T
tappr
Legal

Privacy Policy

We built tappr to help Instagram sellers grow their business. Here is exactly how we handle your data โ€” clearly, honestly, without the legalese.

Effective: April 28, 2026
Applies to tappr.shop and app.tappr.shop
Governed by Indian IT Act 2000
01

Who We Are

tappr ("we", "us", "our") is a SaaS platform that helps Instagram sellers create product links, manage orders, and accept payments. tappr is operated by ArunKumar V, a sole proprietorship registered in Erode, Tamil Nadu, India.

This Privacy Policy applies to all users โ€” whether you are a seller (someone who creates a store on tappr) or a buyer (someone who purchases from a tappr store).

By using tappr, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our platform.

02

What We Collect

Information you provide directly

๐Ÿช
Sellers

Name, email, password, Instagram handle, phone, store name, UPI IDs, payment QR codes, product details and images

๐Ÿ›๏ธ
Buyers

Name, phone number, email (optional), delivery address, order details and payment method used

๐Ÿ“ฑ
WhatsApp

Phone numbers used for order notifications sent via our WhatsApp Business account

Information collected automatically

Product page views and click counts (aggregated, not personal)
Device type and browser when you visit tappr
IP address for security and fraud prevention
Order timestamps and transaction metadata

Payment information

tappr does not store credit or debit card numbers. Payments are processed directly via UPI (GPay, PhonePe) between buyers and sellers. tappr only stores the payment method used (e.g., "GPay") for order records.

03

How We Use Your Information

To run the platform โ€” create your store, manage products, process orders
To send notifications โ€” WhatsApp alerts for new orders, status updates, and low stock
To show order tracking โ€” buyers can track orders via unique order links
To prevent fraud โ€” rate limiting on orders, detecting suspicious activity
To improve tappr โ€” aggregated analytics to understand which features are used most
To comply with Indian law โ€” tax records, GST compliance as required

We do not sell your personal data to third parties. We do not use your data for advertising. tappr is completely ad-free.

04

Who We Share Data With

We share data only with trusted service providers who help us run tappr:

Infrastructure and Storage

Supabase โ€” database, authentication, and file storage
Netlify โ€” web hosting

Communication

WATI โ€” WhatsApp Business API for order notifications

Between Sellers and Buyers

When you place an order, your name, phone number, and delivery address are shared with the seller so they can fulfil your order. This is essential to the service.

All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

05

Data Storage and Retention

All data is stored on Supabase infrastructure with encryption at rest and in transit (TLS/SSL)
Seller account data is retained as long as the account is active
Order data is retained for 7 years to comply with Indian GST and tax regulations
If you delete your account, personal data is deleted within 30 days except where required by law
Product images are stored in Supabase Storage with public read access
06

Cookies and Local Storage

tappr uses minimal cookies and browser storage:

Authentication session โ€” to keep you logged in as a seller (essential, cannot be disabled)
Cart data โ€” stored in your browser so your cart persists across page reloads
Sidebar preference โ€” whether your dashboard sidebar is collapsed or expanded

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

07

Your Rights

Under the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023 (India), you have the right to:

Access โ€” request a copy of all personal data we hold about you
Correct โ€” update incorrect information via your Settings page
Delete โ€” request deletion of your account and personal data
Portability โ€” export your order history and product data as CSV
Withdraw consent โ€” opt out of WhatsApp notifications at any time via Settings

To exercise any of these rights, email us at privacy@tappr.shop. We will respond within 30 days.

08

Security

All data is encrypted in transit using TLS 1.3
Passwords are hashed using bcrypt โ€” we never store plain text passwords
Seller payment details (UPI IDs) are only accessible to authenticated sellers
Order access tokens are randomly generated 32-character hex strings
Row-level security (RLS) is enabled on all database tables

If you discover a security vulnerability, please report it responsibly to security@tappr.shop

09

Children's Privacy

tappr is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

10

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

Update the "Last updated" date at the top of this page
Send a notification to registered sellers via email
Show an in-app banner for 7 days after the change
11

Contact Us

If you have any questions about this Privacy Policy, reach out to us:

tappr Privacy Team

We typically respond within 1 to 2 business days.

privacy@tappr.shopsupport@tappr.shop
Erode, Tamil Nadu, India