Privacy Policy

Effective Date: 16 April 2026

1. Introduction

Taptugo (“we”, “us”, “our”) operates an online business directory. We are committed to protecting the privacy of our users and the personal data they provide to us. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services, in accordance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data Controller

Taptugo is the data controller responsible for your personal data. If you have questions about this policy or your data rights, you may contact us at:

Email: [your contact email]
Address: [your registered business address]

3. What Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form)

3.2 Business Listing Data

When you submit a business listing, we collect:

  • Business name, address, and contact details
  • Business description and category information
  • Name and email address of the person submitting the listing

3.3 Payment Data

Payments are processed by Stripe. We do not store your full credit card number or payment credentials on our servers. Stripe may collect and process payment data in accordance with their own privacy policy. We receive limited transaction data such as the last four digits of your card, billing address, and transaction status.

3.4 Technical Data

We automatically collect certain technical information when you visit our site:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent on our site
  • Referring website address

3.5 Server-Set Cookies

Our site uses server-set cookies that are essential for the functioning of the website (such as session management and authentication). These cookies do not collect personal information or track your browsing activity across other websites. No third-party tracking or advertising cookies are used.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

  • Contract: Processing necessary to provide you with our services (account management, listing publication, payment processing).
  • Legitimate Interest: Processing necessary for the operation, security, and improvement of our platform, provided this does not override your fundamental rights.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.
  • Consent: Where required, we will seek your explicit consent before processing (e.g. optional marketing communications).

5. How We Use Your Data

We use the data we collect to:

  • Create and manage your user account
  • Publish and maintain business listings on the directory
  • Process payments via Stripe
  • Communicate with you about your account or listings
  • Ensure the security and integrity of our platform
  • Comply with legal obligations
  • Improve and develop our services

6. Data Sharing

We do not sell your personal data. We may share your data with:

  • Stripe: Our payment processor, for the purpose of handling transactions. Stripe acts as an independent data controller for payment data.
  • Hosting and infrastructure providers: Who process data on our behalf under strict data processing agreements.
  • Legal authorities: Where required by law, regulation, or court order.

Any third-party processors we engage are required to comply with GDPR and process data only on our instructions.

7. International Data Transfers

Some of our service providers (including Stripe) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the recipient’s participation in an adequacy framework.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account data is retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations.
  • Business listing data is retained for as long as the listing is active, and for a reasonable period after removal.
  • Payment records are retained as required by applicable tax and accounting laws.
  • Technical/server logs are retained for up to 12 months.

9. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to Restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [your contact email]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your national Data Protection Authority.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit, secure storage of passwords, access controls, and regular security reviews.

11. Children

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Where changes are significant, we will notify you by email or through our platform.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [your contact email]
Address: [your registered business address]