See how Tap are redefining small businesses management

Legal

Privacy Policy

Last updated June 1, 2026

At Tap, we know HR data is sensitive. This policy describes, in plain language, what we collect and how we handle it — for visitors to our website and for the organizations and employees who use our platform.

Introduction

Tap (“Tap,” “we,” “us,” or “our”) provides an AI-powered HR information system (HRIS) that helps organizations manage attendance, leave, approvals, and company knowledge through a built-in AI assistant. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our website and platform (together, the “Services”).

We play two roles. For information we collect directly from website visitors and account administrators, we act as a data controller. For the employee and organization data our customers upload, the customer is the controller and we act as a data processor, handling that data on their instructions. We note this distinction where it matters below.

Information we collect

We collect the following categories of information:

  • Account information — your name, work email, company name, and role when you create or administer an account.
  • Organization and employee data — profiles, attendance records, leave and overtime requests, schedules, and organization structure uploaded by a customer.
  • Knowledge content — the SOPs, policies, and documents you add to power the AI assistant.
  • Usage data — log data, device and browser details, and how you interact with features, used to operate and improve the Services.
  • Communications — messages you send us through forms, email, or support channels.
  • Cookies and similar technologies — see the Cookies section below.

How we use your information

We use personal information to:

  • Provide, operate, and maintain the Services.
  • Power the AI assistant so it can answer questions from your organization’s own knowledge.
  • Authenticate users and keep accounts secure.
  • Provide customer support and respond to your requests.
  • Improve existing features and develop new ones.
  • Send service-related messages and, where you have opted in, occasional product updates.
  • Comply with legal obligations and enforce our terms.

The AI assistant and your data

Tap’s AI assistant answers questions using the knowledge your organization provides — your SOPs, policies, and records. Answers are generated from your own content and scoped to your organization. Your content is not shared with, or made visible to, other customers.

We do not use your private organization content or employee data to train shared or third-party foundation models. To generate answers, we may send only the content relevant to a request to trusted AI infrastructure providers, who are bound by contractual confidentiality and security obligations and are not permitted to train their models on your content.

We may use aggregated and de-identified information — which cannot reasonably be used to identify you or your organization — to understand usage and improve the Services.

How we share information

We do not sell your personal information. We share information only in these limited circumstances:

  • Service providers and sub-processors — cloud hosting, AI infrastructure, analytics, and email providers who process data on our behalf under data-processing agreements.
  • Within your organization — administrators and managers may access data according to their role-based permissions.
  • Legal and safety — when required by law, regulation, legal process, or to protect rights, safety, and security.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required.

Data retention

We retain personal information for as long as your account is active or as needed to provide the Services. Customer-controlled data is retained according to the customer’s instructions and is deleted or returned on request or after account closure, subject to any retention we are legally required to maintain.

How we protect your data

We use safeguards such as encryption in transit, access controls, and reputable cloud infrastructure to protect personal information. No method of transmission or storage is completely secure, but we work to protect your information and continuously improve our security practices.

Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent.

If your information was provided by your employer (our customer), they control that data — please direct your request to them, and we will support them in responding. To exercise rights over information we control directly, contact us using the details below.

Controller and processor roles

When you visit our website or administer an account, Tap is the data controller. When an organization uploads employee data into the platform, that organization is the controller and Tap is the processor, acting only on the customer’s documented instructions and under our data-processing terms.

International data transfers

We may process and store information in countries other than the one in which you are located. Where required, we rely on appropriate safeguards, such as standard contractual clauses, to protect personal information transferred across borders.

Cookies and tracking

Our website uses cookies and similar technologies for essential functionality, to remember your preferences, and to understand how the site is used. You can control or disable cookies through your browser settings, though some features may not work as intended without them.

Children’s privacy

The Services are intended for organizations and their workforce, not for children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, please contact us so we can remove it.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version here and update the “Last updated” date. If changes are significant, we will provide additional notice where appropriate.

Contact us

If you have questions about this Privacy Policy or how your data is handled, please reach us through our contact page. We’ll get back to you within one business day.