Privacy Policy

Last updated: February 28, 2026

Tapsy ("we", "our", "us") is operated by Dimitrije Pavlovic. This Privacy Policy explains how we collect, use, and protect your information when you use the Tapsy mobile application ("App"). By using Tapsy, you agree to the practices described in this policy.

1. Information We Collect

We collect only the minimum data necessary to provide the App's core functionality:

• First name – entered during onboarding to personalize the experience for your partner
• Anonymous user ID – generated automatically by Firebase Authentication; this ID is not linked to your real identity, email, or phone number
• Push notification token – used to deliver tap notifications to your device
• Tap data – timestamps and count of taps sent and received between you and your partner
• Subscription status – whether you have an active Premium subscription, managed through RevenueCat
• Pairing information – a pairing code and partner connection to enable the core tap functionality

2. Information We Do NOT Collect

We do not collect any of the following:

• Email address or password
• Phone number
• Location data (GPS or approximate)
• Contacts or address book
• Photos, videos, or media
• Health or fitness data
• Financial or payment information (payments are processed entirely by Apple)
• Browsing history
• Advertising identifiers (IDFA)

3. How We Use Your Information

Your data is used solely to:

• Deliver taps between you and your partner in real time
• Send push notifications when your partner sends you a tap
• Display your name to your partner within the App
• Manage your Premium subscription status
• Maintain your streak and tap history

We do not use your data for advertising, profiling, or marketing purposes.

4. Third-Party Services

Tapsy uses the following third-party services to operate:

• Firebase (Google) – for anonymous authentication, real-time database (Firestore), cloud functions, and push notifications (Firebase Cloud Messaging). Firebase Privacy Policy
• RevenueCat – for managing in-app subscriptions and receipt validation. RevenueCat processes your anonymous user ID and purchase history. RevenueCat Privacy Policy
• Apple App Store – for processing payments. We never see or store your payment details.

We do not share your data with any other third parties. We do not use analytics SDKs, advertising SDKs, or tracking tools.

5. Data Storage and Security

Your data is stored securely on Google Firebase servers located in the United States (us-central1). We use industry-standard security measures including encrypted data transmission (TLS/SSL) and Firebase Security Rules to restrict data access.

Only you and your paired partner can access your shared tap data. We do not access your data unless required for technical support at your request.

6. Data Retention

We retain your data for as long as you use the App. If you delete your account or disconnect from your partner, your data will be deleted from our servers within 30 days.

Tap history data is retained for the duration of your active pairing. Once a pairing is disconnected, tap history is permanently deleted.

7. Your Rights

You have the right to:

• Access your data – contact us to request a copy of the data we hold about you
• Delete your data – you can disconnect from your partner within the App settings, which removes your pairing data. To request full account deletion, contact us at the email below
• Withdraw consent – you can stop using the App at any time and request deletion of your data

We will respond to all data requests within 30 days.

8. Children's Privacy

Tapsy is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, port, and erase your data, as well as the right to object to or restrict processing. To exercise any of these rights, please contact us at the email below.

Our legal basis for processing your data is your consent (provided by using the App) and our legitimate interest in providing the App's functionality.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the App or by updating the "Last updated" date at the top of this page. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to request account deletion, please contact us at:

Email: dimitrijepavlovic.business@gmail.com

Developer: Dimitrije Pavlovic