Privacy Policy

Last updated: May 25, 2026

Tappeat LLC ("Tappeat," "we," "our," or "us") operates the Tappeat Ads platform (https://ads.tappeat.com). This Privacy Policy describes how we collect, use, store, and protect your information when you use our services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Authentication credentials (via email/password or third-party OAuth providers such as Google or GitHub)
• Billing information (processed securely through Stripe; we do not store credit card numbers)
• Company or organization name (if provided)

1.2 Tracking and Analytics Data

As an ad tracking platform, Tappeat Ads processes the following data on behalf of our users:

• Click data: IP addresses, user agent strings, referrer URLs, timestamps
• Device information: Device type, operating system, browser, screen resolution
• Geographic data: Country, region, and city (derived from IP via MaxMind GeoIP2)
• Network data: ISP, connection type, carrier information
• Conversion data: Conversion events, payout amounts, conversion status
• Campaign tokens: Custom tracking parameters passed via campaign URLs

This data is collected on behalf of our users for their advertising campaign tracking purposes. Our users are the data controllers for this information, and Tappeat acts as a data processor.

1.3 Usage Data

We automatically collect information about how you interact with our platform:

• Pages visited within the application
• Features used and actions performed
• Browser type and version
• Time zone and language preferences

2. How We Use Your Information

We use the information we collect to:

• Provide our services: Process clicks, track conversions, generate reports, and route traffic for your advertising campaigns
• Manage your account: Authenticate access, process payments, and communicate about your subscription
• Improve the platform: Analyze usage patterns to enhance features, performance, and user experience
• Detect invalid traffic: Identify and filter bot traffic, datacenter IPs, proxy connections, and other forms of invalid traffic (IVT) to protect our users' campaigns
• Provide AI-powered features: Generate campaign insights, optimization recommendations, and landing page content (Pro plan)
• Send communications: Service notifications, security alerts, and product updates
• Comply with legal obligations: Respond to legal requests and prevent fraud or abuse

3. Data Storage and Security

Your data is stored on secure servers with the following protections:

• All data is encrypted in transit using TLS/SSL (HTTPS)
• Database connections are encrypted and access-controlled
• API credentials and secrets are stored encrypted and never exposed in application code
• Authentication tokens are managed via industry-standard protocols (Laravel Sanctum, Firebase Auth)
• Regular security audits and vulnerability assessments

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Service providers: We use third-party services to operate our platform, including Stripe (payments), Firebase (authentication), SendGrid (transactional emails), Amazon Web Services (storage), and MaxMind (IP geolocation). These providers process data solely on our behalf and under contractual data protection obligations.
• Traffic source APIs: When you connect traffic source accounts (Google Ads, Facebook Ads, TikTok, etc.) via our Automizer feature, we communicate with those platforms' APIs using your authorized credentials to manage campaigns on your behalf.
• Team members: If you use team features, data within your workspace is accessible to invited team members according to their assigned roles (Owner, Admin, Editor, Viewer).
• Legal compliance: We may disclose information when required by law, subpoena, or court order, or to protect the rights and safety of Tappeat, our users, or third parties.

5. Cookies and Tracking Technologies

Our marketing website (ads.tappeat.com) uses minimal cookies for essential functionality only. The Tappeat Ads application uses:

• Authentication tokens: To maintain your login session
• Local storage: To save your UI preferences (theme, language, view settings)

We do not use third-party advertising trackers or analytics cookies on our own platform.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a portable format
• Objection: Object to certain processing activities

To exercise any of these rights, contact us at privacy@tappeat.com.

7. International Data Transfers

Our servers are located in the United States. If you access our services from outside the United States, your data will be transferred to and processed in the United States. By using our services, you consent to this transfer.

8. Children's Privacy

Tappeat Ads is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when this policy was last revised.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Tappeat LLC
30 N Gould St, Ste N
Sheridan, WY 82801
United States

Email: privacy@tappeat.com