Privacy Policy

At TapSit ("we", "our", "the platform") we respect your privacy and are committed to protecting your personal data. This Privacy Policy describes what data we collect, how we use it, who we share it with, and the rights you have over it. It applies to the website tapsit.app and all associated services.

1. Data controller

The controller of the personal data collected through this platform is TapSit, accessible through the domain tapsit.app.

For any privacy inquiry, you can contact us at:

• Email: [email protected]
• Website: https://tapsit.app

2. Data we collect

2.1. Data you provide to us directly

• Registration data: name, email address, password (stored encrypted), business name, contact phone.
• Billing and business data: tax ID, legal name, establishment address, tax billing data.
• Uploaded content: product images, menu descriptions, schedule and table configuration.

2.2. Data we receive from Facebook (Facebook Login)

When you choose to register or sign in to TapSit using your Facebook account, we receive from Meta Platforms, Inc. only the following information from your public profile, according to the minimum permissions requested (email and public_profile):

• First and last name public associated with your Facebook account.
• Verified email address from your Facebook account.
• Public profile picture (avatar).
• Unique Facebook identifier (Facebook ID), required to link your TapSit account with your Facebook account for future logins.

We do not access your friends list, do not post on your behalf, do not read your messages, and do not collect any other information from your Facebook account. We also do not request additional permissions beyond email and public profile.

2.3. Data collected automatically

• Technical data: IP address, browser type and version, operating system, pages visited, date and time of access.
• Cookies and similar technologies: see section 9 of this policy.
• Analytics data: we use Google Analytics 4 and Microsoft Clarity to understand how the site is used. These tools may collect aggregated and anonymized data about your navigation.

2.4. Data of your end customers (processed on your behalf)

If you are a merchant using TapSit to receive orders, the platform processes data from your end customers (name, phone, delivery address, order history) on your behalf, as data processors. You are the controller of that data toward your customers.

3. What we use your data for

We use your personal data only for the following purposes:

• Authentication: to identify you securely when you sign in (including Facebook Login).
• Service delivery: to allow you to use TapSit features (menu, orders, tables, reservations, etc.).
• Communication: to send you operational notifications related to your account (orders received, plan changes, security notices).
• Support: to respond to your inquiries and requests.
• Billing: to manage payments, subscriptions and issue receipts.
• Service improvement: to analyze aggregate usage to detect errors and improve user experience.
• Legal compliance: to fulfill applicable legal, accounting and tax obligations.

We do not use the data received from Facebook for advertising purposes nor do we sell it to third parties.

4. Legal basis for processing

The processing of your data is based on:

• Contract performance: to provide you with the service you contracted.
• Consent: when you choose to sign in with Facebook or Google, you explicitly agree that we receive the minimum data described.
• Legal obligation: to comply with tax, accounting and consumer protection regulations.
• Legitimate interest: to ensure platform security and prevent fraud.

5. Who we share your data with

We do not sell your personal data. We only share data with third parties in the following cases:

• Infrastructure providers: Hetzner Cloud (hosting in Europe), Cloudflare (CDN and protection).
• Payment processors: Lemon Squeezy, MercadoPago (only when you subscribe or receive payments).
• Communication services: WhatsApp Business API (Meta Platforms) if you enable the integration.
• Analytics tools: Google Analytics, Microsoft Clarity (anonymized or aggregated data).
• Public authorities: when legally required by court order or competent authority.

All providers work under confidentiality and data processing agreements in accordance with applicable regulations.

6. How long we keep your data

• Active account: we keep your data while your account is active.
• After cancellation or deletion: we delete your personal data within a maximum of 30 days from the request or cancellation, except for those we must retain for legal obligation.
• Tax and billing data: up to 10 years, in accordance with applicable accounting legislation in Argentina.
• Technical and audit logs: up to 90 days.

7. How we protect your data

We implement reasonable technical and organizational measures to protect your data:

• Encryption in transit via TLS 1.2 or higher (HTTPS across the site).
• Encryption at rest of sensitive data (access tokens, passwords).
• Restricted access by roles and permissions.
• Access audits and logs of sensitive operations.
• Encrypted backups with limited retention.
• Firewall, rate limiting and protection against common attacks (XSS, CSRF, SQL injection).

Although we take all reasonable precautions, no system is 100% secure. We recommend you use strong passwords and not share them.

8. Your rights

In accordance with Argentina's Law 25.326 on Personal Data Protection and equivalent regulations, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or outdated data.
• Erasure ("right to be forgotten"): request the deletion of your personal data.
• Objection: object to the processing of your data for certain purposes.
• Portability: receive your data in a structured and commonly used format.
• Revoke consent: withdraw at any time the consent granted.

To exercise any of these rights, write to us at [email protected] from the email address associated with your account. We will respond within a maximum of 10 business days.

9. How to delete your data (Instructions for Facebook users)

If you registered or signed in using Facebook and want us to delete all data associated with your account, you have two options:

Option A — From TapSit (recommended)

1. Sign in at tapsit.app/login.
2. Go to Settings » Account and select "Delete my account", or alternatively write to [email protected] from your registered email requesting the cancellation.
3. We will confirm the request by email within 48 hours.
4. Your personal data will be deleted from our systems within a maximum of 30 days, except for those we must retain for legal obligation (tax billing).

Option B — From Facebook

You can also revoke TapSit's access to your Facebook account from your Facebook settings:

1. Sign in to Facebook.
2. Go to Settings & privacy » Settings » Apps and Websites.
3. Search for TapSit in the list, click Remove and confirm.
4. This also triggers an automatic request to our systems to delete the data linked to your Facebook ID within 30 days.

Direct request: For an immediate deletion request, write to [email protected] with the subject "Data deletion request - Facebook". We will confirm the deletion within 30 days by email.

10. Cookies and similar technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies: required for the site to work (session, authentication, CSRF protection). They cannot be disabled.
• Preference cookies: store your choices (language, theme, configuration).
• Analytics cookies: Google Analytics 4 and Microsoft Clarity help us understand site usage. They collect anonymized data.

You can configure your browser to refuse cookies, although some site features may not work properly.

11. International transfers

Your data may be processed on servers located outside Argentina (mainly Europe and the United States). In all cases, we guarantee an adequate level of protection through standard contractual clauses, internationally recognized certifications and providers that comply with regulations equivalent to Law 25.326.

12. Minors

TapSit is not directed at minors under 18 years old. We do not intentionally collect personal data from minors. If we detect that a minor has registered, we will delete their account and associated data immediately. If you are a parent or guardian and believe that a minor in your care has provided us with data, contact us at [email protected].

13. Changes to this policy

We may update this Privacy Policy to reflect legal, technical or business changes. When we make significant changes:

• We will notify you by email at the address associated with your account.
• We will publish a prominent notice on the platform.
• We will update the "Last updated" date at the beginning of this document.

Substantial changes may require your re-acceptance to continue using the service.

14. Contact

For any inquiry about this policy, the processing of your data, or to exercise your rights:

• Email: [email protected]
• Website: https://tapsit.app
• Suggested subject: "Privacy inquiry" or "Data deletion request"

If you believe we have not adequately addressed your request, you can file a complaint with the Agencia de Acceso a la Informacion Publica (AAIP) in Argentina, or with the data protection authority corresponding to your country of residence.