← Back to Tappzy

Privacy Policy

Last updated: February 25, 2026

1. Information We Collect

We collect different types of information depending on how you use Tappzy:

From page owners:

  • Email address — provided at purchase, used for authentication, sending your edit link, and account communications
  • Page content — links, profile information, images, business hours, menu items, reviews, and other content you add to your page
  • Analytics data — page views, link clicks, and referrer domains collected from visitors to your page
  • Subscriber emails — email addresses collected through your page's email signup widget, if enabled
  • Payment information — subscription payments are processed entirely by Stripe; we never see or store your card details
  • Stripe Connect data — if you enable Marketplace Features (paid links, tip jar, digital downloads), Stripe collects additional information as part of Connect onboarding, subject to Stripe's privacy policy
  • Uploaded files — files you upload for digital downloads are stored on our servers

From page visitors:

  • Analytics data — page views, link clicks, and referrer domains (no personal identification)
  • Email address — if voluntarily submitted through a page's email signup form
  • Contact form submissions — name, phone number, email, and message if submitted through a Business Plan contact form (delivered via email to the page owner, not stored by Tappzy)
  • Payment information — if purchasing through Marketplace Features, payments are processed by Stripe; we do not see or store card details
  • IP addresses — used temporarily for rate limiting and fraud prevention, not stored permanently

From event organizers and attendees:

  • Organizer email — provided at event purchase
  • Attendee data — names and email addresses submitted by organizers (via individual registration or bulk CSV import) for creating attendee pages
  • Event details — event name, dates, and tier information

2. How We Use Your Information

  • To create and host your link-in-bio page
  • To send you sign-in links for editing your page
  • To provide analytics on your page's performance
  • To prevent abuse and enforce rate limits
  • To process subscription and marketplace payments through Stripe
  • To deliver contact form messages to page owners via email
  • To create and manage event attendee pages
  • To send transactional emails (edit links, purchase confirmations, event notifications)

3. Third-Party Services

We use the following third-party services to operate Tappzy:

  • Google Firebase — hosting, database (Firestore), authentication, and file storage (Cloud Storage)
  • Stripe — subscription payment processing and marketplace transactions (via Stripe Connect)
  • Resend — transactional email delivery (sign-in links, contact form messages, event notifications)

Each of these services has their own privacy policy. We recommend reviewing them. Your use of Marketplace Features is also subject to Stripe's Connected Account Agreement.

4. Marketplace Data (Stripe Connect)

If you enable Marketplace Features (paid links, tip jar, digital downloads), payments between you and your customers are processed through Stripe Connect. Tappzy facilitates these transactions but does not hold funds on your behalf. Transaction data (amounts, platform fees) is processed by Stripe.

Digital download files are stored on our servers (Firebase Cloud Storage) and made available to purchasers. Files are removed when you delete them or when your page is deleted.

5. Contact Form Data (Business Plan)

Business Plan pages may enable a contact form. When a visitor submits a contact form, their name, phone number, email address, and message are sent directly to the page owner's email via our email provider (Resend). Tappzy does not store contact form submissions — they are delivered and not retained on our servers.

6. Event Attendee Data

When an event organizer creates an event, attendee names and email addresses are collected to create individual attendee pages. This data may be provided individually or via bulk CSV import.

Attendee data is stored in our database (Firestore) for the duration of the event. Attendee pages expire 1 day after the event end date. After expiration, attendee pages are no longer publicly accessible.

Event organizers are responsible for obtaining appropriate consent from attendees before submitting their personal data and for compliance with applicable data protection laws (including GDPR and CCPA).

7. Subscriber Data

If you enable email collection on your page, visitor email addresses are stored in your page's subscriber list in our database. You can export this data as CSV. You are responsible for how you use this data after exporting it. You agree to comply with all applicable email marketing laws including CAN-SPAM and GDPR.

8. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data is only shared with the third-party services listed above as necessary to operate the Service.

Marketplace transaction data is shared with Stripe as necessary to process payments. Contact form submissions are transmitted via Resend to deliver messages to page owners.

9. Cookies

Tappzy uses essential cookies for authentication (Firebase Auth). We do not use advertising or tracking cookies.

10. Data Retention

Your page data is retained for as long as your page exists. If you delete your page, all associated data — including analytics, subscriber emails, uploaded files, and marketplace history — is permanently removed.

Event attendee pages are active from the event start date until 1 day after the event end date. After expiration, attendee pages are no longer publicly accessible. Attendees may upgrade to a personal subscription to retain their page permanently.

Contact form submissions are not stored by Tappzy. Rate limiting data is automatically deleted after expiration.

11. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), Firebase security rules, server-side authentication, and rate limiting. Payment data is handled entirely by Stripe's PCI-compliant infrastructure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Your Rights

You have the right to:

  • Access the personal data we hold about you (visible in your editor)
  • Access and edit your page content at any time
  • Export your subscriber data as CSV
  • Delete uploaded digital download files at any time
  • Disable contact form, email collection, or marketplace features at any time
  • Request information about how your data is used by contacting us

If you are located in the EU/EEA, you may also have rights under GDPR including the right to rectification, data portability, and the right to lodge a complaint with a supervisory authority.

13. Children's Privacy

Tappzy is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that we have, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy at any time. Changes will be reflected by updating the "Last updated" date. For material changes, we will notify users via email. Continued use of the Service constitutes acceptance of the updated policy.

15. Contact

If you have questions about this Privacy Policy, contact us at jrockstudios19@gmail.com.