Skip to main content
TapStellar

Privacy Policy

Last updated: 2026-05-03. This is a pre-launch draft and may change before public release; we will notify registered users of material changes by email.

Who we are

TapStellar is operated by Quantum AI WebApps Digital LLC ("TapStellar", "we", "us"). For UK + EU residents, our representative for data-protection matters is reachable at privacy@tapstellar.com.

What we collect

  • Account data: name, email, account workspace name, plan tier, billing status (we never see your card; Stripe holds those details).
  • Establishment data: business name, address, phone, website, Google Business Profile metadata, and Google reviews syned from the GBP API. Reviews are public data on Google; we cache them for the dashboard + AI reply features.
  • NFC plate data: activation codes, public slugs, scan timestamps, anonymised device class (mobile / tablet / desktop) and country derived from IP.
  • Operational telemetry: server logs include IP address, request path, response status, user-agent. Held for 30 days; never sold or shared with third parties.

What we do with it

  • Run the service you signed up for (sync reviews, generate AI replies, post replies to Google on your behalf).
  • Bill you and detect payment fraud (via Stripe).
  • Send you transactional email (welcome, magic-link, urgent-review alerts, weekly digest, billing). We do not market via email; you cannot "unsubscribe" from transactional mail without closing your account.
  • Aggregate usage statistics for our own product analytics (anonymised; no per-user export to third-party analytics).

Subprocessors

Our complete current list lives at tapstellar.com/legal/subprocessors. We notify customers by email when adding a new subprocessor; you may object within 14 days of notice.

Where your data lives

Primary data resides in Supabase (Postgres) in the EU region for UK + EU customers and the US region for US customers. Stripe processes EU payments through their EU entity, US payments through their US entity. Anthropic processes AI requests in the US (Claude API); Anthropic does not train on customer inputs by default for API tier customers per their terms. Resend processes email delivery in the US.

Your rights (UK GDPR / EU GDPR / CCPA)

  • Access + portability: export every row TapStellar holds about you and your workspace from Settings → Data.
  • Erasure: request account deletion from Settings → Data. Soft- deleted immediately; hard-deleted after a 30-day grace window that lets you cancel the request. Audit log entries referencing your user id are retained anonymised for 12 months for security forensics.
  • Rectification + restriction: the dashboard lets you edit every customer-facing field. For anything else, email privacy@tapstellar.com.
  • Lodge a complaint: with the UK ICO (ico.org.uk), an EU lead supervisory authority, or your state AG (US).

Reviews + GBP data

Google reviews are public data on Google. We hold reviewer names, review bodies, and ratings only for the establishments you have connected to your TapStellar workspace. We never use review content to train AI models. Reviewers can request removal directly from Google; if Google removes a review, our next 15-minute sync removes it from your dashboard too.

Children

TapStellar is a B2B service for business owners. We do not knowingly collect data from anyone under 16 (UK / EU) or 13 (US). If you believe we have collected data from a minor, contact privacy@tapstellar.com.

Contact

Questions: privacy@tapstellar.com. Postal: Quantum AI WebApps Digital LLC, address registered with Companies House (UK) — we will share on request.