PDP Version 1.0 (05.10.2017)
This Privacy and Data Policy, effective May 10, 2017, explains what data Tapyness (we/us) will collect from you, how we will store your data, how we may use your data, and how we may share your data.
By clicking or tapping on the button below, you affirm: 1) that you have read this Privacy and Data Policy fully, 2) that you have understood this Privacy and Data Policy fully, and 3) that you agree to this Privacy and Data Policy.
If you will be using Tapyness’ Services on behalf of an organization, you agree to this Privacy and Data Policy on behalf of that organization, and you warrant that you have the authority to do so. In such case, “you” and “your” will refer to that organization.
1. Data that we collect directly from you:
1.1. Registration data. When you register for a Tapyness account, we collect your name, your physical address, the owner’s or manager’s name (if the account is in the name of an organization), your telephone number, and your email address.
1.2. Billing data. If you make a payment to Tapyness, we require you to provide your billing details, such as your name, your telephone number, your billing address, your email address, the name appearing on your credit card, your credit card number, your credit card expiration date, and your credit card security code.
1.3. Other data. We may collect personal information or data if you submit it to us in other contexts (for example, if you provide us with a testimonial or participate in the Tapyness website forums).
2. Data that we collect from your devices:
2.1. Device data. From the device(s) (such as a kiosk) and application that you use to display and access our services, we collect data such as your IP address(es), your operating system(s) and version(s), your device type(s), system and performance data, and your browser type(s). We may also collect geographic location data based on your IP address or other location data. Notice to California residents: We do not block third-party behavioral tracking on our website, and we do not honor or respond to “Do-Not-Track” (“DNT”) signals or requests.
2.2. Feedback data. Tapyness collects the data that users (for example, your customers) input to your kiosk(s).
3. How we use the data that we collect:
3.1. To provide you with our services. This includes providing you with customer support, which requires us to access your data to assist you (for example, with kiosk design/configuration or troubleshooting).
3.2. To monitor, maintain, improve, and market our services and features. We internally perform statistical and other analyses on data that we collect (including usage data, device data, referral data, and question and response data) to analyze and measure customer/audience behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services. We may also use your data to keep our services secure and operational (such as for troubleshooting and testing purposes), for service improvement, and for marketing of our services and features.
3.3. To contact you about your service or account. We occasionally send you communications of a transactional nature (for example, a welcome email when you register your account, service-related announcements, billing statements, and notices of changes to our services or policies). You can’t opt out of these communications since they are required to provide our services to you.
3.4. To enforce our Terms of Service. We may use your data to ensure that you are using our services in compliance with our Terms of Service.
3.5. To prevent, investigate, and stop potentially illegal activities. We may use your data to ensure that you are using our services in compliance with the law.
3.6. To report statistics to our users. We report statistics about de-identified, aggregated data to our users. For example, we may report the average percentage of “excellent” ratings that customers input to kiosks operated by our users in your industry so that you and other users can compare your percentages of “excellent” ratings to the industry average.
3.7. To create new services, features, or content. We may use your data internally to create and provide new services, features, or content.
4. With whom we share the data that we collect:
4.1. Our service providers. We use service providers who help us to provide you with our services. We give relevant persons working for some of these providers access to your data, but we also implement contractual and technical protections to ensure that the confidentiality of certain data is maintained, is used only for the provision of services to us, and is handled in accordance with this Privacy and Data Policy. Examples of such service providers include payment processors (banks and credit-card companies), web hosting service providers, email service providers, web traffic analytics providers, and providers of accounting and legal services.
4.2. Billing contacts. If the billing contact data listed for your account differs from your registration contact data, we may disclose your registration contact data to the listed billing contact upon the listed billing contact’s request. By agreeing to this Privacy and Data Policy and/or by using our services, you consent to this disclosure.
4.3. Your organization. If the email address under which you have registered your account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses Tapyness and to assist the organization with its enterprise accounts.
4.4. Third parties of your choosing. For example, we make it possible for you to use our services together with social media and other applications by giving you the option to export your data to, and collect data from, third-party applications, including social media platforms. Such data may then be accessible to the individuals or organizations responsible for operating and maintaining such third-party applications and may even be accessible to other users of those third-party applications. We do not own or operate the other applications with which you connect, so you should review the privacy policies and statements of such applications to ensure that you are comfortable with the ways in which they use any data exchanged with them.
4.5. Other third parties of our choosing. We may share your data with third parties of our choosing to improve or promote our services or to allow those third parties to market products or services to you if: 1) you have consented to such disclosure, or 2) we have de-identified your data and aggregated it with data from other users (in the latter case, no individual user can reasonably be identified or linked to any part of the data that we share with third parties). We may also share your data with third parties of our choosing if we deem it necessary for the assertion of our legal rights (for example, to initiate, to respond to, or to participate in a legal process or proceeding), for the collection moneys owed to or by us, to report suspected violations of the law, to assist law enforcement, for your safety, or for the safety of others.
4.6. Third parties as required/permitted by law. We may share your data with third parties to comply with the law (for example, pursuant to a court order or subpoena).
4.7. Acquiring owner(s) or successor entity(ies). If ownership of our business changes hands, or if we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between entities, we will share your data with the acquiring owner(s) or successor entity(ies) so that they can continue to provide services to you. If required, we will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with applicable laws.
5. How we store and secure the data that we collect:
5.1. Duration. We store our users’ data indefinitely, but we undertake no obligation to store it forever. We may delete any data provided to us by a user in violation of our Terms of Service without notice to such user. If we decide to delete a user’s data for a reason other than a violation of our Terms of Service, we will endeavor, as we deem commercially reasonable, to give that user advance notice sufficient to allow the user to download such data if the user so desires.
5.2. Physical security. We safeguard your data in high-performance, world-class data centers which employ industry-standard physical security controls, round-the-clock monitoring, cameras, visitor logs, and identity verification prior to entry.
5.3. Digital security. We safeguard your data using the following protocols:
Authentication: User data in our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on.
Password strength: User passwords have minimum complexity requirements and are individually salted and hashed.
Encryption: Certain sensitive user data, such as credit-card details and account passwords, are stored in an encrypted format.
Portability: Authenticated users are able to download their data from our systems in a variety of formats so that they can back it up or use it with other applications at their discretion.
5.4. Network security. We safeguard our network using the following protocols:
Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and are subject to functional and security testing prior to deployment to active production systems.
Firewalls: Firewalls restrict access to all ports as we deem commercially reasonable.
Access control: Secure VPN, 2FA (two-factor authentication), and role-based access are enforced for systems management by authorized Tapyness staff.
Logging: Central logging systems capture and archive all internal systems accesses.
Encryption in Transit: By default, our kiosk data collectors have Transport Layer Security (TLS) enabled to encrypt respondent traffic. All other communications with the Tapyness website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
5.5. Vulnerability management. Despite our best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, we manage and endeavor to minimize vulnerabilities using the following protocols:
Patching: The latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
Third-party scans: Our environments are scanned using security tools which are configured to perform application and network vulnerability assessments, testing for patch status and basic misconfigurations of systems and sites.
Notification: If Tapyness learns of a security breach, we will notify affected users by email or by posting a notice on our website so that they can take appropriate protective steps.
5.6. Availability. We make our users’ data available using the following protocols:
Connectivity: We use fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
Power: Our servers have redundant internal and external power supplies. Data centers have backup power supplies and are able to draw power from the substations on the grid, from diesel generators, and from backup batteries.
Uptime: We engage continuous uptime monitoring with immediate escalation to the Tapyness staff for any downtime.
Failover: Our database is replicated in real-time and can failover in less than an hour.
Backup Frequency: Backups occur daily.
6. Your rights regarding your data:
6.1. Access and correction. As an account holder, you may access and correct your registration and billing data by visiting your My Profile page.
6.2. Download and backup. Depending on what subscription plan you have, we provide you with the ability to export, share, and publish the feedback data that we collect from your kiosk(s).
6.3. Revocation of consent. If you have given us your consent to share your data with third parties to improve or promote our services or to allow those third parties to market products or services to you, you may later revoke your consent. If, however, you wish to stop receiving communications from a third party with which we shared your data with your consent, you will need to contact that third party directly.
6.4. Obtain identities of certain third parties. You may write to Tapyness, LLC at 730 New Hampshire Street, Suite 3F, Lawrence, KS, 66044, USA to request the identity(ies) of any third party(ies) with whom we have shared your data in a way that makes you identifiable to such third party(ies).
6.5. Delete account. To request the deletion of your account and data associated with it, you may email Tapyness, LLC at firstname.lastname@example.org. We will respond to any such request within the period of time deemed commercially reasonable by us or within the period of time required by law (if applicable), whichever is shorter. We generally will honor requests to delete account data except requests that: 1) are not commercially practicable, as determined by us, 2) refer to data which we know or believe is likely to be at issue in a legal process or proceeding, or 3) refer to data which is required by law to be retained (in which case we will block access to such data if required by law).
7. Your responsibilities regarding your data:
7.1. Safeguard your password. Maintain the security of your account by storing your password safely.
7.2. Comply with Terms of Service. Comply with our Terms of Service whenever you transmit data to us.
7.3. Notify us. If you believe that your account has been compromised in any way, notify us immediately at email@example.com.
8. Privacy and Data Policy changes:
8.1. When. We may change this Privacy and Data Policy at any time.
8.2. Notice. We will notify you of any change(s) to this Privacy and Data Policy by publishing the change(s) on the Tapyness website, www.tapyness.com. If we determine the changes are material, we will provide you with additional, conspicuous notice as we deem appropriate under the circumstances, such as via email or in another manner which we deem to be commercially reasonable to notify you.
8.3. Continued use constitutes agreement. If, after we have sent, published, or posted notice of any change(s) to this Privacy and Data Policy, you continue to use our services beyond the effective date of the change(s), your continued use shall constitute your agreement to the change(s).