Your privacy and security of your personal information are very important to us. This Privacy Policy describes how we, TapTac, LLC, a limited liability company governed by the laws of the State of Florida, USA (hereinafter, "TapTac,"”we," “our,” or “us”), collect, store, use, and disclose personal information (as defined below) of users of our website and web application located at www.taptac.com (“Service”).

For purposes of this Privacy Policy, TapTac shall be considered a "data controller," which means that TapTac determines the purposes for which, and the manner in which, your personal information is processed, while our partners Twillio, Google Cloud, Zendesk, SendGrid and others shall be considered “data processors”. Data processors process personal data on behalf of a data controller. We aim to limit our collection of personal information to only such personal information as required for legitimate purposes. We take appropriate security measures to protect your personal information and also require this from third parties that process personal information of the Service users on our behalf. We respect your right to access your personal information or have it corrected or deleted, at your request. If you have any questions, or want to know exactly what personal information we keep about you, please contact us. All capitalized terms not defined herein are defined in our Terms of Service.

We may amend this Privacy Policy from time to time, you will be notified by our posting of a prominent notice on the Website prior to the updated version becoming effective or by email notification. By using or continuing to use the Service, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, store, use, and disclose your personal information in the following ways. If you do not agree with any practices in this Privacy Policy, please stop using the Service.

The Service enables our clients to deliver their electronic business cards to their current and potential clients (“End-Users”) and allows such End-Users to download and store such electronic business cards with contact information to their mobile phones. This Privacy Policy applies only to the actions of TapTac and our clients who purchased our Service. It does not extend to End-Users or any website that can be accessed from the Service. If you are an End-User and you want to learn how our clients manage your personal information, you must contact any such client directly.

“Personal information” is any information which is related to an identified or identifiable natural person. When you register for an account or use our Service, we may collect the following personal information from you: first and last name, business name, job title, email address, website address, mailing address, billing address, IP address, phone number, payment information, or any other personal information provided by you voluntarily (including personal information you enter into the service of non TapTac users).

We or any third party we work with may collect data which is anonymous and pseudonymous, including, but not limited to, web browser type, operating system type, browsing history, number of logins, the date, times and frequency with which you access the Service and the way you use and interact with its content, page views, language settings, and your average customer value (how much you earn, on average, by working with one client).

You may be required to provide certain personal information to us when (a) registering for an account; (b) signing up for special offers from selected third parties; (c) submitting your credit card or other payment information when subscribing to our Service; and (d) request support through our support center or online chat . Moreover, we may collect your personal information when you contact us through the Service, by phone, post, email or through other means or when you elect to receive marketing communications from us.

We only use information about you to support your experience throughout the Service or to communicate with you about the Service or other products or services we may offer in the future. In particular, we collect information about you to:

• recognize you as a registered user of the Service;
• verify your identity;
• process your orders and subscriptions;
• respond to your inquiries or requests;
• send you newsletters and information about the Service;
• conduct market research;
• allow our partners and vendors (including payment processing, marketing and shipping companies) to help us run our business smoothly;
• comply with all applicable laws or if we are required by law or by a court order to do so;
• investigate suspected fraud, harassment, danger to persons or property or other violations of any law, rule or regulation, our Terms of Service, or our Privacy Policy;
• analyze non-personal or aggregate information for Service improvement;
• transfer information in connection with the sale or merger or change of control of TapTac.

We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.

We do not sell, rent or lease personal information of our customers to third parties, however, from time to time, we may share your personal information with trusted third party vendors who we rely on in our daily operations to provide you with the Service. Such vendors may include a payment processing, sms processing, email marketing, hosting company, or customer support service. All such vendors are prohibited from using your personal information except to provide their services to TapTac, and they are required to maintain the confidentiality of your information. Such vendors may include, but not limited to, Google Cloud, Twilio, SendGrid, Zendesk, and Stripe.

TapTac may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with a legal process served on TapTac; (b) protect and defend the rights or property of TapTac; and/or (c) act under exigent circumstances to protect the personal safety of users of TapTac, or the public.

Stripe is our trusted vendor, which processes payments on our behalf. When you purchase a subscription, we will not store or collect your payment card details. The full payment information is provided directly to Stripe, whose use of your personal information is governed by its own privacy policy. Stripe adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

If you leave any feedback or suggestions (“Feedback”) via the Service or in an email to us, you hereby assign to TapTac all rights in the Feedback and agree that TapTac shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.

We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

TapTac may use "cookies" to help you personalize your online experience. To read more about cookies, read our Cookie Policy.

Data (including personal information) submitted to TapTac is hosted and stored in a secure, multi-tenant environment provided by Google’s Cloud service (operated by Google LLC). Data for each user is encrypted and decrypted separately using Google Global Fiber Network along with a variety of other techniques for logical separation to ensure that no data is co-mingled. Google Cloud’s physical architecture that hosts TapTac is located in the United States. By submitting personal information, you agree to its transfer, storage or processing in the United States. Please keep in mind that the data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. By providing your personal information, you consent to any transfer of your data and processing in accordance with this Privacy Policy.

Once you cancel your subscription, you will be able to decide whether you would like us to keep your data associated with your account or whether you would like us to delete it. Currently, our policy is to keep all data by default so that it will be available in case you would like to access it later by purchasing a new subscription. For the avoidance of doubt, you will be able to access, export, or print any data associated with your account as long as your account is active. Notwithstanding the foregoing, we can not guarantee that we will continue this practice indefinitely, and we reserve the right to delete any data from an inactive account at any time.

To delete your account:

• if your account is still active: navigate to your profile and click on “Delete Account”;
• if your account is inactive: submit a request to delete your account through our Exercise Your Rights webpage.

This action is final, no backups will be retained; it will not be possible to retrieve any data after it has been deleted.

The security of your information is very important to us. We and Google Cloud apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). Notably, on our end, access to the Service’s database with your personal information is held behind administrative logins and managed, controlled and limited to authorized website administrators and support technicians only.

Moreover, Google will implement and maintain technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 of Google’s Data Processing and Security Terms (the “Security Measures”). The Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of Google’s systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. Google may update the Security Measures from time to time provided that such updates do not result in the degradation of the overall security of its services.

Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.

When you use your login credentials on our Service, you are solely responsible for keeping them confidential. Do not share them with anyone. If you believe your password has been misused, please contact us immediately. You are also responsible for the security of your personal devices and for making sure they are protected against unauthorized access.

Our Service does not respond to and does not support the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences will not be communicated to us in the HTTP request header, and we will continue tracking your browsing behavior.

The age of majority depends upon jurisdiction and application, but it is generally set at eighteen (18). Minors may use the Service but only with the consent of a parent or a legal guardian. We do not knowingly collect or solicit personal information from anyone under the age of majority. If you are under the age of majority or have not reached the age of consent, your parent or legal guardian shall place an order for you on the Service. If you are under the age of majority, please do not send or share any information about yourself to us, or other users of the Service, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from an individual under the age of majority without the consent of a parent or legal guardian, we will delete that information as quickly as possible.

The Service may contain links to third party websites. We have no control over such websites and are not responsible for the content of these websites. This Privacy Policy does not extend to your use of such websites. You are advised to read the privacy policies or statements of other websites prior to using them.

The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals accessing websites from the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the Service from a European country, is compliant with GDPR.

If you are accessing and using the Service from the European Union and the European Economic Area, you have the following rights with regard to your personal information:

• the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy Policy for you);
• the right of access (you can request us to provide you verbally or in writing the type of information we store about you and we have 30 days to respond to your request);
• the right to rectify (amend/correct) any personal information about you that is inaccurate;
• the right to erasure (some conditions apply, see Data Retention section below);
• the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the Service, you may be asked to stop using the Service;
• the right to data portability (the right to data portability allows users of the Service to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so if it is technically feasible);
• the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing - read our opt-out instructions below; you may express your objection verbally or in writing and we have 30 days to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
• the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.

If you would like to exercise any of the above rights, please contact us through our Exercise Your Rights webpage and your request will be processed within thirty (30) days.

We represent and warrant that your personal information is:

1. processed lawfully, fairly and transparently;
2. collected only for specific legitimate purposes;
3. collection of personal data is adequate, relevant and limited to what is necessary;
4. accurate and kept up to date (with your help);
5. stored only as long as is necessary; and
6. is secure and kept in confidence.

Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally, in writing or through our Exercise Your Rights webpage and we have 30 days to respond to any such request.

Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.

The California Consumer Privacy Act (“CCPA”) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information of California residents. CCPA provides California residents with five core rights to data privacy and an effective way to control their personal information.

If you are a California resident, you have the following rights with regard to your personal information:

1. the right to know what personal information is being collected about you.
2. the right to know whether your personal information is sold or disclosed and to whom.
3. the right to say no to the sale of personal information (“the right to opt out”); we have created a Do Not Sell My Personal Information webpage that provides you with more details on this matter.
4. the right to access your personal information (under CCPA, a business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period).
5. the right to equal service and price, even if you exercise your privacy rights.

Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:

1. complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
2. detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
3. debug to identify and repair errors that impair existing intended functionality;
4. exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
5. comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
6. engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
7. enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
8. comply with a legal obligation;
9. otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

If you would like to exercise any of the above rights, please contact us through our Exercise Your Rights webpage and your request will be processed within forty-five (45) days.

Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days’ written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the 30 days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Contact us should you need to exercise any of your rights under CCPA.

Lei Geral de Proteção de Dados (“LGPD”) is the Brazilian general data protection law, which applies to businesses that process the personal data of users located in Brazil. LGPD establishes rules on collecting, handling, storing and sharing of personal data managed by organizations.

According to the article 18 of LGPD, individuals have the following nine rights over their data processing:

1. The right to receive a confirmation about processing of their personal data;
2. The right to access their personal data;
3. The right to correct incomplete, inaccurate or out-of-date personal data;
4. The right to anonymize, block or delete unnecessary or excessive data or data processed in noncompliance with the provisions of LGPD;
5. The right of portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
6. The right to delete their personal data;
7. The right to know who their data is being shared with (e.g., third parties, sub-processors, public, and private entities);
8. The right to know how to deny consent and what would be the consequences of denying consent to collect personal data; and
9. The right to revoke consent.

TapTac has appointed a Data Protection Officer (DPO), who will receive requests and complaints, and who will communicate with its clients, End-Users, and local authorities (as and when required under LGPD). If you are located in Brazil, you may exercise any of the above rights by contacting TapTac’s DPO, whose contact information you will find at the bottom of this Privacy Policy or through our Exercise Your Rights webpage and your request will be processed within fifteen (15) days.

You may receive updates, newsletters, surveys, offers, ads and other promotional materials from us or our vendors via your email. You may indicate a preference to stop receiving further communications or notifications from us or any such vendors by following the unsubscribe link provided in the email you receive or by contacting us directly. Despite your indicated preferences, we may send you service related communication, including notices of any updates to our Terms of Service, Privacy Policy, Cookie Policy, or other statements.

You have the right to know what personal information we keep about you. You may also modify or remove information about you that is stored by us by logging into your account and changing your information there, by submitting a request through our Exercise Your Rights webpage or by emailing us at legal@taptac.com.

TapTac welcomes your questions or comments regarding this Privacy Policy. If you believe that TapTac has not adhered to this Privacy Policy in one way or the other or if you have any requests or questions, please submit a request at our Exercise Your Rights webpage or contact us at:

TapTac LLC
80SW 8th Street, Suite 2000, Miami, FL 33130, USA.
Name of DPO: Moshiko Zaguri
Support: help.taptac.com
Email: legal@taptac.com