Privacy Policy

Last updated: March 2026

At Tap2, we take your privacy seriously. This policy explains what information we collect, why we collect it, and how we use it — in plain English.

What we collect

To run your account and process payments, we collect:

• Business information — your business name, EIN, address, and business type
• Representative information — name, date of birth, and the last 4 digits of your SSN (required for identity verification)
• Payment transaction data — amounts, timestamps, card types, and transaction status
• Device information — device model, OS version, and app version for troubleshooting
• Push notification tokens — to deliver real-time transaction alerts to your device

How we use it

We use the information we collect to:

• Process payments and transfer funds to your bank account
• Verify your identity and business (KYC/KYB) as required by financial regulations
• Send transaction receipts to you and your customers
• Provide customer support and troubleshoot issues
• Improve the Tap2 app and services

Who we share with

We share your data only with the partners necessary to process payments:

• Stripe and Moov — our payment processors. They receive the information required to process transactions, verify your identity, and comply with financial regulations. Both are subject to their own privacy policies and security standards.
• Twilio and Resend — used to deliver SMS and email receipts on your behalf.

We do not sell your data to third parties. Ever.

Data retention

We retain your account data for as long as your account is active. Transaction records are kept for as long as required by applicable financial regulations (typically 7 years). If you request account closure, we will delete your personal data from our systems within 30 days, except where we are required by law to retain it.

Security

We take security seriously:

• Passkey authentication — we use Face ID and fingerprint authentication instead of passwords, eliminating credential theft
• Encryption in transit — all data is transmitted over TLS
• Encryption at rest — sensitive data is encrypted in our database
• Edge computing — we use Cloudflare Workers, which keeps your data protected by Cloudflare's global security infrastructure

Your rights

You have the right to:

• Access your data — request a copy of the personal data we hold about you
• Request deletion — ask us to delete your account and personal data
• Opt out of marketing — unsubscribe from any marketing emails at any time using the link in the email

Contact

Questions about this policy or your data? Email us at support@tap2.cc. We'll respond within 48 hours.