Privacy Policy
Last updated: March 11th, 2026
Privacy Policy
Last updated: March 11, 2026
This Privacy Policy explains how KVEX OÜ (doing business as “TapSafe”, “we”, “us”, “our”) collects, uses, and shares information when you use the TapSafe mobile app and website (the “Services”).
Controller: KVEX OÜ (TapSafe)
Registry code: EE102880610
Contact: support@tapsafe.app
Registered office: Ahtri tn 12, 15551 Tallinn, Estonia
1) Information we collect
Account & identifiers — email, internal user ID, device identifiers, installation identifiers, and similar account or device-related identifiers.
Location — precise location when you enable tracking or trigger an emergency feature to share with your chosen contacts. This may include background location if you enable it.
Contacts you add — names and phone numbers of trusted contacts you store in TapSafe. We do not read your device address book unless you explicitly import contacts. When you add a contact, you confirm they have consented to receive non-marketing emergency alerts from you where required. TapSafe may record a timestamp of that confirmation for compliance and auditing purposes.
Usage & diagnostics — app interactions, crash logs, performance metrics, technical diagnostics, and basic analytics.
Purchases & subscriptions — non-sensitive purchase metadata such as product ID, transaction status, expiration, renewal status, cancellation status, and related subscription or entitlement information provided by app store billing systems or subscription processors.
Emergency messages and messaging records — messages may be composed on-device or processed through our servers or service providers to deliver emergency-related communications. We may process message content transiently where needed for delivery. We may also retain related metadata and service records, such as send time, recipient, delivery status, estimated or actual message cost, messaging allowance or top-up balance, spend ledger entries, invite or resend counts, opt-in or opt-out events, and technical, fraud-prevention, or abuse-prevention signals needed to operate, secure, troubleshoot, and enforce limits on the messaging service.
2) How we use information
We use personal data to:
(a) provide TapSafe’s core functionality, including emergency alerts, location sharing you authorize, and trusted contact features;
(b) manage subscriptions, entitlements, messaging allowances, and purchased top-ups;
(c) operate, secure, maintain, and improve the Services;
(d) monitor usage, troubleshoot delivery failures, and support users;
(e) prevent spam, abuse, fraud, false emergencies, unlawful messaging, and attempts to circumvent service limits;
(f) comply with legal obligations and carrier, platform, or app store requirements; and
(g) communicate service, security, and support-related updates.
SMS opt-out: Recipients of TapSafe emergency SMS can reply STOP at any time to unsubscribe that phone number from future TapSafe emergency SMS. TapSafe does not send marketing or promotional text messages.
3) Legal bases (EEA/UK)
Where GDPR or UK GDPR applies, we rely on the following legal bases as relevant:
Contract — to provide the Services you request, including account functionality, emergency features, messaging-related functionality, subscription management, and support.
Consent — where required, such as for location permissions, notifications, contacts access, camera or microphone permissions, or other device-level permissions.
Legitimate interests — to secure the Services, prevent fraud and abuse, enforce fair-use and messaging limits, troubleshoot failures, maintain reliability, perform basic analytics, improve the Services, and establish, exercise, or defend legal claims.
Legal obligation — where processing is required to comply with applicable law, lawful requests, accounting, tax, consumer protection, regulatory, or other legal obligations.
You can withdraw consent at any time for permissions-based processing through your device or app settings. Withdrawal does not affect prior lawful processing.
4) Sharing & processors
We do not sell personal data.
We share personal data only as needed to operate the Services, including with service providers and processors such as Supabase (hosting, database, authentication), RevenueCat (subscriptions), Superwall (paywall), Apple and Google (device services and in-app purchases), messaging and telecommunications providers such as Twilio and downstream carriers, and analytics, crash-reporting, security, and infrastructure vendors.
These providers receive only the information reasonably necessary for their role and are subject to contractual or legal safeguards where required.
Text messaging opt-in data, consent records, and related emergency messaging data are not sold, rented, or shared for marketing purposes. They are disclosed only where needed to deliver, support, secure, monitor, or comply with the messaging service.
We may also disclose information where required by law, to respond to lawful requests, to protect the rights, property, or safety of TapSafe, users, recipients, or others, or in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business.
5) Retention
We keep personal data only for as long as necessary for the purposes described in this Policy, including to provide the Services, comply with law, resolve disputes, enforce our agreements, and protect the security and integrity of TapSafe.
In general:
Account and trusted contact data — kept while your account is active and for a limited period after deletion or closure, unless longer retention is required by law.
Location data and emergency-session data — retained only for the period reasonably necessary to provide the feature, support reliability, address related support or safety issues, and comply with legal obligations, after which it is deleted, anonymized, or de-identified according to our retention practices.
Messaging metadata and service records — such as send logs, delivery outcomes, opt-out records, spend ledger entries, invite or resend counts, and abuse-prevention or security records, are retained for as long as reasonably necessary to operate the messaging service, enforce limits, investigate misuse, respond to support issues, comply with legal or carrier requirements, and establish, exercise, or defend legal claims.
Purchase and transaction records — retained as required for billing, tax, accounting, fraud prevention, legal compliance, and dispute resolution.
When data is no longer needed, we delete, anonymize, or securely de-identify it.
6) Your choices
You can manage location and notifications in your device settings, add or remove contacts in the app, and manage subscriptions through Apple or Google.
Where offered, you may also opt out of analytics or similar optional data processing through in-app controls.
7) International transfers
Data may be processed outside your country. Where required, we use lawful transfer mechanisms, such as Standard Contractual Clauses, and apply vendor safeguards intended to protect personal data.
8) Children
TapSafe is not directed to children under 13, or under the minimum age in your region.
9) Your rights
Depending on your region and applicable law, including GDPR, UK GDPR, or CCPA/CPRA, you may have rights to request access, correction, deletion, portability, objection, restriction, or information about our processing practices.
You may also lodge a complaint with your local data protection authority. In Estonia, this is the Data Protection Inspectorate.
10) Account deletion & data erasure
TapSafe users may request deletion of their account and associated data at any time using one of the following verified methods:
In-app: Go to Settings → Account → Delete Account.
Website: Visit the TapSafe account deletion page on our website and submit a verified deletion request from your registered email address.
Email: Send a request from your account email to support@tapsafe.app with the subject line “Delete my TapSafe account”.
We aim to complete most verified deletion requests within 7 days, and in all cases within 30 days unless a longer period is required by law.
Once verified, we will delete your account profile, trusted contacts, and stored location history or emergency message metadata, except where limited retention is required for fraud prevention, security, audit logging, legal compliance, or the establishment, exercise, or defense of legal claims.
Purchase records managed by Apple, Google, RevenueCat, or other payment platforms remain subject to their own retention practices.
If you reinstall the app or create a new account after deletion, your previous data cannot be recovered.
11) Security
We use industry-standard measures such as encryption in transit and access controls. However, no system is 100% secure.
12) “Do Not Sell or Share” (CCPA/CPRA)
We do not sell or share personal information as defined by CPRA, and we do not use personal data for targeted advertising.
13) Automated decision-making
TapSafe does not use automated decision-making that produces legal or similarly significant effects in the sense of applicable data protection law.
However, we may use automated systems and rules to detect spam, fraud, abuse, unusual messaging activity, delivery risk, policy violations, or attempts to circumvent service limits, and to apply temporary restrictions or pauses to messaging-related features. If you believe a restriction was applied in error, you may contact support@tapsafe.app for review.
14) Changes
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date and, where appropriate, notify you in-app or by email.
Questions? support@tapsafe.app
This document is provided for transparency and is not legal advice.
