Privacy Policy

This Privacy Policy describes how TAPLY (hereinafter "we", "our") collects, uses, stores and protects your personal data when you use our platform accessible at taply.so (hereinafter "the Platform").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the French Data Protection Act of January 6, 1978, as amended.

1. Data Controller

The data controller is:

• RM ECOM — operating under the TAPLY brand
• Registered office: 18 rue Goubet, 75019 Paris, France
• SIRET: 883 393 944 00011
• Email: hello@taply.so

2. Data Collected

2.1 Data provided directly by you

• Registration data: first name, last name, email address, password (encrypted)
• Profile data: profile picture, company name, industry (optional)
• Billing data: billing address, payment information (processed by Stripe, not stored on our servers)
• Order data: shipping address, phone number (for physical products)
• Created content: links, landing pages, texts, images, lead collection forms
• Communications: messages sent to our support team

2.2 Data collected automatically

• Browsing data: IP address, browser type, operating system, pages visited, date and time of connection
• Usage data: features used, clicks, interactions with the Platform
• Performance data: loading times, technical errors
• Analytics data: click statistics on links, QR code and NFC product scans (country, device, browser, referrer)
• Cookies: session identifiers, preferences, analytics and marketing trackers (see section 7)

2.3 Data collected through third parties

• Google Sign-In: first name, last name, email address, profile picture (if you use Google sign-in)
• Stripe: payment status, Stripe customer ID (bank details remain with Stripe)

3. Purposes of Processing

Your data is processed for the following purposes:

4. Data Sharing

Your personal data may be shared with the following third parties:

• Stripe: payment processing (PCI DSS certified)
• Vercel: Platform hosting
• MongoDB Atlas: database hosting
• Google Cloud Storage: file storage (images, media)
• Amazon SES: transactional email delivery
• Meta (Facebook): advertising tracking pixel (with consent)
• Google: Google Ads tracking (with consent)

We never sell your personal data to third parties. Subprocessors are contractually bound to process your data in compliance with GDPR.

4.1 Transfers outside the EU

Some of our subprocessors are located in the United States (Vercel, Stripe, MongoDB, Google, Amazon, Meta). These transfers are governed by the mechanisms provided by GDPR: Standard Contractual Clauses (SCCs) or adequacy decisions of the European Commission, as applicable.

5. Data Retention

• Account data: retained as long as the account is active, then 30 days after account deletion
• Billing data: 10 years (accounting and tax obligations)
• Analytics data (clicks, scans): rolling 24 months
• Collected leads: retained as long as the workspace is active, deleted within 30 days after workspace deletion
• Cookies: maximum 13 months (in accordance with CNIL recommendations)
• Security logs: 12 months

6. Your Rights

In accordance with GDPR, you have the following rights:

• Right of access: obtain a copy of the data we hold about you
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request the deletion of your data ("right to be forgotten")
• Right to restriction: restrict the processing of your data in certain cases
• Right to portability: receive your data in a structured, machine-readable format
• Right to object: object to the processing of your data for direct marketing purposes
• Right to withdraw consent: withdraw your consent at any time for processing based on consent

To exercise these rights, contact us at hello@taply.so. We will respond within 30 days.

You also have the right to file a complaint with the CNIL (French Data Protection Authority): www.cnil.fr.

7. Cookies

7.1 Essential cookies

These cookies are necessary for the Platform to function and cannot be disabled. They include session, authentication and security cookies.

7.2 Analytics cookies

We use Vercel Analytics to measure traffic and understand how users interact with the Platform. This data is anonymized and aggregated.

7.3 Marketing cookies

With your consent, we use Meta Pixel and Google Ads to measure the effectiveness of our advertising campaigns and show you relevant ads. You can withdraw your consent at any time.

7.4 Cookie management

You can configure your browser to block or delete cookies. Note that blocking essential cookies may prevent the Platform from functioning properly.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration:

• Data encryption in transit (HTTPS/TLS)
• Passwords hashed with secure algorithms
• Restricted data access (principle of least privilege)
• Continuous system monitoring
• Secure payments via Stripe (PCI DSS Level 1 certified)

9. Data Collected by Our Users

When you use TAPLY to create lead collection forms, you act as the data controller for data collected from your own users. You are required to:

• Inform data subjects about the collection of their data
• Obtain their consent where necessary
• Respect their rights (access, rectification, deletion)
• Comply with GDPR and all applicable legislation

TAPLY acts as a data processor for the storage and processing of this data in accordance with Article 28 of the GDPR.

10. Changes

We reserve the right to modify this Privacy Policy at any time. In case of a substantial modification, we will inform you by email or via a notification on the Platform. The date of the last update is indicated at the top of this page.

11. Contact

For any question regarding the protection of your personal data:

• Email: hello@taply.so
• Website: taply.so