Privacy Policy

Last updated: 21 March 2026

1. Who we are

TapStamp ("we", "us", "our") operates the TapStamp mobile application and the business dashboard at dashboard.tapstamp.co.uk. We are a UK-based service providing digital loyalty stamp solutions to small businesses and their customers.

For any privacy-related enquiries, please contact us at privacy@tapstamp.co.uk.

2. Data we collect

We collect the following personal data depending on how you use TapStamp:

App users (customers)

  • Name (first and last)
  • Email address or phone number (used for sign-in)
  • Date of birth (optional, for birthday rewards)
  • Stamp and reward history (which businesses you visit, stamps collected, rewards redeemed)
  • Device information (FCM token for push notifications)

Business users (dashboard)

  • Business name and contact details
  • Email address (for sign-in and reports)
  • Payment information (processed by Stripe; we do not store card details)
  • Business logo and branding settings

3. How we use your data

  • To provide the loyalty stamp service (collecting stamps, redeeming rewards)
  • To send push notifications (offers, rewards, updates) when you have opted in
  • To provide business analytics and reports to business owners
  • To process subscription payments via Stripe
  • To send email reports to business owners (via Resend)
  • To deliver birthday rewards when you have provided your date of birth
  • To improve our service and fix bugs

4. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract: Processing necessary to provide the TapStamp service you have signed up for
  • Consent: Push notifications and birthday rewards (you can withdraw consent at any time)
  • Legitimate interest: Service improvement, analytics, and fraud prevention

5. Third-party services

We share data with the following third-party services, all of which have their own privacy policies:

  • Google Firebase (Firestore, Authentication, Cloud Functions, Cloud Messaging) - data storage, authentication, and push notifications
  • Stripe - payment processing for business subscriptions
  • Resend - email delivery for analytics reports
  • Vercel - hosting for our website and business dashboard
  • Google Places API - business search for Google Reviews integration

We do not sell your personal data to any third party.

6. Data retention

  • Account data: Retained while your account is active. You may request deletion at any time.
  • Stamp and reward history: Retained while your account is active to provide the service.
  • Business data: Retained while the business subscription is active, plus 30 days after cancellation.
  • Push notification tokens: Automatically removed when invalid or when you uninstall the app.

7. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate personal data
  • Erase your personal data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, email privacy@tapstamp.co.uk. We will respond within 30 days.

8. Data security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), Firebase security rules, and Stripe PCI-compliant payment processing. NFC stamp verification uses AES-128 CMAC cryptographic signatures to prevent fraud.

9. Children

TapStamp is not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Cookies

Our website uses essential cookies required for the service to function (e.g. authentication sessions). We do not use tracking or advertising cookies.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes via the app or email. The "Last updated" date at the top of this page indicates when it was last revised.

12. Contact

If you have questions or complaints about this privacy policy, contact us at privacy@tapstamp.co.uk.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.