TapRooted Privacy Policy

Information We Collect

TapRooted may collect the following categories of information, depending on how you use the service:

• account and profile data
• waitlist submissions
• contact exchange submissions
• tap notes
• saved contacts
• analytics and tap telemetry
• connection-handshake signals
• transactional and optional marketing communications

Profile owners may provide names, public URLs, headlines, biographies, contact information, profile media, links, stories, scheduling settings, and other information they choose to publish or keep private. Visitors may provide waitlist details, contact exchange details, tap notes, saved-contact activity, or engagement signals when interacting with a public profile.

How We Use Information

TapRooted uses information to provide, maintain, secure, and improve the service, including to:

• create and manage TapRooted accounts and profiles;
• publish virtual cards, public URLs, QR destinations, and NFC card destinations;
• deliver contact cards, tap notes, saved-contact functionality, and connection signals;
• send transactional messages, waitlist updates, and optional marketing communications;
• measure privacy-aware profile activity, product usage, and service reliability;
• detect, prevent, and respond to spam, abuse, security incidents, and policy violations.

How We Share Information

TapRooted shares information with service providers that process data on our behalf and under our instructions. Current processors and infrastructure providers include:

• Vercel: application hosting, edge delivery, deployment, and platform security
• Supabase: authentication, database, storage, and related backend infrastructure
• Resend: transactional email delivery, including waitlist and contact-card messages
• Cal.com: calendar connection and scheduling surfaces when a profile owner enables booking
• Brevo: optional marketing contact sync and communications when enabled

TapRooted may also disclose information when required by law, to protect rights and safety, to investigate abuse, or as part of a merger, financing, acquisition, reorganization, or similar business transaction.

Visitor Choices and Profile Visibility

Profile owners can choose whether a published card is public or uses a request-only preview mode. Visitors choose whether to share contact details with a profile owner, request a contact card by email, or opt into TapRooted marketing communications. Marketing opt-ins are separate from one-time contact-card delivery.

Retention

tap notes expire after 30 days. Other records may be retained as needed for product operations, support, abuse prevention, analytics, and legal or business purposes.

TapRooted does not currently offer a self-service data deletion or export portal. To ask about deletion, correction, access, or other privacy questions, contact us using the information below.

Security

TapRooted uses technical and organizational measures designed to protect information, including hosted infrastructure, authentication controls, row-level database access controls, server-side validation, and privacy-aware analytics design. No system can be guaranteed to be completely secure.

Children

TapRooted is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. The effective date above shows when this version became effective.

Contact

For privacy questions, contact privacy@taprooted.app. For general support, contact hello@gettaprooted.com.