

Analytics

Currently not in use. When we add an analytics tool, we will choose one that respects privacy by default — for example, a cookie-less product like Plausible or Cloudflare Web Analytics, or IP-anonymized GA4 with consent — and we will list it here, including what it measures and how to opt out, before it is activated.

Advertising & pixels

Currently not in use. We do not run a Meta Pixel, TikTok Pixel, Google Ads tag, or any other ad-attribution tracker today. If we add one in the future, this section will name it, explain what events it sends, and provide opt-out instructions both at the browser level and through the advertising platform’s own controls.

Hosting & infrastructure logs

Our hosting provider records standard server logs — IP address, request time, user-agent, response code — for security, abuse prevention, and performance debugging. These are technical logs, not marketing tracking, and are retained on a short rolling window (see Section 06).

Managing cookies

You can clear and block cookies at any time through your browser settings. Disabling strictly-necessary cookies may break parts of the site (the booking form is the most affected). Browser-level controls also give you a Do Not Track signal and a Global Privacy Control (GPC) signal — we honor GPC as a valid opt-out of any future ad-related sharing, and we will continue to honor it if and when ad tools are added.

Section 05

Who we share it with

We do not sell, rent, or trade your personal information. We share it only with the limited set of providers who help us operate the business, and only with what they need to do their job:

  • Hosting / CDN provider — serves the site and keeps it online; receives standard server logs.
  • Transactional email provider — when you submit a booking or contact form, this provider sends the confirmation email to you and the notification email to the artist. They do not use your email for their own marketing.
  • Secure object storage — reference images you upload live in a private bucket accessible only to the artist and required infrastructure.
  • Payment processors — when you pay a deposit or final session fee, the processor (e.g., a major card network, Zelle, or an in-person card terminal) handles the card data directly and gives us back a transaction reference. We never see or store your full card number.
  • Other service providers — calendar, accounting, backup — under written confidentiality terms and limited to the data they need.
  • Law enforcement or government authorities — only when legally required (subpoena, warrant, or specific statutory obligation), and only the minimum data demanded.
  • In a business transfer — if AMED CID is ever sold, merged, or wound down, customer data may transfer to the successor under the same protections as this policy. You will be notified before any such transfer takes effect, with an opportunity to request deletion first.

We do not share your information with data brokers, advertising networks, social-media re-targeting platforms, or “people search” services.

Section 06

How long we keep it

We keep personal information only as long as needed for the purposes above, unless the law requires a longer period. Concretely, by data type:

Consultation requests & messages
Up to 2 years from last contact, then deleted.
Reference images you upload
Deleted within 90 days of project completion or cancellation, unless you ask us to keep them on file for a future session.
Signed liability waivers & medical disclosures
Retained for 7 years after the last session, in line with the Florida statute of limitations for personal-injury claims.
Payment / transaction records
Retained as required by tax law — typically 7 years for receipts and reconciliation. We keep the reference, not the card number.
Server / access logs
Typically 30–90 days, host-dependent, then rotated out.
Marketing email subscribers (if you opt in)
Until you unsubscribe. There is an unsubscribe link in every marketing email, and one click is enough.
Anonymized aggregate data
Indefinite. Once data has been stripped of identifiers and aggregated, it can no longer be tied to you.

When a retention period ends, the record is deleted from active systems. Backups age out on their own rotation (typically 30–60 days) and are not restored to undelete data.

Section 07

Your rights & choices

Your rights depend on where you live. We grant the broadest set we can practically support to everyone, and grant the full statutory set where the law mandates it.

California residents (CCPA / CPRA)

If you live in California, you have the right to:

  • Know what personal information we collect, the sources, the purposes, and who we disclose it to.
  • Request a copy of the personal information we hold about you.
  • Request correction of inaccurate personal information.
  • Request deletion of your personal information, subject to legal-retention exceptions (waivers, tax records).
  • Opt out of the sale or sharing of your personal information — we do not sell or share it for cross-context behavioral advertising.
  • Limit the use of sensitive personal information — we do not use it beyond providing the service.
  • Non-discrimination for exercising any of these rights.

EU / UK residents (GDPR / UK-GDPR)

If you are in the European Union or the United Kingdom, you have the right to:

  • Access — get a copy of your data and the purposes it’s used for.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — delete your data, subject to legal-retention exceptions.
  • Restriction of processing — pause processing while a dispute is resolved.
  • Portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest, including direct marketing.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your national supervisory authority if you believe we mishandled your data.

Everyone else

Regardless of where you live, you can:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your information.
  • Opt out of marketing communications at any time.

How to exercise these rights

Email info@amedcid.com with the subject line “Privacy Request”, and tell us which right you want to exercise. We may need to verify your identity (typically by confirming details we already hold for you) before acting, to make sure we don’t hand someone else’s data to the wrong person. We respond within 5 business days to acknowledge, and complete most requests within 30 days. Where the law allows a longer window for complex requests, we will tell you why.

You may also designate an authorized agent to make a request on your behalf, where the law allows. We will ask the agent for written authorization signed by you.

Section 08

Data security

We put appropriate technical and organizational measures in place to protect your information from unauthorized access, alteration, disclosure, or destruction. Concretely:

  • The site is served over HTTPS / TLS — everything you submit is encrypted in transit.
  • Reference images live in a private storage bucket; the bucket has no public listing and is accessed only by the artist and the booking endpoint.
  • We follow the principle of least privilege — only the artist has access to client records; service-provider access is scoped to what each provider needs.
  • Where the host supports it, data is encrypted at rest.
  • Local drafts and form caches in your browser are cleared after a successful submission, so the next person on a shared device cannot read your booking form.
  • Paper waivers are stored in a locked file at the studio, accessible only to the artist.
  • We do not store full payment card numbers — those live with the payment processor, who is PCI-DSS compliant.

That said — no method of transmission over the internet, and no method of electronic storage, is 100% secure. We do not pretend otherwise. If we ever have reason to believe your data has been accessed by someone who should not have, we will notify you and the relevant authorities as required by applicable breach-notification laws, including Florida’s Information Protection Act.

Section 09

Age & children’s privacy

This site is not directed to anyone under 18, and we do not knowingly collect personal information from minors. If you believe we have collected information from a minor by mistake, email info@amedcid.com and we will delete it.

The studio side mirrors this. Florida law (FL Stat §381.0075 and §877.04) prohibits tattooing minors except in narrow medical contexts that we do not operate in. Parental consent does not lower the age — if you are not yet 18, no consent form, no signature from a parent, and no persuasion will get you tattooed at AMED CID. You must be 18 or older and present a valid government-issued photo ID on the day of your session. If the ID does not match the booking name or shows you are under 18, the session is cancelled and the deposit is forfeited.

Section 10

Contact

Questions, concerns, or requests about this policy or how we handle your personal information — reach out directly. A real human reads every email.

Studio AMED CID
Address 165 NE 24TH ST, Miami, FL 33137
Web amedcid.com
Email info@amedcid.com
Subject line “Privacy Request”
Response Within 5 business days · 30 days max for formal access / deletion

Section 11

Changes to this policy

We may update this policy from time to time — for example, when we add a new tool, change retention windows, or expand to new services. When we do, we will revise the Last updated date at the top of the page and bump the version number.

For significant changes — anything that materially expands what we collect, who we share it with, or how long we keep it — we will display a banner on the site for at least 30 days before the new terms take effect, and email anyone subscribed to our list. You will always have the window to review the change and request deletion before the new terms apply to your data.

If you care about this stuff (and you should), bookmark this page and check back when you book a session.

Request a Session → Appointment Terms