We collect information you provide directly, information generated by your use of our platform, and information from third-party services.
| Category | Examples | Source |
|---|---|---|
| Identity & Contact | First name, last name, email address, phone number | Provided by you at registration |
| Profile Information | Profile photo (avatar), city, state/province, country, referral code | Provided by you |
| Financial Information | Wallet balances, transaction history, gas balance, reward balances, bank account or card details for funding/withdrawal | Generated by platform use; payment details processed by Stripe |
| Transaction Data | Payment amounts, timestamps, sender/receiver IDs, gas fees, cashback credits, profit share records | Generated automatically on each transaction |
| Marketplace Data | Listing details, order history, fulfillment status, dispute reports, seller/buyer interactions | Generated by marketplace activity |
| Network & Referral Data | Referral relationships, referral codes, and network activity | Generated by platform use |
| KYC / Verification Data | Identity verification documents and status as required by applicable law | Provided by you; processed by our verification providers (see Section 3) |
| Technical & Usage Data | IP address, browser type, device type, pages visited, login timestamps, last login date | Collected automatically |
| Communications | Support requests, messages you send to us | Provided by you |
We use the information we collect to:
We do not sell your personal information. We share information only in the following circumstances:
| Recipient | Information Shared | Purpose |
|---|---|---|
| Stripe, Inc. | Name, email, bank/card details, identity verification data | Payment processing, Connect onboarding, identity verification (Stripe Identity), fraud prevention |
| PayMongo Philippines, Inc. | Name, email, phone, identity verification data, transaction records (PHP-denominated) | Philippine payment processing and BSP-required KYC for PHP transactions |
| Supabase, Inc. | All platform data stored in our database | Database hosting, authentication, file storage |
| Meta Platforms, Inc. | Phone number, WhatsApp message content, delivery status | WhatsApp Business message delivery to opted-in users (transactional only); subject to the WhatsApp Business Messaging Policy |
| Other TΛPΛT Users | Display name, referral code, profile photo (where applicable), transaction confirmation | Enabling payments, referral tracking, marketplace interactions |
| Identity Verification Services | Government ID and related documents (when KYC is required) | Regulatory compliance (Stripe Identity, PayMongo, and TΛPΛT internal review, depending on jurisdiction and transaction type) |
| Affiliate Partners | Click events (no personal data transferred by TΛPΛT) | Commission attribution when you click affiliate links; partners such as Amazon may set their own cookies subject to their own privacy policies |
| Law Enforcement / Regulators | Data required by valid legal process | Legal compliance, fraud investigation |
| Business Successors | All platform data | Merger, acquisition, or sale of assets (users will be notified) |
All third-party service providers are contractually required to handle your data in accordance with applicable privacy law and to use it only for the purposes for which it was shared.
TΛPΛT uses Stripe, Inc. to process payments and facilitate fund transfers. When you add funds, withdraw funds, or complete a transaction involving external bank accounts or payment cards, your payment information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy.
TΛPΛT does not store full payment card numbers or bank account credentials on our servers. Stripe handles all sensitive payment data in a PCI-DSS compliant environment.
For users onboarded through Stripe Connect, Stripe collects additional identity and banking information to comply with financial regulations. This information is governed by Stripe's terms and privacy policy in addition to ours.
TΛPΛT is in the process of onboarding with PayMongo Philippines, Inc., a BSP-regulated payment facilitator, to support payment processing in Philippine Peso (PHP) and local methods such as GCash, Maya, and bank transfers. Once active, users transacting in PHP will have their payment and KYC information processed by PayMongo under PayMongo's Privacy Policy in addition to ours. We will update this Policy once the integration is live.
We take the security of your personal and financial information seriously. Our safeguards include:
No security system is impenetrable. If you believe your account has been compromised, contact us immediately at support@tapat.dev.
We retain your information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements.
Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at privacy@tapat.dev. We will respond within 30 days. Note that we may need to verify your identity before fulfilling a request, and some requests may be limited by legal obligations.
TΛPΛT is a Progressive Web App (PWA) and uses minimal browser storage:
You can clear browser local storage at any time through your browser settings, which will sign you out of TΛPΛT.
TΛPΛT is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at privacy@tapat.dev and we will promptly close the account and delete the associated data.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by sending a notification to your registered email address. Your continued use of TΛPΛT after changes take effect constitutes your acceptance of the updated policy.
We encourage you to review this page periodically.
When you opt in to SMS messaging at account creation (or later in Account settings), TΛPΛT collects and retains the following data to operate the SMS program:
How SMS data is used: exclusively for the purposes described in our SMS Messaging Policy — delivering transactional messages, verifying consent when required by carriers or regulators, and honoring opt-out requests.
SMS delivery providers: TΛPΛT uses Amazon Web Services (AWS End User Messaging / SNS) and, for Philippine delivery, Semaphore, to transmit SMS messages. Your mobile number and message content are shared with these providers solely for the purpose of delivering the message to your carrier.
Mobile opt-in data is never shared with third parties for marketing. Your phone number, consent record, and SMS interaction history are not sold, rented, or licensed to any third party.
Retention: Consent records and opt-out records are retained for as long as you have a TΛPΛT account and for up to seven (7) years after account closure, as required by U.S. TCPA recordkeeping obligations. Individual message content may be purged sooner per our general data-retention schedule in §6.
For complete opt-in, opt-out, and program details, see our SMS Messaging Policy.
For users outside the United States, TΛPΛT may deliver transactional notifications via WhatsApp instead of SMS. WhatsApp delivery is provided through Meta Platforms, Inc.'s WhatsApp Business Platform. When you opt in to WhatsApp messaging, the following applies:
What we send via WhatsApp: account verification codes (OTP), payment confirmations, withdrawal status updates, security alerts, referral and rewards notifications, and other transactional or service messages directly tied to your TΛPΛT account activity. We do not send promotional or marketing messages via WhatsApp.
How to opt out: Reply STOP to any TΛPΛT WhatsApp message, block the TΛPΛT WhatsApp Business contact in your WhatsApp app, or disable WhatsApp notifications in your TΛPΛT Account settings. All three methods are honored automatically.
Data shared with Meta: When you receive a WhatsApp message from TΛPΛT, your phone number and the message content are processed by Meta Platforms, Inc. via the WhatsApp Business Platform for the purpose of delivering the message to your device. Meta's processing of WhatsApp business messaging is governed by the WhatsApp Business Messaging Policy and the WhatsApp Business Data Transfer Addendum. Meta acts as a processor of the message data for transmission purposes and does not use the content of TΛPΛT business messages to target advertising.
WhatsApp messaging providers: TΛPΛT uses Amazon Web Services (AWS End User Messaging Social) as the technical interface to the WhatsApp Business Platform. AWS receives the message and routes it to Meta for delivery to your device.
Standard WhatsApp data charges: WhatsApp messages count against your mobile data plan or Wi-Fi connection rather than your SMS allowance. Standard data rates from your mobile carrier may apply.
If you do not have WhatsApp installed: If we attempt to send you a WhatsApp message and your number is not registered with WhatsApp, or if delivery fails, we may fall back to SMS or email, depending on your account preferences and which channels you have opted into.
Retention: WhatsApp consent records, message logs, and opt-out records are retained on the same schedule as SMS records — for the duration of your TΛPΛT account and up to seven (7) years after account closure.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: