TapSafe Privacy Policy

Effective date: September 17, 2025

This Privacy Policy explains how KVEX OÜ (doing business as “TapSafe”, “we”, “us”, “our”) collects, uses, and shares information when you use the TapSafe mobile app and tapsafeapp.com (the “Services”). After this, we say TapSafe for simplicity.

Controller: KVEX OÜ (TapSafe)
Registry code: EE102880610
Contact: contact@tapsafeapp.com
Registered office: Ahtri tn 12, 15551 Tallinn, Estonia

---

1) Information we collect

Account & identifiers — email, internal user ID, device/installation identifiers.
Location — precise location when you enable tracking or trigger an emergency feature (to share with your chosen contacts); may include background location if you turn it on.
Contacts you add — names and phone numbers of trusted contacts you store in TapSafe. We do not read your device address book unless you explicitly import contacts. When you add a contact, you confirm they have consented to receive non-marketing emergency alerts from you. TapSafe records a timestamp of that confirmation for compliance.
Usage & diagnostics — app interactions, crash logs, performance metrics, and basic analytics.
Purchases & subscriptions — non-sensitive purchase metadata (product ID, expiration, renewal/cancel state) from platform billing.
Emergency messages — messages are composed on-device. If you send via your phone’s SMS app, your carrier processes delivery. If an optional server-send is used, we process content transiently and may log metadata (time, recipient) for abuse prevention and troubleshooting.

2) How we use information

Provide core functionality (emergency SMS, sharing location you authorize); maintain subscriptions/entitlements; improve reliability and performance; prevent misuse; communicate updates and support.

SMS opt-out: Recipients of emergency SMS can reply “STOP” to opt out of further messages.

3) Legal bases (EEA/UK)

Consent (e.g., location, notifications), Contract (to provide the Services), Legitimate interests (security, diagnostics, basic analytics). You can withdraw consent at any time in device settings or in-app (this won’t affect prior processing).

4) Sharing & processors

We do not sell personal data. We use processors only as needed: Supabase (hosting/DB/auth), RevenueCat (subscriptions), Superwall (paywall), Apple/Google (in-app purchases, device services), Twilio/carriers (if server-send is enabled), and analytics/crash infrastructure. Each receives only what’s necessary under a contract.

5) Retention

Account & contacts: kept while your account is active and for a short period after deletion (e.g., up to 30 days) for recovery/legal obligations.
Location points: only while tracking/emergency is active and for a limited period (e.g., 30–90 days) for reliability, then deleted or anonymized.
Message logs (metadata): minimal and retained no longer than necessary to prevent abuse and support users.

You may request deletion of your data at any time via the in-app deletion option (when available) or by emailing contact@tapsafeapp.com.

6) Your choices

Manage location and notifications in device settings; add/remove contacts in the app; manage subscriptions via Apple/Google. Opt-out of analytics where offered in-app.

7) International transfers

Data may be processed outside your country; we apply lawful transfer mechanisms (e.g., SCCs) and vendor safeguards where required.

8) Children

TapSafe isn’t directed to children under 13 (or the minimum age in your region).

9) Your rights

Depending on your region (GDPR/UK GDPR/CCPA), you may request access, correction, deletion, portability, objection, or restriction.
Delete account/data: use any in-app option (if available) or email contact@tapsafeapp.com from your account email.
Complaint: you may lodge a complaint with your local data protection authority (in Estonia, the Data Protection Inspectorate) or with your supervisory authority.

Account deletion & data erasure

TapSafe users may request full account and data deletion at any time. All requests are processed through our verified contact email below to ensure user identity protection.

You can request deletion of your TapSafe account and associated personal data at any time in one of the following ways:

• In-app: Settings → Account → Delete Account (coming soon). This will submit a verified deletion request from your signed-in account.
• Email: Send a request from your account email to contact@tapsafeapp.com with the subject “Delete my TapSafe account”. We’ll verify ownership and process the request.

What will be deleted: your account profile, trusted contacts you added, and location history and message metadata stored by TapSafe. We may retain minimal records (e.g., fraud-prevention, audit logs) where required by law, and platform purchase records stored by Apple/Google are managed by those platforms.

We aim to complete deletions within 30 days of verification. If you reinstall or re-register after deletion, your previous data won’t be recoverable.

10) Security

We use industry-standard measures (e.g., encryption in transit, access controls). No system is 100% secure.

11) “Do Not Sell or Share” (CCPA/CPRA)

We do not sell or share personal information as defined by CPRA, and we don’t use personal data for targeted advertising.

12) Automated decision-making

TapSafe does not use automated decision-making that produces legal or similarly significant effects about you.

13) Changes

We may update this Policy and will update the effective date and, when appropriate, notify you in-app or by email.

Questions? contact@tapsafeapp.com

This document is for transparency and is not legal advice.