Privacy Policy
Effective date: November 4, 2025
This Privacy Policy explains how KVEX OÜ (doing business as “TapSafe”, “we”, “us”, “our”) collects, uses, and shares information when you use the TapSafe mobile app and tapsafeapp.com (the “Services”). After this, we say TapSafe for simplicity.
Controller: KVEX OÜ (TapSafe)
Registry code: EE102880610
Contact: contact@tapsafeapp.com
Registered office: Ahtri tn 12, 15551 Tallinn, Estonia
1) Information we collect
Account & identifiers — email, internal user ID, device/installation identifiers.
Location — precise location when you enable tracking or trigger an emergency feature (to share with your chosen contacts); may include background location if you turn it on.
Contacts you add — names and phone numbers of trusted contacts you store in TapSafe. We do not read your device address book unless you explicitly import contacts. When you add a contact, you confirm they have consented to receive non-marketing emergency alerts from you. TapSafe records a timestamp of that confirmation for compliance.
Usage & diagnostics — app interactions, crash logs, performance metrics, and basic analytics.
Purchases & subscriptions — non-sensitive purchase metadata (product ID, expiration, renewal/cancel state) from platform billing.
Emergency messages — messages are composed on-device. If you send via your phone’s SMS app, your carrier processes delivery. If an optional server-send is used, we process content transiently and may log metadata (time, recipient) for abuse prevention and troubleshooting.
2) How we use information
Provide core functionality (emergency SMS, sharing location you authorize); maintain subscriptions/entitlements; improve reliability and performance; prevent misuse; communicate updates and support.
SMS opt-out: Recipients of emergency SMS can reply “STOP” to opt out of further messages.
3) Legal bases (EEA/UK)
Consent (e.g., location, notifications), Contract (to provide the Services), Legitimate interests (security, diagnostics, basic analytics). You can withdraw consent at any time in device settings or in-app (this won’t affect prior processing).
4) Sharing & processors
We do not sell personal data. We use processors only as needed: Supabase (hosting/DB/auth), RevenueCat (subscriptions), Superwall (paywall), Apple/Google (in-app purchases, device services), Twilio/carriers (if server-send is enabled), and analytics/crash infrastructure. Each receives only what’s necessary under a contract.
5) Retention
Account & contacts: kept while your account is active and for a short period after deletion (e.g., up to 30 days) for recovery/legal obligations.
Location points: only while tracking/emergency is active and for a limited period (e.g., 30–90 days) for reliability, then deleted or anonymized.
Message logs (metadata): minimal and retained no longer than necessary to prevent abuse and support users.
You may request deletion of your data at any time — see Account deletion & data erasure.
6) Your choices
Manage location and notifications in device settings; add/remove contacts in the app; manage subscriptions via Apple/Google. Opt-out of analytics where offered in-app.
7) International transfers
Data may be processed outside your country; we apply lawful transfer mechanisms (e.g., SCCs) and vendor safeguards where required.
8) Children
TapSafe isn’t directed to children under 13 (or the minimum age in your region).
9) Your rights
Depending on your region (GDPR/UK GDPR/CCPA), you may request access, correction, deletion, portability, objection, or restriction.
Delete account/data: see Account deletion & data erasure for full details.
Complaint: you may lodge a complaint with your local data protection authority (in Estonia, the Data Protection Inspectorate) or with your supervisory authority. Account deletion & data erasure
TapSafe users may delete their account and associated data at any time using one of the following verified methods:
In-app: Go to Settings → Account → Delete Account. This will permanently delete your TapSafe account and associated personal data after confirmation.
Web form: Visit https://tapsafeapp.com/delete-account/ to submit a verified deletion request from your registered email.
Email: You may also send a request from your account email to contact@tapsafeapp.com with the subject "Delete my TapSafe account".
Once verified, we will delete your account profile, trusted contacts, and any stored location history or emergency message metadata within 30 days. Minimal records may be retained where required by law (for example, fraud prevention or audit logs). Purchase records managed by Apple or Google remain under their respective platforms.
If you reinstall or create a new account after deletion, your previous data cannot be recovered.
10) Security
We use industry-standard measures (e.g., encryption in transit, access controls). No system is 100% secure.
11) “Do Not Sell or Share” (CCPA/CPRA)
We do not sell or share personal information as defined by CPRA, and we don’t use personal data for targeted advertising.
12) Automated decision-making
TapSafe does not use automated decision-making that produces legal or similarly significant effects about you.
13) Changes
We may update this Policy and will update the effective date and, when appropriate, notify you in-app or by email.
Questions? contact@tapsafeapp.com
This document is for transparency and is not legal advice.
