TapIDPrivacy Notice
Security and privacy are core to TapID. The platform handles Personal Information — and in some cases special personal information such as health and emergency contact data. We've built TapID around a consent-first, security-first architecture aligned with the Protection of Personal Information Act (POPIA) in South Africa.
Key safeguards
Encrypted storage
Sensitive fields are encrypted at rest in protected cloud infrastructure.
Secure transport (HTTPS)
All data in transit is protected with industry-standard TLS.
Permission-based sharing
You explicitly choose, per check-in, which fields are shared with whom.
Role-based access
Businesses and admins only see the data their role permits.
Audit & consent logs
Every share, scan and check-in is logged with a digital consent record.
Device & session controls
Biometric quick-unlock, trusted devices, and optional MFA.
Data minimisation
We only request what's needed — nothing more.
Temporary share links
Set links to expire, deactivate them any time.
Your data, your control
Update or delete your information at any time from your vault.
Special & health information
Medical history, allergies, chronic conditions, medications and family GP details fall under special personal information. TapID applies stricter access controls to this data and only reveals it when you have explicitly authorised the recipient — for example by selecting Medical mode during a hospital or clinic check-in. Visibility is otherwise restricted.
What we commit to
- POPIA compliance and ongoing responsible information processing.
- Transparency about what is collected and how it is used.
- Clear consent management — every share is opt-in.
- Ongoing security reviews, penetration testing and compliance assessments.
Your rights
You can access, update or delete your information at any time from your vault. You may also revoke or expire any share link, and request a copy of your audit log.
For privacy enquiries contact privacy@tapid.app.
Retention & automated deletion
TapID keeps personal information only as long as it serves the purpose it was collected for. Different use cases have different retention windows, and deletion is automated where possible.
| Use case | Suggested retention |
|---|---|
| Visitor check-ins | 30 days |
| Events | 7–30 days |
| Churches | 60–90 days |
| Estates | 6–12 months |
| Kids ministry | Policy controlled |
| Medical info | Minimal duration |
Privacy-first by design
Privacy isn't a feature on TapID — it's the product. Every flow is built around four commitments that we treat as non-negotiable:
- Users control sharing. Nothing leaves your vault without an explicit consent action.
- Businesses only get necessary data. Forms enforce data minimisation per check-in.
- Retention is transparent. Each business publishes how long data is kept, in plain language.
- Deletion is automated. Retention windows expire data automatically — no manual cleanup required.