Privacy Policy — Tapay
Last updated: June 3, 2026
Tapay ("Tapay", "we", "us") provides a mobile application that lets you make tap-to-pay payments, send and receive money, hold cash and crypto in a wallet, and trade crypto or cash peer-to-peer. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Tapay you agree to this Policy.
1. Information we collect
- Account & identity: email address, display name/username, and a unique account identifier, created when you sign in (authentication is provided by our partner Privy).
- Wallet & transaction data: custodial crypto wallet addresses, balances, deposits/withdrawals, peer-to-peer orders and trade history, and payment records.
- Payment details for peer-to-peer trades: bank account name, number and bank name that you add so counterparties can pay you for fiat trades.
- Verification (KYC): where required, identity-verification information and your verification tier/status.
- Contacts (optional): if you choose to find friends, we process a one-way hashed version of phone contacts to match existing Tapay users. We do not store your raw contacts.
- Device & technical data: a push-notification token (via Google Firebase Cloud Messaging), device/app version, and diagnostic/log data used for security and reliability.
2. How we use information
- Provide and operate the app: payments, transfers, wallet, and peer-to-peer trading with escrow.
- Authenticate you and secure your account (PIN/biometric lock, fraud and abuse prevention).
- Send transaction and request notifications you ask for.
- Provide customer support and resolve trade disputes.
- Comply with legal, regulatory, and anti-money-laundering obligations.
3. How information is shared
- Service providers who run the app on our behalf, including Privy (authentication and custodial wallet infrastructure), Supabase (database and backend hosting), and Google Firebase (push notifications). They may process your data only to provide these services.
- Other users, for a trade only: when you trade peer-to-peer, the counterparty sees the limited information needed to complete that trade (for example your display name and, for the party receiving cash, the payout bank details you provided).
- Blockchain networks: crypto transactions are recorded on public blockchains and are, by their nature, public and permanent.
- Legal & safety: where required by law, regulation, legal process, or to protect the rights, property, and safety of users and Tapay.
We do not sell your personal information.
4. Data security
We use industry-standard measures including encryption in transit, restricted server-side access, on-device app lock (PIN/biometric), and escrow protection on trades. No method of transmission or storage is 100% secure, but we work to protect your information.
5. Data retention
We keep your information for as long as your account is active and as needed to provide the service, and thereafter as required to meet legal, accounting, tax, or regulatory obligations (for example, transaction and AML records).
6. Your rights and choices
Depending on your location, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To make a request, contact us at the address below. You can also disable notifications and certain permissions in your device settings.
7. Children
Tapay is intended for adults aged 18 and over. It is not directed to children, and we do not knowingly collect personal information from children.
8. International transfers
Your information may be processed in countries other than your own. Where required, we use appropriate safeguards for such transfers.
9. Changes to this Policy
We may update this Policy from time to time. We will post the updated version here and revise the "Last updated" date above.
10. Contact us
Questions or requests about this Policy or your data: privacy@tapay.app.