Privacy Policy

1. Information we collect

We collect information you provide directly, information generated when you use the Services, and limited technical information automatically collected when you visit our site.

• Account and profile. Name, email address, username, password (stored using one-way hashing; we do not store your plain-text password), and profile image (which may be provided by you or, if you sign in with Google, from your Google account).
• Contact and payout information. Phone number, mailing address (street, city, state, postal code), and payout identifiers you choose to provide (such as PayPal email, Venmo username, or Cash App identifier) to facilitate potential rewards or payouts.
• Usage and session data. When you use tapping features, we may record session details such as start and end times, tap timing metrics (e.g., average or fastest tap rate), counts of messages processed, and points earned in connection with your account.
• Message review context. To enable you to review and approve queued outbound SMS, we display message content and related metadata (for example, recipient identifiers) retrieved from our backend systems and integrated services. That content may include information about third parties; you should treat it as confidential as described in our Terms of Service.
• Authentication and security. We use cookies and similar technologies to maintain your signed-in session (for example, session tokens associated with NextAuth). We may also collect IP address, browser type, device type, and standard server log information.

2. How we use information

We use information to:

• Provide, operate, and improve the Services;
• Authenticate users and secure accounts;
• Run points, leaderboards, and (when available) rewards or payout processes;
• Detect, investigate, and help prevent fraud, abuse, and violations of our policies (including analyzing unusual session or tap patterns);
• Enforce bans or restrictions and respond to support requests;
• Comply with law, respond to legal process, and protect rights, safety, and property; and
• Send service-related notices (we do not currently use the Services to send marketing emails unless we tell you otherwise and offer appropriate choices).

3. How we share information

We do not sell your personal information as that term is commonly understood under the California Consumer Privacy Act (CCPA/CPRA). We share information only as described below:

• Service providers. Vendors that help us host, secure, or operate the Services (for example, cloud hosting, database providers, or authentication providers) may process information on our behalf under contractual obligations.
• Google Sign-In. If you use Google OAuth, Google processes information according to Google’s policies. Google Privacy Policy
• Queued messaging infrastructure. When you approve messages, we transmit limited data (which may include your account email, batch identifiers, and message approval payloads) to our integrated messaging queue systems as needed to perform the Services.
• Legal and safety. We may disclose information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect rights, safety, or security.
• Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.
• Leaderboard. We may display your username, profile image, and points publicly on the leaderboard.

4. Cookies and similar technologies

We use cookies that are essential for authentication and session management. You can control cookies through your browser settings; disabling certain cookies may prevent you from signing in or using parts of the Services. We do not currently use third-party advertising or analytics cookies in the product; if we add them, we will update this policy and provide appropriate choices where required.

5. Retention and deletion

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods may depend on the nature of the data and legal requirements. You may request deletion of your account and associated personal information by contacting us at privacy@tapper.gg. We may retain certain records where required by law or for legitimate business purposes (such as security logs or fraud prevention). Points and rewards eligibility may be forfeited upon deletion or termination as described in our Terms of Service.

6. Security

We use administrative, technical, and organizational measures designed to protect information, including hashing passwords and using encrypted connections (HTTPS) where configured. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7. U.S. state privacy rights (including California)

Depending on where you live, you may have rights to know, access, delete, or correct certain personal information, and to opt out of certain processing (such as “sale,” “sharing,” or targeted advertising, where applicable). We do not sell personal information for money. If our practices change, we will provide legally required notices and links (for example, “Do Not Sell or Share My Personal Information” where required).

California residents: You may have rights under the CCPA/CPRA, including the right to know categories and specific pieces of personal information collected, the right to delete personal information subject to exceptions, the right to correct inaccurate personal information, and the right not to receive discriminatory treatment for exercising privacy rights. You may designate an authorized agent to make a request where permitted by law.

To submit a request, email privacy@tapper.gg. We will verify your request consistent with applicable law. Appeals (where applicable) may be submitted to the same address.

8. International users (GDPR and UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process personal data as described in this policy. Our lawful bases may include: performance of a contract (providing the Services you request); legitimate interests (such as securing the Services, preventing fraud, and improving functionality), where not overridden by your rights; consent, where required; and legal obligation.

You may have the right to access, rectify, erase, restrict processing, data portability, and object to certain processing, and where processing is based on consent, the right to withdraw consent. You may lodge a complaint with a supervisory authority. To exercise rights, contact privacy@tapper.gg. If we transfer personal data from the EEA/UK to countries not deemed adequate, we will use appropriate safeguards as required by law (such as Standard Contractual Clauses).

9. Children’s privacy

The Services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

10. Third-party links and services

The Services may reference or link to third-party sites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.

11. Automated decision-making

We may use automated methods to help detect fraud or abuse (for example, flagging highly unusual tap timing). These processes may inform human review or enforcement actions. Where required by law, we will provide additional disclosures about such processing and your rights.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the effective date. If changes are material, we will provide additional notice as appropriate (for example, a banner on the Services or email where we have your address).

13. Contact us

Tapper.gg — Privacy inquiries: privacy@tapper.gg

See also our Terms of Service.