Privacy Policy

How we handle your data — clearly and honestly.

Last updated: April 13, 2026

TapoWise ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.

What Data We Collect

When you create an account, we collect your email address and display name. If you subscribe to TwiceSync, we also process payment information through Stripe — we never store your card details directly.

When you use TwiceSync, we store encrypted vault data (notes, attachments, and metadata) on Cloudflare R2 storage. This data is end-to-end encrypted — we cannot read your content.

We collect basic usage analytics (page views, feature usage) to improve the product. We do not track your note content or personal knowledge.

How We Use Your Data

  • Account management and authentication
  • Processing payments and managing subscriptions via Stripe
  • Synchronizing your encrypted vault across devices (TwiceSync)
  • Sending essential service communications (password resets, billing updates)
  • Improving our product based on aggregated, anonymized usage patterns

Data Storage & Security

Your account data is stored in Supabase (hosted in the EU). Encrypted vault files are stored on Cloudflare R2 with global edge distribution.

All vault data synced through TwiceSync is end-to-end encrypted using keys derived from your password. We operate on a zero-knowledge architecture — our servers only store encrypted blobs.

All connections are encrypted in transit via TLS. Data at rest is encrypted with AES-256.

Third-Party Services

We use the following third-party services to operate TapoWise:

  • Stripe — payment processing
  • Supabase — authentication and account database
  • Cloudflare R2 — encrypted vault storage
  • Sentry — error tracking and performance monitoring

Each service processes only the minimum data required for its function. We do not sell or share your data with advertisers or data brokers.

Data Retention

Your account data is retained as long as your account is active. If you delete your account, we remove your personal data and encrypted vault files within 30 days.

Payment records are retained as required by law (typically 7 years for tax purposes).

Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, contact us at privacy@tapowise.com.

Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the application.

Contact

If you have questions about this privacy policy, contact us at privacy@tapowise.com.