Portfolio Write Policy
Portfolio assets are creative proof objects. They carry source lineage, owner tenant, artist attribution, rights posture, consent posture, review state, and distribution eligibility before they can power public products.Review-gated surface: this workflow can stage evidence and prepare review records, but it cannot publish, promote, or write approved portfolio data without TattooAPI policy checks and human approval.
Default Rule
Public portfolio projections are read-only by default. Writes are allowed only through governed TattooAPI routes after identity, ownership, review, rights, consent, and distribution checks pass.Actor Model
The artist remains the owner of the portfolio work. Studio affiliation does not transfer artist ownership.
Required Checks
Before any approved portfolio write, TattooAPI must verify:- actor identity
- reviewed identity evidence and owner mapping
- artist ownership
- delegated studio authorization, when applicable
- rights posture
- consent posture
- source lineage
- review status
- target distribution eligibility
- audit trail
Delegated Studio Actions
Studio owners and managers can help operate portfolio surfaces, but delegated actions must preserve authorship:- artist owner remains attached to the asset
- acting studio/user is audited separately
- request source is preserved
- distribution target is explicit
- approval path is visible
Blocked Paths
Also blocked:- communications-provider-to-approved-storage direct writes
- raw inbound media appearing on public sites
- public writes from unverified actors
- identity mapping from display name or phone alone
- runtime canonical promotion from a text-message event
- approved storage as the permission boundary
