Language. This document is published in English, which is the authoritative version. For an accessibility-friendly version or a Portuguese translation, please email info@tattoofactory.eu. In case of any discrepancy between translations and the English version, the English version prevails to the maximum extent permitted by mandatory consumer-protection law applicable to you.
This Cookie Policy explains how Trendy Texture Unipessoal Lda(NIF / VAT PT519181816), trading as “Tattoo Factory” (“we”, “us”, “our”) uses cookies and similar technologies on tattoofactory.io (the “Site”). It complements and forms an integral part of our Privacy Policy.
1. Legal framework
Our use of cookies is governed primarily by:
- Article 5(3) of Directive 2002/58/EC (the “ePrivacy Directive”), as amended;
- Portuguese Law n.º 41/2004 of 18 August (which transposes the ePrivacy Directive), as amended by Law n.º 46/2012;
- Regulation (EU) 2016/679 (the GDPR) for any processing of personal data triggered by a cookie;
- Guidance from the European Data Protection Board (EDPB) and the Portuguese supervisory authority (CNPD).
In line with this framework, we set strictly necessarycookies without consent, and request your consentbefore setting any non-essential cookie or similar technology (functional, analytics, marketing). Consent is collected via the cookie banner shown on your first visit, can be granular per category, and can be withdrawn at any time as easily as it was given (see §6).
2. What is a cookie
A cookie is a small text file placed on your device when you visit a website. We also treat the following as “similar technologies” for the purposes of this Policy:
- localStorage and sessionStorage entries set by the Site or its scripts;
- IndexedDB records;
- Pixel tags / web beacons;
- Fingerprinting techniques, which we do not use;
- SDK identifiers, which we do not use.
Cookies can be:
- First-party — set by tattoofactory.io itself;
- Third-party — set by another domain whose service is loaded on a page (e.g. Stripe on the checkout page);
- Session — deleted when you close the browser;
- Persistent — retained for a fixed duration.
3. Categories of cookies we use
3.1 Strictly necessary
These cookies are required for the Site to function correctly. Under Article 5(3) of the ePrivacy Directive they are exempt from the consent requirement because they are strictly necessary to provide the service explicitly requested by you. They cannot be switched off in our system.
| Cookie / storage key | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
cartId | Tattoo Factory (first-party) | Identifies your shopping cart between page loads | HTTP cookie | 7 days |
NEXT_LOCALE | Tattoo Factory (first-party) | Remembers your language preference | HTTP cookie | 1 year |
tf_session | Tattoo Factory (first-party) | Authentication session if you sign in | HTTP cookie (HttpOnly, Secure, SameSite=Lax) | Session / up to 30 days when “remember me” is selected |
tf_csrf | Tattoo Factory (first-party) | Cross-site request forgery protection on forms | HTTP cookie | Session |
tf_consent | Tattoo Factory (first-party) | Stores your cookie-banner choices and the date of consent | HTTP cookie | 12 months |
__cf_bm | Cloudflare | Bot management — distinguishes humans from bots, protects against abuse | HTTP cookie (third-party) | 30 minutes |
cf_clearance | Cloudflare | Records that you passed a security challenge | HTTP cookie (third-party) | Up to 1 year |
3.2 Functional
These cookies enable enhanced functionality and personalisation but are not strictly necessary. They are set only with your consent.
| Cookie / storage key | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
recentlyViewed | Tattoo Factory (first-party) | Tracks designs you have viewed for the “recently viewed” row on the home page | localStorage | 30 days |
customizerDraft | Tattoo Factory (first-party) | Auto-saves your in-progress design in the customizer so you can return later | localStorage | Until manually cleared |
3.3 Analytics
We use Plausible Analytics, a privacy-first, cookie-less analytics tool operated by Plausible Insights OÜ (Estonia), with servers located in Germany. Plausible does not set any cookie on your device, does not collect personal data, does not track you across sites, and does not build user profiles. It generates aggregated, anonymised statistics about traffic and usage trends.
Because no information is stored on or read from your device, Plausible falls outside the scope of Article 5(3) of the ePrivacy Directive. You can read more on the Plausible data policy page.
We do not use Google Analytics, Facebook Pixel, or any cookie-based analytics tool.
3.4 Marketing
We do not currently set marketing or advertising cookies. We do not share data with ad networks. If this changes, we will update this Policy and request fresh consent before any such cookie is set.
4. Third-party services that may set cookies
The following third-party services may set their own cookies when their components are loaded. They are loaded only on the relevant page or after consent, as indicated:
| Service | Where loaded | Purpose | Their cookie / privacy policy |
|---|---|---|---|
| Stripe | Checkout pages only | Card-payment processing, anti-fraud | stripe.com/cookies-policy/legal |
| PayPal | If PayPal is selected at checkout | Payment processing, fraud prevention | paypal.com/legalhub |
| Cloudflare | Site-wide (CDN, DDoS protection) | Network security, performance | cloudflare.com/privacypolicy |
Where a third-party service sets cookies that are not strictly necessary, we load that service only after you have given consent for the relevant category.
5. How long cookies last
The duration of each cookie is shown in the tables above. Session cookies are deleted when you close your browser; persistent cookies remain until they expire or you delete them. We never set a non-essential cookie that lasts more than 12 months without renewing your consent.
6. How to manage your preferences
You can manage cookies in three ways:
- Cookie banner— shown on your first visit. Use “Accept all”, “Reject all”, or “Customise” to choose categories. Refusing non-essential cookies has no negative consequence and is as easy as accepting.
- Cookie settings link — at the bottom of every page. Open it at any time to change your choices. Withdrawing consent is as easy as giving it.
- Browser settings — most browsers let you delete or block cookies for a specific site or all sites. See: Chrome, Firefox, Safari, Edge.
Note: blocking strictly-necessary cookies will break key features of the Site (cart, login, language, security challenges).
7. Do Not Track
Some browsers send a “Do Not Track” (DNT) signal. There is no industry consensus on how to interpret DNT, and it is not a legally recognised consent mechanism in the EU. Because we already operate on a strict opt-in basis for non-essential cookies, our Site behaves the same regardless of the DNT signal. If a future legal standard (e.g. ADPC / Global Privacy Control) is endorsed by EU authorities, we will respect it.
8. Records of consent
When you set cookie preferences, we store the date of the action, the categories accepted/rejected, and the version of this Policy in effect at that moment, as proof of consent (Article 7(1) GDPR). This record is retained for 12 months and used only to prove compliance.
9. Changes to this Policy
We update this page whenever the cookies we use change. The latest version is always available here, marked with the “Last updated” date above. Material changes are announced through the cookie banner the next time you visit, and — where required — fresh consent is requested.
10. Contact
Questions about cookies? Email info@tattoofactory.eu or write to Trendy Texture Unipessoal Lda, Largo Barão de São Martinho, nº 13, 4º, sala H, 4700-306 Braga, Portugal.