Privacy Policy for Tapp.so Ltd.

Last modified: June 25, 2025

Tapp.so Ltd. (“Tapp.so”, “we”, “us”, or “our”) respects your privacy and is committed to protecting it through our compliance with this policy. With this privacy policy, we would like to inform you how we process personal data.

The data controller according to Art. 4 of the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“GDPR”) is:

Tapp.so Ltd
Unit 4.07 The Tea Building, 56 Shoreditch High Street
London, United Kingdom, E1 6JJ

If you have any questions relating to data protection, please get in touch with us at legal@tapp.so.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. This policy may change from time to time.

1. Collection and Use of Data

Intended Use

We base the processing of your data on the following legal bases:

• Your consent, if you have given us such consent (Art. 6(1)(a) GDPR).
• The initiation or execution of a contract with you (Art. 6(1)(b) GDPR).
• The fulfilment of legal obligations (Art. 6(1)(c) GDPR).
• The implementation of our legitimate interests (Art. 6(1)(f) GDPR).

When processing your data on the basis of our legitimate interests, we pursue the improvement of our services, the protection of our systems against attack, and the effective marketing of our services.

How We Use Your Information (Website Visitors & Customers)

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Website or any products or services we offer.
• For marketing and advertising purposes. You may opt out of receiving marketing communications at any time.

Children’s Privacy

Our Website and Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.

Information We Collect About You (Website Visitors & Customers)

We collect several types of information from and about users who visit our Website, including:

• Information you provide to us: such as your name, company name, postal address, email address, and phone number when you fill out forms, request a demo, or contact us.
• Technical information: such as your IP address, browser type, operating system, and usage details as you navigate through the site. This is collected through cookies and other tracking technologies.

2. Tracking Technologies on our Website

The technologies we use for data collection may include:

• Cookies: Small files placed on your device. You can refuse to accept browser cookies by activating the appropriate setting on your browser.
• Web Beacons: Small electronic files in our emails and on our pages that permit us to count users and gather other website statistics.

We use third-party services on our website for analytics and marketing. [IMPORTANT: Tapp.so must review and list its actual third-party service providers here. The following are examples.]

• Google Analytics: We use this service to understand how visitors engage with our site. We use Google Analytics with IP anonymization enabled.
• CRM & Marketing Automation: We may use tools to manage customer relationships and send marketing emails.

You can manage your consent for these technologies via the consent banner on our website.

3. Disclosure of Your Information

We may disclose personal information that we collect or you provide:

• To our subsidiaries and affiliates for the sole purpose of providing our services.
• To contractors, service providers, and other third parties we use to support our business (e.g., cloud hosting providers). These parties are contractually obligated to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, or other sale or transfer of some or all of Tapp.so’s assets.
• To comply with any court order, law, or legal process.
• With your consent.

4. Processing of Data through the Tapp.so Technology (For Our Customers’ End Users)

We provide deep linking, analytics, and attribution services to our Customers (mobile app providers). In connection with these Services, we process certain data from the users of our Customers’ mobile apps (“End Users”) upon instruction from our Customers. Our Customer is the data controller for this data; Tapp.so is the data processor.

The Tapp.so SDK and APIs (collectively the “Tapp.so Technology”) may process some of the following data from an End User:

• IP address
• Mobile identifiers such as the ID for Advertising for iOS (IDFA), Google Advertising ID, or similar mobile identifiers.
• User Agent (device type, operating system version, etc.).
• Timestamp of the installation and first opening of an app on the End User’s mobile device.
• Data about the End User’s interactions within the Customer’s app (e.g., in-app purchases, registration), as configured by our Customer.
• Information regarding which advertisements an End User has seen or clicked on.

We use this data solely on behalf of our Customers to provide our Services, allowing them to measure their marketing performance, attribute app installs to specific campaigns, and understand how End Users engage with their apps. We do not combine this data with any other data that would enable us to personally identify End Users.

5. Data Security and Retention

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

We store your data:

• If you have consented to the processing, at the latest until you withdraw your consent.
• If we need the data to carry out a contract, for as long as the contractual relationship with you exists or statutory retention periods are running.
• If we use the data on the basis of a legitimate interest, for as long as your interest in deletion or anonymization does not prevail.

6. International Data Transfers

If personal data is transferred to countries outside the United Kingdom or the European Economic Area, we will only transfer it to third countries where an adequate level of protection has been confirmed or where we can ensure the careful handling of personal data by means of contractual agreements (such as Standard Contractual Clauses) or other suitable guarantees.

7. Your Rights According to GDPR and UK GDPR

As the data subject, you have the right of access, rectification, erasure, restriction of processing, objection to processing, and the right to data portability. Furthermore, you have the right to lodge a complaint with a supervisory authority.

If you have given consent to the processing of your data, you can withdraw this consent at any time by sending an email to legal@tapp.so. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. The date the privacy policy was last revised is identified at the top of the page.