This policy explains what data we process when merchants and end-customers interact with Tapify, why we process it, and the choices you have. Tapify is built for transparency — no dark patterns, no data sold to third parties.
Tapify is a software platform that helps merchants run digital loyalty programs and issue Apple Wallet, Google Wallet, and web-based passes. This policy covers data we process as a controller for our merchant customers (account, billing, support) and as a processor on behalf of merchants for their end-customers (pass holders).
Throughout this document, “Tapify”, “we”, and “us” refer to the Tapify service. “You” refers to the reader — either an authenticated merchant user or an end-customer whose pass is issued by a merchant using Tapify.
Account data — name, email address, workspace name, subdomain, and team roles you configure when signing up or inviting colleagues.
Merchant configuration — loyalty rules, branding assets, and location settings you enter through the dashboard.
End-customer data — when a merchant issues a pass, we process the minimum identifiers required to mint and update that pass (such as a pass serial number, enrolment email where applicable, and reward balance).
Technical data — IP address, device user-agent, authentication events, and request logs are generated automatically to secure the service and debug issues.
To operate the platform — authenticate users, issue and update wallet passes, deliver loyalty scans, and surface analytics in the dashboard.
To communicate — send transactional emails (sign-in codes, invitations, receipts) and infrequent product announcements.
To secure the service — detect abuse, rotate credentials, investigate incidents, and keep audit trails.
We do not sell personal data, and we do not use end-customer data to train third-party advertising models.
Where the GDPR, UK GDPR, or comparable local law applies, we rely on: performance of a contract to deliver the service you have signed up for; legitimate interests to keep the service secure and to improve it; consent where we ask for it (for example, optional marketing emails); and compliance with legal obligations.
You can withdraw consent at any time by replying to the relevant email or by updating your workspace preferences.
We share data with a short list of subprocessors that power core infrastructure — authentication and database hosting (Supabase), transactional email (Resend), payments (Stripe), and wallet-pass delivery endpoints operated by Apple and Google.
Each subprocessor is bound by a data-processing agreement. A current list with regions and purposes is available on request from your workspace email.
Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing.
Merchant users can update or delete most account data directly from the dashboard; end-customers should contact the merchant who issued their pass in the first instance, since that merchant is the controller of the pass relationship.
We keep account and configuration data for as long as the workspace is active, plus a short window after closure for backups and legal obligations. Technical logs are rotated within 90 days unless required for an open investigation.
All traffic is encrypted in transit with TLS. Production databases are encrypted at rest. Access is gated by short-lived tokens and role-based permissions, and privileged operations are audited.
We may update this policy as the service evolves. Material changes will be highlighted on this page and, where appropriate, notified by email. The date at the top reflects the most recent revision.
For privacy questions, data subject requests, or to report a concern, write to us from your registered workspace email via the address listed on our Support page.
Reach our team from your workspace email. Data-subject requests are acknowledged within five business days.