Data Processing Agreement (DPA)
Last updated: July 1st, 2025
This Data Processing Agreement ("DPA") is concluded between taap.it Inc., a company registered in the State of Delaware, USA ("taap.it", "we"), and any customer ("you", "the Data Controller") using our services.
It complements our Terms of Use and applies whenever we process personal data on your behalf.
1. Purpose and scope
This agreement governs the processing of personal data carried out by taap.it as a data processor on your behalf, in the context of using our services: creating short links, QR codes, link pages, click statistics, and associated functionalities.
2. Nature of data processed
taap.it may process the following categories of personal data:
Email address, name, phone number
IP address, location (continent, country, city)
Technical data (browser, OS, device)
Usage data (clicks, QR scans, page views, links created, traffic sources)
Other information voluntarily transmitted by the user
No sensitive data within the meaning of GDPR is intentionally collected.
3. Authorized sub-processors
You authorize taap.it to use the following sub-processors:
Stripe (payments)
PlanetScale (database)
Vercel (frontend hosting)
Resend (transactional emails)
Google Analytics (navigation statistics)
Notion (internal organization)
Discord (support & community)
taap.it ensures that each sub-processor respects confidentiality and security commitments in accordance with this DPA.
4. Instructions and responsibilities
taap.it only processes personal data according to your documented instructions, except when required by law.
You are solely responsible for the lawfulness, purpose and accuracy of data collected through our service.
5. Transfers outside the EU
If data originates from the European Economic Area (EEA), taap.it guarantees an adequate level of protection by applying:
Hosting located in the United States
Standard Contractual Clauses (SCCs) validated by the European Commission
6. Security measures
taap.it applies appropriate technical and organizational measures (encryption, access control, monitoring, etc.) to ensure the security of processed data.
7. Rights of data subjects
taap.it helps you, within reasonable limits, to respond to requests from your end users regarding:
Access to their data
Their rectification or deletion
Their portability
Opposition to processing
Any request must be the subject of written instructions from you.
8. Data retention and deletion
Data is retained as long as necessary to provide the service.
After account closure, data is deleted within a reasonable time, except for legal obligations.
9. Deletion & portability on request
Upon written request, taap.it undertakes to:
Provide a copy of personal data in a readable format
Permanently delete data, unless a law requires their retention
10. Audits
taap.it reserves the right to refuse audits, unless they are expressly required by a competent authority.
In case of legal obligation, taap.it will cooperate reasonably, remotely and with notice.
11. Incident notification
In case of personal data breach, taap.it will inform you without excessive delay and provide you with the elements necessary for your legal obligations.
12. Applicable law
This DPA is governed:
By GDPR, for customers located in the European Union
By the laws of the State of Delaware (USA), in other cases
13. DPA modifications
taap.it may update this DPA in case of legal or operational evolution. A notification will be sent in case of substantial change.
14. Contact
For any questions concerning this DPA, you can contact us at:
hello@taap.it
By continuing to use taap.it, you acknowledge that you have read, understood and accepted the terms of this Data Processing Agreement.
We build taap.it with you.
Our vision is public. The roadmap is here.
Features
Build in public company 👀