TapSafe
Login

Privacy & data protection

Last updated: October 2025

Introduction

This Privacy & Data Protection notice explains how TapSafe ("we", "our", "us") collects, uses, discloses and protects personal data when you use our website and services. It applies to data collected directly from users of our platform, as well as data provided to us by our customers (venues) about their staff or incidents where relevant.

Who is the data controller?

The data controller is York Place Solutions Ltd. For privacy enquiries and data subject requests, please contact us via our contact form.

Data we collect

We collect and process different categories of personal data depending on how you use the service. Examples include:

  • Account information: names, email addresses and login credentials for user accounts.
  • Operational data: incident reports, timestamps, notes and related details entered by staff.
  • Support and communications: emails, messages and logs needed to provide support.
  • Technical data: IP addresses, device and browser information necessary for security and troubleshooting.

Authentication: We use a third-party authentication provider, Clerk, to authenticate users and manage sign-ins. When you sign in, minimal authentication data (for example email or social login identifier) is shared with Clerk and with TapSafe as necessary to create and manage your account. Clerk acts as a processor on our behalf; see Clerk's privacy information at https://clerk.com/privacy and security documentation at https://clerk.com/docs.

Purpose and lawful basis for processing

We process personal data for the following purposes:

  • To provide and operate our service, including authentication, account management and storing incident records (contractual necessity).
  • To communicate with users and respond to support requests (legitimate interests / contract).
  • To secure our platform, prevent fraud, and detect abuse (legitimate interests).

Data retention

We retain personal data only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods may vary by data type and are documented internally. If you need specific retention details for your organisation, contact us and we will provide the relevant information.

Data subject rights

Depending on applicable law, individuals may have rights including access, rectification, deletion, restriction of processing, objection, and data portability. To exercise your rights, please contact us via our contact form. We will respond in accordance with legal requirements.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. Access to personal data is limited to authorised personnel and contractors who need access to perform their role.

Authentication data: Authentication flows and credential handling are managed by Clerk. Clerk provides features such as multi-factor authentication, session management and secure storage of authentication credentials. We rely on Clerk's security controls for those functions.

International transfers

If we transfer personal data outside the UK or EEA, we will put in place appropriate safeguards such as standard contractual clauses or other legally-approved transfer mechanisms to protect your rights.

Children

Our services are not intended for children under 16 and we do not knowingly collect personal data from children. If you believe we have collected data about a child, contact us and we will take steps to remove it where required.

Changes to this notice

We may update this Privacy & Data Protection notice periodically. We will publish any changes on this page and update the "Last updated" date.

Contact

For privacy enquiries, data subject requests, or questions about this policy, please contact us via our contact form.