Privacy Policy

How Tapify SRL collects, uses, stores, and protects personal data across the website, mobile app, and Tapify services.

Updated: May 29, 2026

1. Who we are

This policy explains how Tapify SRL processes personal data when you use tapify.ro, the Tapify Tab mobile app, the Tapify dashboard, and related services.

The data controller is Tapify SRL. For privacy questions, contact us at contact@tapify.ro.

2. Data we collect

  • Account data: name, email address, encrypted password, preferred language, role, and email verification status.
  • Service usage data: associated NFC or virtual cards, balances, transactions, consumption sessions, products, locations, and operation history.
  • Device and authentication data: access tokens, refresh tokens, platform, device model, operating system version, and push notification tokens.
  • Approximate or precise location data, only if you grant permission, to show or sort nearby locations.
  • Camera or photo library data, only when you use QR scanning or upload profile, product, or venue images.
  • NFC data, only when you use NFC/HCE scanning or authentication features.
  • Website technical data, including locally stored theme preference and, if Google Analytics is enabled, aggregated traffic data.

3. How we use data

  • To create accounts, authenticate users, verify email addresses, and reset passwords.
  • To provide access to taps, cards, digital wallet, sessions, dashboard, and management features.
  • To calculate balances, consumption history, reports, operational alerts, and poured-volume traceability.
  • To send account, session, order, maintenance, and security notifications.
  • For security, fraud prevention, internal audit, troubleshooting, and service improvement.
  • To comply with legal, tax, accounting, and regulatory obligations.

4. GDPR legal bases

  • Contract performance or pre-contractual steps, to provide your account and Tapify services.
  • Legal obligations, for tax, accounting, security, and authority-response requirements.
  • Legitimate interests, for security, abuse prevention, service administration, and product improvement.
  • Consent, for optional permissions such as location, push notifications, camera, photo library, or certain communications.

5. Mobile permissions

The app requests permissions only when needed for specific features. You can withdraw permissions from your device settings, but some features may stop working.

  • Camera is used for QR code scanning and, where applicable, profile photos or dashboard image uploads.
  • NFC is used to scan cards, authenticate, and check balances.
  • Location is used to sort venues or credits by proximity.
  • Push notifications are used for operational account, session, and order messages.

6. Who we share data with

We do not sell personal data. We may share data with providers that help us operate the service, only as necessary and under confidentiality and security obligations.

  • Hosting, cloud infrastructure, file storage, and content delivery providers.
  • Email, push notification, monitoring, security, and technical analytics providers.
  • HoReCa operators or business clients using Tapify, for data needed to manage venues, cards, transactions, and sessions.
  • Public authorities, advisers, or legal partners when required by law or to defend our rights.

7. International transfers

Some technical services may be provided from outside the European Economic Area. In these cases, we use appropriate safeguards such as standard contractual clauses or other GDPR-recognized transfer mechanisms.

8. Data security

We use technical and organizational measures to protect personal data, including secure transmission, access control, authentication tokens, secure on-device storage for sensitive data, and role-based access limits.

9. Retention and deletion

We keep data as long as needed to provide the services, meet legal, tax, or accounting duties, and support legitimate interests such as security and legal defense. Account data can be deleted or anonymized on request, except information we must retain by law or for fraud prevention.

10. Your rights

Subject to legal limits, you have rights of access, rectification, deletion, restriction, objection, portability, and withdrawal of consent. To exercise your rights, contact us at contact@tapify.ro.

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing: dataprotection.ro.

11. Account deletion

If you have an app account, you may request account deletion at contact@tapify.ro or through tapify.ro/account-deletion. We will process the request according to legal requirements and inform you if any data must be retained.

12. Changes to this policy

We may update this policy to reflect changes in our services, laws, or internal processes. The updated version will be published on this page.