TapIn Logo

TapIn

Privacy Policy

Last updated: December 22, 2025

1. Introduction

TapIn (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our patient check-in notification platform, including our mobile applications (iOS and Android), web dashboard, kiosk interface, and related services (collectively, the “Service”).

Please read this Privacy Policy carefully. By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password (if using email authentication), and profile information when you create an account.
  • Organization Information: Practice name, address, timezone, and configuration preferences.
  • Therapist Information: Name, occupation/title, profile photo, and notification preferences.
  • Patient Check-In Information: Patient name at check-in, used solely to notify the therapist of arrival.
  • Payment Information: Billing details processed through our payment providers (Stripe, Apple App Store, Google Play Store).
  • Feedback and Reviews: Ratings and comments submitted through the check-in process.
  • Communications: Information you provide when contacting us for support.

2.2 Information Collected Through Authentication

When you sign in using third-party authentication services, we receive:

  • Apple Sign-In: User identifier, name, and email address (as authorized by you).
  • Google Sign-In: User identifier, name, email address, and profile picture (as authorized by you).

2.3 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, and mobile network information.
  • Device Tokens: Push notification tokens for Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM).
  • Usage Data: Features used, actions taken, timestamps, and interaction patterns.
  • Kiosk Information: Device identifiers, heartbeat/status data, and configuration settings.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send check-in notifications to therapists when patients arrive
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve your experience
  • Comply with legal obligations

4. Patient Information

TapIn is designed with privacy in mind. We do not collect or store any health information, medical records, diagnoses, treatment details, or other Protected Health Information (PHI).

4.1 What We Collect

The only patient information collected is the patient's name at the time of check-in. This name is used solely to notify the therapist that their patient has arrived. No other patient information is collected, stored, or processed.

4.2 Data Retention

Check-in data, including patient names, is automatically deleted according to your Organization's configured retention period (default: 24 hours). This ensures that patient information is not retained longer than necessary for the check-in notification purpose.

4.3 No Health Data

TapIn does not collect, store, or have access to any medical records, health conditions, treatment information, insurance details, or any other health-related data. The healthcare relationship and all clinical information remain solely between the patient and their healthcare provider.

5. Sharing of Information

We may share your information in the following circumstances:

5.1 Within Your Organization

Check-in information is shared with therapists and administrators within your Organization as necessary to provide the Service.

5.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Payment Processing: Stripe for payment processing
  • Push Notifications: Apple Push Notification Service and Firebase Cloud Messaging
  • Email Services: Resend for transactional emails
  • Authentication: Apple and Google for sign-in services

5.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

5.5 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption: Data is encrypted in transit using TLS/HTTPS and at rest using industry-standard encryption
  • Secure Storage: Sensitive credentials are stored using platform-specific secure storage (iOS Keychain, Android EncryptedSharedPreferences)
  • Password Security: Passwords are hashed using BCrypt
  • Access Controls: Role-based access controls limit data access to authorized personnel
  • Token Expiration: Authentication tokens expire after 30 days

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Account Information

You may update, correct, or delete your account information at any time through the Service or by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.

7.2 Push Notifications

You can opt out of push notifications through your device settings or within the app. Note that disabling notifications may affect the core functionality of the Service.

7.3 Data Export

You may request a copy of your data by contacting us. We will provide your data in a commonly used, machine-readable format.

7.4 Account Deletion

You may request deletion of your account by contacting us. Upon deletion, we will remove or anonymize your personal information, except as required by law or for legitimate business purposes.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Opt-Out: We do not sell personal information, so there is no need to opt out of sales.

To exercise these rights, please contact us using the information provided below.

9. International Data Transfers

The Service is operated in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

10. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information. If you believe we have collected information from a child under 13, please contact us.

11. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specific retention periods include:

  • Check-in Data: Retained according to Organization settings (default: 24 hours)
  • Payment Records: Retained as required by law and for accounting purposes

Upon account termination, all data associated with your account will be deleted.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the “Last updated” date. We may also notify you via email or through the Service. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

TapIn

Email: alex@tapinforclinics.com

15. Information for Patients

If you are a patient using TapIn to check in at a healthcare practice, please note:

  • We only collect your name to notify your therapist that you have arrived
  • Your check-in information is automatically deleted according to the practice's retention settings (default: 24 hours)
  • We do not collect any health information, medical records, or treatment details
  • For questions about how your healthcare provider uses your information, please contact them directly