Consumer Health Data Privacy Policy
Effective Date: May 22, 2026
This policy explains how 23 Daggers (operated by Laughing Dragon Incorporated) collects, uses, shares, and retains consumer health data. It is separate from our general Privacy Policy and applies specifically to health-related information collected through artist intake forms, waivers, and related booking or service workflows facilitated through the platform. It is provided to meet Washington's My Health My Data Act and similar state consumer-health-data laws, to the extent applicable.
1. What we mean by consumer health data
Some artists on 23 Daggers ask clients health-related questions before a tattoo or piercing, because the answers affect whether the service is safe, appropriate, or otherwise suitable for the requested service. Depending on the artist, this can include questions about medical history, current medications, allergies, pregnancy or breastfeeding, bleeding or clotting conditions, skin conditions, blood-borne illness, recent alcohol or drug use, and similar topics. We treat your answers to these questions as consumer health data, where required or appropriate under applicable law.
2. The health data we collect, and where it comes from
- Categories. Health-related answers you provide in an artist's booking intake form or in a waiver you sign, including any free-text details you choose to add. You can answer "Prefer not to say" on standard health questions.
- Sources. Directly from you, when you fill out an intake form or sign a waiver. We do not buy health data about you or infer it from other sources.
3. Consent
Before you provide health information, we ask for your consent: an affirmative step on the booking form (when the artist's form includes health questions) and on the waiver-signing page. By that step you direct us both to collect your health answers and to transmit them to the specific artist you selected, so that artist can prepare for and safely perform your appointment. We act only as a conduit carrying the answers you choose to provide to the artist you chose. You may decline to answer any health question, and you may withdraw your consent before you submit by contacting the artist or us. If you withdraw consent, the artist may decide they need the information to provide the service safely, appropriately, or in compliance with legal or professional obligations, and may decline the booking; that decision is the artist's.
4. How we use it
We use your health answers solely for limited service-related purposes: to deliver them to the artist you are booking with, so they can make safety and service decisions about your appointment. We do not use your health data for advertising, we do not use it to train machine-learning or AI models, and we do not use it for any purpose unrelated to your booking, except as required by law or reasonably necessary for legal claims, security, fraud prevention, or compliance-related purposes.
5. How we share it
- With your artist. At your direction, your answers are transmitted to the specific artist whose form you filled out. That artist is the recipient you selected and the intended recipient of the information; we transmit it only to enable the service you requested.
- With service providers. We use a small set of vendors strictly to run the platform: Render (hosting), Cloudflare R2 (encrypted file storage), Resend (transactional email), and other affiliates, contractors, infrastructure providers, or vendors reasonably necessary to operate, support, secure, maintain, or improve the platform and related services. They process data on our behalf under contract and are not permitted to use it for their own purposes, except as necessary to perform contracted services or as permitted by applicable law. We do not share consumer health data with them for any independent use.
- We do not sell consumer health data, and we do not share it with advertisers or data brokers.
- Legal. We may disclose data where required by law (subpoena, court order), to comply with legal obligations, protect rights, safety, platform integrity, investigate fraud or abuse, or defend against legal claims.
6. How we protect it
Health answers are encrypted in transit (HTTPS). At rest they are protected by two independent layers of encryption. Our hosting provider encrypts the entire database at rest, and on top of that we separately encrypt your health answers at the application level (AES-256-GCM) before they are written, so a raw database copy would not expose them. Access is limited. No 23 Daggers employee has routine access to your health answers, except where reasonably necessary for a specific support request, legal obligation, security event, fraud investigation, or other limited operational or compliance-related purpose.
7. How long we keep it
We keep your health answers for as long as needed to deliver your booking and then scrub them from our active systems within a reasonable period, generally within 30 days of a verified deletion request, subject to technical limitations, system integrity, backup cycles, and legal or operational retention requirements. Health answers that form part of a signed waiver are retained with that waiver for the statute-of-limitations window for body-art claims (we use seven years as a default that covers this window in essentially every U.S. state), and longer only where a dispute or legal claim involving the booking is pending or reasonably anticipated, or where reasonably necessary for legal, regulatory, fraud-prevention, audit, or recordkeeping purposes, as permitted by the legal-claims exception under applicable law. See the general Privacy Policy for full retention details.
8. Your rights
You may confirm whether we are collecting your consumer health data, access it, request its deletion, and withdraw consent, subject to applicable law and any permitted legal, security, or retention-based limitations. To exercise any of these, email support@23daggers.com from the email on your account. We respond to verified requests within 45 days.
Washington residents (My Health My Data Act). You have the rights above under MHMDA. You may also appeal a denied request; if we deny your appeal, you may contact the Washington State Attorney General.
9. The artist's separate role
Once your health answers reach the artist, the artist may keep their own copy (in their own records or software). How the artist stores, uses, processes, discloses, secures, or otherwise handles your health information off the platform is the artist's responsibility under their own practices and any law that applies to them. 23 Daggers does not control and is not responsible for the artist's independent off-platform handling, storage, disclosure, or compliance practices relating to such information. Ask the artist directly if you have questions about what they do with your answers after you submit the form.
10. Changes and contact
We will update this policy when our practices change and post the new version here. Questions: support@23daggers.com.
Laughing Dragon Incorporated (DBA 23 Daggers)
8 The Green, Suite B, Dover, Delaware 19901