Privacy Policy

Tappa ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tappa mobile application and website (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please stop using the Service. By continuing to use Tappa, you consent to the practices described here.

Information you provide directly: — Account information: name, email address, and password when you register. — Profile information: job title, company, phone number, website URL, social links, and profile photo that you choose to add to your public profile. — NFC device information: names and types you assign to your NFC devices within the app. — Communications: messages you send us via the contact form or email.

Information collected automatically: — Usage data: features you use, screens you visit, and actions you take within the app. — Device information: device type, operating system version, and app version. — Analytics data: profile view counts and NFC tap counts associated with your account. — Log data: IP addresses, access times, and error logs when you use the Service.

NFC data: Tappa reads NFC tags only when you actively initiate a scan within the app. We do not read NFC data in the background. NFC content you scan is processed on-device to display results; it is not transmitted to our servers unless you explicitly take an action (such as viewing a Tappa profile, which loads data from Firestore).

We use the information we collect to: — Create and manage your account and profile. — Display your public profile when someone views your Tappa link. — Provide analytics on profile views and NFC device taps. — Process subscription payments (handled by Apple App Store or Google Play — we do not store payment card details). — Send transactional emails (account verification, password reset). — Respond to support requests and enquiries. — Improve the Service through aggregate usage analytics. — Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

Tappa is built on Google Firebase infrastructure:

— Firebase Authentication: manages your sign-in credentials securely. — Cloud Firestore: stores your profile data, device records, and analytics counts. — Firebase Storage: stores your profile photo.

These services are operated by Google LLC and are subject to Google's Privacy Policy. Data is stored on Google Cloud infrastructure, primarily in data centres within the European Economic Area and United States.

We also use: — Google Sign-In: as an optional authentication method. — Vercel: to host the Tappa website.

We do not integrate advertising networks, data brokers, or social media tracking pixels.

When you create a Tappa profile, the information you choose to add (name, photo, job title, company, contact details, social links) becomes publicly accessible at your profile URL (tap.tappa.me/yourname).

You control what appears on your public profile. You can update or remove any field at any time from within the app. Removing a field removes it from your public profile immediately.

Your profile URL may be indexed by search engines. If you delete your account, your profile is removed and the URL becomes unavailable, though cached copies may persist briefly in search engine indexes.

We retain your account and profile data for as long as your account is active. If you delete your account, we delete your profile data, uploaded photos, and associated analytics within 30 days. Anonymised aggregate statistics (e.g. total tap counts without identity) may be retained indefinitely for service improvement.

Log data is retained for up to 90 days for security and debugging purposes.

Depending on your location, you may have the following rights regarding your personal data:

— Access: request a copy of the personal data we hold about you. — Correction: request that inaccurate data be corrected. — Deletion: request that your account and associated data be deleted. — Portability: request your data in a machine-readable format. — Objection: object to certain processing activities.

To exercise any of these rights, contact us at fixit@tappa.me. We will respond within 30 days.

If you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

Tappa is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at fixit@tappa.me and we will delete it promptly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), Firebase Security Rules limiting database access, and secure credential storage.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. The "Last updated" date at the top of this page reflects the date of the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: fixit@tappa.me Website: tappa.me/contact

We aim to respond to all privacy enquiries within 5 business days.