Privacy policy

Tappi is a review-management service operated by the company behind thetappi.com. We act as a processor for end-customer data flowing through our customers' accounts, and as a controller for our customers' own account data (signup email, billing details, etc.).

Customer (account-holder) data: email address, name, organization details, billing information (handled by Stripe; we receive only customer + subscription IDs), audit-log entries for actions taken in the dashboard.

End-customer data (when an end customer taps a tag): truncated IP address, user-agent string, device kind, the tag they tapped, the rating they gave, any textual feedback they leave, and — only if they choose to provide it — their email address and name to receive a reward.

Cookies: session cookies for authentication and CSRF protection. No third-party advertising or tracking cookies.

To deliver the service: render the rating prompt, route ratings to the appropriate channel, deliver reward emails, send transactional notifications, run usage analytics aggregated at the org level. We do not sell or share end-customer personal data with third parties for marketing.

• Supabase — database, authentication, file storage. EU region.
• Vercel — application hosting + edge network.
• Stripe — payment processing. We receive only metadata; card details never touch our servers.
• Resend — transactional email delivery.
• Upstash — rate limiting + email-dedup cache.
• Sentry — error monitoring (excludes PII fields by default).
• Google — when a customer connects Google Business Profile, we hold an OAuth refresh token and read review URLs through their API.

Primary storage in EU (Supabase eu-west-1). Some subprocessors operate globally and may process data in transit through US infrastructure. Customers can request a list of the processing locations applicable to their account at any time.

Account data: as long as the account is active, plus 90 days post-cancellation as a recovery window. Scan events + feedback: 24 months by default; customers can request shorter retention. Reward codes: kept for the lifetime of the account so audit history stays intact.

Under GDPR / UK GDPR, end customers have the right to access, correct, port, or delete their personal data. Requests should be sent to the venue (account-holder) where the data was collected — they are the controller. We will action operator-side deletion requests within 30 days.

TLS in transit, encryption at rest (Supabase default), service-role-only access to token storage, audit logging on all sensitive operations, signature verification on third-party webhooks, RLS on every multi-tenant table.

Privacy queries: hola@automify.xyz. Tappi is operated by its parent company Automify, so privacy correspondence routes through the Automify inbox.