π Table of Contents
1. Introduction
Welcome to TownTap! This Privacy Policy explains how Town Tap LLC ("TownTap," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our mobile application and related services (collectively, the "Service").
By using TownTap, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.
β‘ Key Points:
- We share anonymized behavioral data with businesses you visit
- Your personal identity (name, email, address) is protected by default
- You can opt-out of data sharing at any time
- You earn bonus points for optionally sharing your identity
2. Information We Collect
We collect several types of information to provide and improve our Service.
2.1 Information You Provide Directly
Account Information
- Email address (required for account creation)
- Name (optional, but required for personalized features)
- Profile photo (optional)
- Date of birth (for age verification)
- Phone number (optional, for notifications)
User-Generated Content
- Restaurant reviews and ratings
- Photos of food and dining experiences
- Comments and responses
- Profile preferences (cuisine types, dietary restrictions)
Payment Information
- Note: We do not store credit card numbers or banking information
- Payment processing is handled by third-party providers (Stripe, Apple Pay, Google Pay)
- We receive transaction confirmations and subscription status
2.2 Information Collected Automatically
Location Data
- Precise location (GPS coordinates) when you check in at restaurants
- Approximate location (city/region) for showing nearby restaurants
- Location services can be disabled, but some features will be limited
Device Information
- Device type and model (iPhone 15, Samsung Galaxy S24, etc.)
- Operating system and version (iOS 18, Android 14, etc.)
- Unique device identifiers (IDFA, Advertising ID)
- IP address
- Browser type and version (for web access)
Usage Data
- Features you use and pages you view
- Time spent on different sections of the app
- Search queries and filters
- Restaurants viewed and visited
- Points earned and redeemed
- App crashes and errors (for debugging)
2.3 Information from Third Parties
- Social Media: If you sign in with Apple, Google, or Facebook, we receive basic profile information
- Business Partners: Restaurants may provide transaction data for points calculation
- Analytics Providers: We use Firebase Analytics and Google Analytics for app performance
3. How We Use Your Information
We use your information for the following purposes:
3.1 Core Service Delivery
- β Create and manage your account
- β Process check-ins and award points
- β Show nearby restaurants based on your location
- β Enable restaurant reviews and social features
- β Process payments and manage subscriptions
- β Send transactional emails (account confirmation, password resets)
3.2 Personalization & Recommendations
- π― Recommend restaurants based on your preferences and history
- π― Suggest menu items you might like
- π― Show relevant offers and promotions
- π― Customize your app experience
3.3 Analytics & Improvement
- π Analyze app usage to improve features
- π Monitor performance and fix bugs
- π Conduct A/B testing for new features
- π Understand user engagement and retention
3.4 Communication
- π§ Send promotional emails (with your consent)
- π§ Notify you of new offers from restaurants you follow
- π§ Send important service updates
- π§ Respond to your inquiries and support requests
3.5 Legal & Safety
- βοΈ Prevent fraud and abuse
- βοΈ Enforce our Terms of Service
- βοΈ Comply with legal obligations
- βοΈ Protect user safety and rights
4. Data Sharing with Businesses
This is the most important section of our Privacy Policy. Please read carefully.
π Important Notice: By using TownTap, you agree that we may share anonymized behavioral data with businesses you visit. This is a core part of our service that helps businesses improve and helps you earn rewards.
4.1 What Data IS Shared (Anonymized)
We share the following data WITH BUSINESSES, but WITHOUT your personal identity:
| Data Type | What Businesses See | Purpose |
|---|---|---|
| Visit Frequency | Number of visits, dates, times | Identify regular customers |
| Spending Patterns | Total spent, average order value | Customer value analysis |
| Menu Preferences | Items ordered, frequency | Menu optimization |
| Engagement | Reviews, photos, check-ins | Customer engagement metrics |
| Loyalty Tier | New, Regular, VIP customer status | Reward program targeting |
4.2 What Data is NEVER Shared
The following information is ALWAYS protected unless you explicitly opt-in:
π Personal Identity
- Full name
- Email address
- Phone number
- Profile photo
π Location Data
- Home address
- Work address
- Precise GPS coordinates
- Travel patterns
π Financial Data
- Credit card numbers
- Bank account info
- Payment methods
- Billing address
π Sensitive Info
- Medical conditions
- Dietary restrictions (medical)
- Social Security Number
- Private messages
4.3 Optional Identity Sharing (Earn Rewards!)
You can choose to share your identity with specific businesses to receive:
- π Personalized service - Staff can greet you by name
- π Exclusive offers - Targeted promotions via email
- π Birthday rewards - Special treats on your birthday
- π Bonus points - 200 points for name, 200 for email (400 total!)
β¨ Earn Bonus Points:
- Share your name β Get 200 bonus points (one-time)
- Share your email β Get 200 bonus points (one-time)
- Total possible bonus: 400 points!
Enable in Settings β Privacy β Share My Identity
4.4 How Businesses Access Data
- π Businesses with paid subscriptions can view aggregated analytics
- π Each business can only see data from their own customers
- π Cross-business data sharing is strictly prohibited
- π Raw data is never downloadable - only through secure dashboards
5. Your Privacy Rights
You have full control over your data. Here are your rights:
5.1 Access & Portability
- View Your Data: See all data we have about you in Settings β Privacy β My Data
- Download Your Data: Export all your data in JSON format (machine-readable)
- Transfer Your Data: Move your data to another service (data portability)
5.2 Correction & Deletion
- Update Information: Edit your profile, preferences, and settings anytime
- Delete Your Account: Request permanent deletion in Settings β Privacy β Delete Account
- Deletion Timeline: Account deleted within 30 days (some data retained for legal compliance)
5.3 Consent & Control
- Opt-Out of Analytics: Turn off "Anonymous Analytics" in Settings β Privacy
- Opt-Out of Marketing: Unsubscribe from promotional emails via email links or app settings
- Disable Location: Turn off location services (some features will be limited)
- Revoke Permissions: Withdraw consent for camera, contacts, notifications in device settings
5.4 Specific Regional Rights
πͺπΊ GDPR Rights (European Union)
- Right to access your personal data
- Right to rectification (correction)
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
πΊπΈ CCPA Rights (California Residents)
- Right to know what personal information is collected
- Right to know if personal information is sold or shared
- Right to opt-out of the sale of personal information
- Right to deletion
- Right to non-discrimination for exercising CCPA rights
π¨π¦ PIPEDA Rights (Canada)
- Right to access personal information
- Right to challenge accuracy
- Right to withdraw consent
π§ Exercise Your Rights: Contact privacy@towntap.com to exercise any of these rights. We will respond within 30 days (GDPR) or 45 days (CCPA).
6. Data Protection & Security
We take data security seriously and implement industry-standard measures to protect your information.
6.1 Technical Security Measures
- π Encryption in Transit: All data encrypted with TLS 1.3 (HTTPS)
- π Encryption at Rest: All databases encrypted using AES-256
- π Secure Cloud Infrastructure: Hosted on Google Cloud Platform / Firebase with enterprise security
- π Password Security: Passwords hashed with bcrypt (industry standard)
- π Access Controls: Role-based access control (RBAC) for internal staff
- π Regular Security Audits: Quarterly penetration testing and vulnerability scans
6.2 Organizational Measures
- π₯ Limited Staff Access: Only authorized personnel can access user data
- π₯ Confidentiality Agreements: All employees sign NDAs
- π₯ Security Training: Regular security awareness training for staff
- π₯ Incident Response Plan: Procedures for data breach notification
6.3 Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion | Service delivery |
| Transaction History | 7 years | Tax & accounting compliance |
| Check-in History | 1 year after last activity | Analytics & rewards |
| Reviews & Photos | Until deleted by user | Public content |
| Usage Analytics | 26 months | Google Analytics default |
| Support Tickets | 3 years | Quality assurance |
6.4 Data Breach Notification
In the unlikely event of a data breach, we will:
- π§ Notify affected users within 72 hours (GDPR requirement)
- π§ Notify relevant authorities as required by law
- π§ Provide details on what data was affected
- π§ Offer guidance on protective measures you can take
7. Third-Party Services
We use trusted third-party services to deliver our Service. These partners have access to limited data as necessary to perform their functions.
7.1 Service Providers
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google Firebase | Backend, database, hosting | All app data | Link |
| Stripe | Payment processing | Payment info | Link |
| Sentry | Error tracking | Device info, errors | Link |
| Google Analytics | Usage analytics | Usage data | Link |
| Apple Push Notifications | iOS notifications | Device token | Link |
| Google Cloud Messaging | Android notifications | Device token | Link |
7.2 Advertising & Analytics
We do NOT currently use third-party advertising networks. If this changes in the future, we will update this policy and notify you.
7.3 Social Media Integration
If you connect your social media accounts:
- We receive basic profile information (name, email, profile picture)
- You can disconnect social accounts at any time
- Social media platforms have their own privacy policies
8. Children's Privacy
TownTap is NOT intended for children under 13 years of age. We comply with the Children's Online Privacy Protection Act (COPPA).
- π« We do not knowingly collect personal information from children under 13
- π« If we discover we have collected data from a child under 13, we will delete it immediately
- π« Parents can contact us at privacy@towntap.com if they believe their child's data was collected
- β Age verification is required during account creation
Parents & Guardians: If you believe your child (under 13) has created an account, please contact us immediately at privacy@towntap.com and we will delete the account within 72 hours.
9. International Users
TownTap is operated in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States.
9.1 Data Transfers
- π EU/EEA Users: Data transfers comply with GDPR using Standard Contractual Clauses (SCCs)
- π UK Users: Data transfers comply with UK GDPR and UK Addendum to SCCs
- π Swiss Users: Data transfers comply with Swiss Federal Data Protection Act (FADP)
- π All Users: We use cloud providers with global data center networks for optimal performance
9.2 Your Data Protection Rights
Regardless of your location, you have the rights outlined in Section 5 of this Privacy Policy.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
How We Notify You of Changes
- π§ Material Changes: We will email you at least 30 days before changes take effect
- π± In-App Notification: A banner will appear when you open the app
- π Update Date: The "Last Updated" date at the top will be changed
- π’ Version Number: The version number will increment
Your Acceptance
Continued use of TownTap after changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with changes, you may delete your account.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data:
π§ Email Support
General Privacy Questions:
privacy@towntap.com
Data Deletion Requests:
privacy@towntap.com
Legal Inquiries:
legal@towntap.com
π Phone Support
Phone:
(440) 477-0747
Hours:
Monday - Friday
9:00 AM - 5:00 PM EST
βοΈ Postal Mail
Privacy Team
Town Tap LLC
690 Glen Eden Court
Aurora, OH 44202
United States
β±οΈ Response Time
We aim to respond to all privacy inquiries within:
- Email: 24-48 hours
- Phone: Immediate
- Mail: 7-10 business days
Data Protection Officer (DPO)
For EU/EEA users, our Data Protection Officer can be reached at:
Email: dpo@towntap.com
Supervisory Authority
EU/EEA users have the right to lodge a complaint with their local data protection authority. A list of EU data protection authorities can be found here.
β Summary - What You Need to Know
- π We share anonymous visit data (patterns, spending, orders) with businesses
- π Your personal identity (name, email, address) stays private by default
- π Optional: Share your identity to earn 400 bonus points and get personalized service
- ποΈ Full control: Opt-out of analytics anytime in Settings
- ποΈ Delete anytime: Request account deletion with 30-day processing
- π Secure: Military-grade encryption and industry-standard security
- βοΈ Compliant: GDPR, CCPA, COPPA, and PIPEDA compliant
Questions? Contact us at privacy@towntap.com