Privacy policy.

The short version

TapGate is built to need as little data as possible to work. Most of what TapGate does — unlocking your gate, sharing keys, revoking them — happens between your phone and the controller over Bluetooth. That traffic doesn't touch our servers.

We only collect data we genuinely need, we tell you why, and we never sell it.

What we collect

Account basics: email address and a hashed password if you sign in from the mobile app, plus any device name you set. This is stored with our auth provider (Supabase) inside the EU.

Gate pairings: the controller ID your phone is paired with, and the keys you've sent to other phones. We store this so you can reinstall the app without losing your setup.

TapGate Cloud (optional): if you subscribe, we also store open/close events with timestamps, so you can see activity logs from the dashboard. If you don't subscribe, this data is never sent off your phone.

Customer support: emails you send us, so we can reply and follow up.

What we don't collect

We don't collect location data, your gate's physical address, or any contact information from people you share keys with (only the phone number you type in to send the key, which is used once to deliver the link and is not retained by us).

We don't use third-party advertising or behaviour tracking on tapgate.app.

Who we share it with

Our infrastructure providers (Supabase for auth and database, Vercel for web hosting, Cloudflare for CDN) process data on our behalf under GDPR-compliant processing agreements.

Payment processors (Stripe, or the equivalent for your region) receive whatever is strictly necessary to complete a transaction — we never see your full card details.

We don't share, sell, or transfer your data to advertisers, data brokers, or third parties for their own use.

Your rights

Under GDPR you can request a copy of what we hold about you, ask us to correct or delete it, or port it elsewhere. Email privacy@tapgate.app and we'll respond within 30 days.

You can delete your account directly from the mobile app's settings — this removes all account data from our systems and revokes every cloud key you've issued.

Cookies

tapgate.app uses strictly necessary cookies (session, auth) and no advertising or tracking cookies. We don't use third-party analytics that profile visitors.

Changes

If we update this policy materially we'll notify account holders by email and update the date at the top. Minor clarifications happen in place.

Contact

Email privacy@tapgate.app. We're ISN Security Networks, a family-run business operating under EU law. Our full postal address is on the purchase invoice and the Terms page.