Privacy Policy

Who we are

Tapi provides booking software for professional studios such as salons, barbers, wellness rooms, beauty rooms and tattoo studios.

Privacy and data protection requests should be sent to [email protected]. Account and product support requests should be sent to [email protected]. General business messages can be sent to [email protected].

Our GDPR roles

Tapi acts as a controller for studio owner account data, authentication data, billing data, support messages and product security logs.

Tapi acts as a processor for customer booking data that a studio collects through its public booking page. The studio remains the controller for its customer relationship.

Data we process

• Studio account data, including name, email address, authentication identifiers and login activity.
• Studio profile data, including business name, public booking URL, address, opening hours, services, team members, prices, images and booking settings.
• Booking data, including customer name, email address, selected service, team member, date, time, booking status and booking notes.
• Billing data for studio subscriptions, including plan, billing email, billing address, tax identifiers, payment status and payment provider identifiers.
• Technical data, including server logs, security events, IP address, request metadata and device or browser metadata needed to operate and protect the service.

Why we process data

• To create, secure and manage studio accounts.
• To publish booking pages and process booking requests.
• To send transactional emails, including booking confirmations, cancellations and password reset emails.
• To bill studio subscriptions and prevent fraud or abuse.
• To maintain and improve the service.
• To meet legal, accounting and tax obligations.

Legal bases

• Contract, where processing is needed to provide Tapi to studios and manage subscriptions.
• Legitimate interests, including service security, abuse prevention, operational logs and product improvement.
• Legal obligation, where records are needed for accounting, tax, compliance or legal requests.
• Consent, where optional marketing emails or non-essential cookies are enabled.

Processors and hosting

Tapi is designed for EU data residency. The application and primary service infrastructure are hosted on EU infrastructure operated by Hetzner.

Cloudflare is used for DNS, security, DDoS protection and traffic filtering. When Cloudflare proxy features are enabled, Cloudflare may process IP addresses, request metadata, URLs, headers and security cookies to protect and deliver the service.

Resend is used to send transactional emails such as booking confirmations, cancellations, reports and account emails. Stripe is used for subscription checkout, billing, tax calculation, invoices and payment processing.

Studio customers pay the studio directly unless Tapi offers a separate online appointment payment feature under separate terms.

Retention

• Studio account and profile data is kept while the account is active.
• Booking data is kept while needed by the studio to manage appointments, unless deletion is requested or required earlier.
• Billing, tax and accounting records are retained for the legally required period.
• Security and server logs are kept only as long as needed for reliability, security and abuse prevention.

Your rights

Depending on the situation, you may request access, correction, deletion, restriction, portability or objection. You may also withdraw consent where processing is based on consent.

If you are a studio customer, Tapi may forward your request to the studio because the studio controls the booking relationship.

International transfers

Tapi keeps the main service infrastructure in the EU. Some service providers, including email, payment and security providers, may process data outside the EU. Where required, Tapi relies on data processing terms, Standard Contractual Clauses and other lawful transfer safeguards.

Subprocessors

• Hetzner: EU hosting infrastructure.
• Cloudflare: DNS, security, DDoS protection and traffic filtering.
• Resend: transactional email delivery.
• Stripe: subscription checkout, payment processing, invoices and tax calculation.

Contact

For privacy requests, contact [email protected]. For account support, contact [email protected].